diff --git a/current-version.env b/current-version.env
index 2198578a0..48dd54528 100644
--- a/current-version.env
+++ b/current-version.env
@@ -1,4 +1,4 @@
-EE_VERSION=5.10.0
+EE_VERSION=5.10.1
CE_VERSION=5.9.0
EE_MINOR_VERSION=5.10
CE_MINOR_VERSION=5.9
diff --git a/hocon/hocon-ee-v5.10.1-en.json b/hocon/hocon-ee-v5.10.1-en.json
new file mode 100644
index 000000000..f71e07657
--- /dev/null
+++ b/hocon/hocon-ee-v5.10.1-en.json
@@ -0,0 +1,45980 @@
+{
+ "hash" : "T-root",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-tcp-S-mqtt_tcp_listener",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bind",
+ "text" : "bind",
+ "doc" : "IP address and port for the listening socket.",
+ "type" : "String",
+ "default" : "1883"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "The size of the listener's receiving pool.",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "- Adds a static or templated prefix (e.g., `n1/` or `${username}/`) to topics used by clients in `SUBSCRIBE` and `UNSUBSCRIBE` requests, `PUBLISH` messages, and Will Message (if supplied in the `CONNECT` packet).\n- Removes this prefix from topics of messages published to the respective subscriptions.\n\nThe supported placeholders are:\n- `${username}`\n- `${clientid}`\n- `${zone}`\n- `${client_attrs.NAME}`\n\nFor example, with `mountpoint=\"${username}/\"` a client using `u1` as username will have:\n- Client SUBSCRIBE `sensors/#` -> `u1/sensors/#` internally in the broker.\n- Broker PUBLISH `u1/sensors/data` -> `sensors/data` sent to the client.\n\nThe prefix mount/unmount is applied to:\n- Will in `CONNECT`\n- `PUBLISH`\n- `SUBSCRIBE`\n- `UNSUBSCRIBE`\n\nNote: mounting occurs **after authorization/ACL checks**.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-zone",
+ "text" : "zone",
+ "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`",
+ "type" : "String",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.",
+ "type" : "Enum(true,false,quick_deny_anonymous)",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bytes_rate",
+ "text" : "bytes_rate",
+ "doc" : "Limits the number of bytes a single client can send to the broker, per each node.\n\nOnce the limit is reached, EMQX will drop QoS 0 messages and reject QoS 1 and QoS 2 messages\nwith \"Quota Exceeded\" error code (0x97).\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be dropped/rejected.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be dropped/rejected.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bytes_burst",
+ "text" : "bytes_burst",
+ "doc" : "Number of bytes that can be sent in a burst, on top of regular `bytes_rate`.\n\nFor example: `100MB/60m`: Once every 60 minutes, up to 100 megabytes can be sent in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-messages_rate",
+ "text" : "messages_rate",
+ "doc" : "Limits the number of messages a single client can send to the broker, per each node.\n\nOnce the limit is reached, EMQX will drop QoS 0 messages and reject QoS 1 and QoS 2 messages\nwith \"Quota Exceeded\" error code (0x97).\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be dropped/rejected.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be dropped/rejected.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-messages_burst",
+ "text" : "messages_burst",
+ "doc" : "Number of messages that can be sent in a burst, on top of regular `messages_rate`, per each node.\n\nFor example: `10000/60m`: Once in 60 minutes, up to 10000 messages can be sent in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Limits how quickly this listener accepts connections, per each node.\n\nOnce the limit is reached, EMQX will automatically close any new connections right after they’re accepted, effectively draining the queue of connections waiting to be accepted.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_conn_burst",
+ "text" : "max_conn_burst",
+ "doc" : "Number of connections that can be accepted in a burst, on top of regular rate, per each node.\n\nFor example: `10000/60m`: Once every 60 minutes, up to 10000 connections can be accepted in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses. The rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[\"allow all\"]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP, this option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\n\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-parse_unit",
+ "text" : "parse_unit",
+ "doc" : "This setting specifies the level of granularity for data processed during MQTT framing, determining how frames are extracted and parsed from a byte stream:\n\n- `chunk`: Frames are processed at the transport layer packet level. This method uses raw byte chunks as the parsing unit, requiring the application logic to assemble and interpret MQTT frames. The size of each chunk non-deterministically depends on factors such as transmission speed, socket buffer size, and other kernel settings.\n- `frame`: Frames are processed as complete MQTT messages. This method ensures that only fully-formed MQTT frames are delivered to the application logic for further handling. In most of the cases, it offers better performance than the `chunk` option.\n\nNote, the choice of `parse_unit` affects the interpretation of the `active_n` setting: it defines either the number of raw byte chunks or complete MQTT messages are delivered to the connection process.",
+ "type" : "Enum(chunk,frame)",
+ "default" : "chunk"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options",
+ "text" : "tcp_options",
+ "type" : "Struct(tcp_opts)"
+ }
+ ],
+ "text" : "mqtt_tcp_listener",
+ "doc" : "Settings for the MQTT over TCP listener."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-tcp",
+ "text" : "tcp",
+ "doc" : "TCP listeners.",
+ "type" : "Map($name->OneOf(Struct(mqtt_tcp_listener),String(\"marked_for_deletion\")))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bind",
+ "text" : "bind",
+ "doc" : "IP address and port for the listening socket.",
+ "type" : "String",
+ "default" : "8883"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "The size of the listener's receiving pool.",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "- Adds a static or templated prefix (e.g., `n1/` or `${username}/`) to topics used by clients in `SUBSCRIBE` and `UNSUBSCRIBE` requests, `PUBLISH` messages, and Will Message (if supplied in the `CONNECT` packet).\n- Removes this prefix from topics of messages published to the respective subscriptions.\n\nThe supported placeholders are:\n- `${username}`\n- `${clientid}`\n- `${zone}`\n- `${client_attrs.NAME}`\n\nFor example, with `mountpoint=\"${username}/\"` a client using `u1` as username will have:\n- Client SUBSCRIBE `sensors/#` -> `u1/sensors/#` internally in the broker.\n- Broker PUBLISH `u1/sensors/data` -> `sensors/data` sent to the client.\n\nThe prefix mount/unmount is applied to:\n- Will in `CONNECT`\n- `PUBLISH`\n- `SUBSCRIBE`\n- `UNSUBSCRIBE`\n\nNote: mounting occurs **after authorization/ACL checks**.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-zone",
+ "text" : "zone",
+ "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`",
+ "type" : "String",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.",
+ "type" : "Enum(true,false,quick_deny_anonymous)",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bytes_rate",
+ "text" : "bytes_rate",
+ "doc" : "Limits the number of bytes a single client can send to the broker, per each node.\n\nOnce the limit is reached, EMQX will drop QoS 0 messages and reject QoS 1 and QoS 2 messages\nwith \"Quota Exceeded\" error code (0x97).\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be dropped/rejected.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be dropped/rejected.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bytes_burst",
+ "text" : "bytes_burst",
+ "doc" : "Number of bytes that can be sent in a burst, on top of regular `bytes_rate`.\n\nFor example: `100MB/60m`: Once every 60 minutes, up to 100 megabytes can be sent in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-messages_rate",
+ "text" : "messages_rate",
+ "doc" : "Limits the number of messages a single client can send to the broker, per each node.\n\nOnce the limit is reached, EMQX will drop QoS 0 messages and reject QoS 1 and QoS 2 messages\nwith \"Quota Exceeded\" error code (0x97).\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be dropped/rejected.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be dropped/rejected.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-messages_burst",
+ "text" : "messages_burst",
+ "doc" : "Number of messages that can be sent in a burst, on top of regular `messages_rate`, per each node.\n\nFor example: `10000/60m`: Once in 60 minutes, up to 10000 messages can be sent in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Limits how quickly this listener accepts connections, per each node.\n\nOnce the limit is reached, EMQX will automatically close any new connections right after they’re accepted, effectively draining the queue of connections waiting to be accepted.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_conn_burst",
+ "text" : "max_conn_burst",
+ "doc" : "Number of connections that can be accepted in a burst, on top of regular rate, per each node.\n\nFor example: `10000/60m`: Once every 60 minutes, up to 10000 connections can be accepted in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses. The rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[\"allow all\"]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP, this option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\n\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-parse_unit",
+ "text" : "parse_unit",
+ "doc" : "This setting specifies the level of granularity for data processed during MQTT framing, determining how frames are extracted and parsed from a byte stream:\n\n- `chunk`: Frames are processed at the transport layer packet level. This method uses raw byte chunks as the parsing unit, requiring the application logic to assemble and interpret MQTT frames. The size of each chunk non-deterministically depends on factors such as transmission speed, socket buffer size, and other kernel settings.\n- `frame`: Frames are processed as complete MQTT messages. This method ensures that only fully-formed MQTT frames are delivered to the application logic for further handling. In most of the cases, it offers better performance than the `chunk` option.\n\nNote, the choice of `parse_unit` affects the interpretation of the `active_n` setting: it defines either the number of raw byte chunks or complete MQTT messages are delivered to the connection process.",
+ "type" : "Enum(chunk,frame)",
+ "default" : "chunk"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options",
+ "text" : "tcp_options",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "URL for the OCSP responder to check the server certificate against.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "Whether to enable CRL verification for this listener.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "listener_ssl_opts",
+ "doc" : "Socket options for SSL connections."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options",
+ "text" : "ssl_options",
+ "type" : "Struct(listener_ssl_opts)"
+ }
+ ],
+ "text" : "mqtt_ssl_listener",
+ "doc" : "Settings for the MQTT over SSL listener."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ssl",
+ "text" : "ssl",
+ "doc" : "SSL listeners.",
+ "type" : "Map($name->OneOf(Struct(mqtt_ssl_listener),String(\"marked_for_deletion\")))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bind",
+ "text" : "bind",
+ "doc" : "IP address and port for the listening socket.",
+ "type" : "String",
+ "default" : "8083"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "The size of the listener's receiving pool.",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "- Adds a static or templated prefix (e.g., `n1/` or `${username}/`) to topics used by clients in `SUBSCRIBE` and `UNSUBSCRIBE` requests, `PUBLISH` messages, and Will Message (if supplied in the `CONNECT` packet).\n- Removes this prefix from topics of messages published to the respective subscriptions.\n\nThe supported placeholders are:\n- `${username}`\n- `${clientid}`\n- `${zone}`\n- `${client_attrs.NAME}`\n\nFor example, with `mountpoint=\"${username}/\"` a client using `u1` as username will have:\n- Client SUBSCRIBE `sensors/#` -> `u1/sensors/#` internally in the broker.\n- Broker PUBLISH `u1/sensors/data` -> `sensors/data` sent to the client.\n\nThe prefix mount/unmount is applied to:\n- Will in `CONNECT`\n- `PUBLISH`\n- `SUBSCRIBE`\n- `UNSUBSCRIBE`\n\nNote: mounting occurs **after authorization/ACL checks**.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-zone",
+ "text" : "zone",
+ "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`",
+ "type" : "String",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.",
+ "type" : "Enum(true,false,quick_deny_anonymous)",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bytes_rate",
+ "text" : "bytes_rate",
+ "doc" : "Limits the number of bytes a single client can send to the broker, per each node.\n\nOnce the limit is reached, EMQX will drop QoS 0 messages and reject QoS 1 and QoS 2 messages\nwith \"Quota Exceeded\" error code (0x97).\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be dropped/rejected.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be dropped/rejected.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bytes_burst",
+ "text" : "bytes_burst",
+ "doc" : "Number of bytes that can be sent in a burst, on top of regular `bytes_rate`.\n\nFor example: `100MB/60m`: Once every 60 minutes, up to 100 megabytes can be sent in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-messages_rate",
+ "text" : "messages_rate",
+ "doc" : "Limits the number of messages a single client can send to the broker, per each node.\n\nOnce the limit is reached, EMQX will drop QoS 0 messages and reject QoS 1 and QoS 2 messages\nwith \"Quota Exceeded\" error code (0x97).\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be dropped/rejected.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be dropped/rejected.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-messages_burst",
+ "text" : "messages_burst",
+ "doc" : "Number of messages that can be sent in a burst, on top of regular `messages_rate`, per each node.\n\nFor example: `10000/60m`: Once in 60 minutes, up to 10000 messages can be sent in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Limits how quickly this listener accepts connections, per each node.\n\nOnce the limit is reached, EMQX will automatically close any new connections right after they’re accepted, effectively draining the queue of connections waiting to be accepted.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_conn_burst",
+ "text" : "max_conn_burst",
+ "doc" : "Number of connections that can be accepted in a burst, on top of regular rate, per each node.\n\nFor example: `10000/60m`: Once every 60 minutes, up to 10000 connections can be accepted in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses. The rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[\"allow all\"]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP, this option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\n\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options",
+ "text" : "tcp_options",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-mqtt_path",
+ "text" : "mqtt_path",
+ "doc" : "WebSocket's MQTT protocol path. By default, the full URL for the WebSocket client to connect is:\n`ws://{host}:{port}/mqtt`.\nAppend `/[...]` to the end of the path to make EMQX accept any subpath.\nFor example, specifying `mqtt/[...]` would allow clients to connect at paths like\n`mqtt/org1` or `mqtt/group2`, etc.\n\nNOTE: An unmatched path will cause the client to be rejected immediately at the HTTP layer,\nmeaning it will not be traceable at the MQTT layer.",
+ "type" : "String",
+ "default" : "\"/mqtt\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-mqtt_piggyback",
+ "text" : "mqtt_piggyback",
+ "doc" : "Whether a WebSocket message is allowed to contain multiple MQTT packets.",
+ "type" : "Enum(single,multiple)",
+ "default" : "multiple"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-compress",
+ "text" : "compress",
+ "doc" : "If true, compress WebSocket messages using zlib.\n\nThe configuration items under deflate_opts belong to the compression-related parameter configuration.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The timeout for waiting for the WebSocket upgrade request. After the timeout, the connection will be closed.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"7200s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-max_frame_size",
+ "text" : "max_frame_size",
+ "doc" : "The maximum length of a single MQTT packet.",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-fail_if_no_subprotocol",
+ "text" : "fail_if_no_subprotocol",
+ "doc" : "If true, the server will return an error when\n the client does not carry the Sec-WebSocket-Protocol field.\n
Note: WeChat applet needs to disable this verification.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-supported_subprotocols",
+ "text" : "supported_subprotocols",
+ "doc" : "Comma-separated list of supported subprotocols.",
+ "type" : "String",
+ "default" : "\"mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-check_origin_enable",
+ "text" : "check_origin_enable",
+ "doc" : "If true, origin HTTP header will be\n validated against the list of allowed origins configured in check_origins\n parameter.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-allow_origin_absence",
+ "text" : "allow_origin_absence",
+ "doc" : "If false and check_origin_enable is\n true, the server will reject requests that don't have origin\n HTTP header.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-check_origins",
+ "text" : "check_origins",
+ "doc" : "List of allowed origins.
See check_origin_enable.",
+ "type" : "String",
+ "default" : "\"http://localhost:18083, http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-proxy_address_header",
+ "text" : "proxy_address_header",
+ "doc" : "The HTTP request header that carries the original client's IP address, EMQX will take the leftmost IP in the header as the original client's IP.\n\nThis option is typically used when EMQX is deployed behind a WebSocket proxy.",
+ "type" : "String",
+ "default" : "\"x-forwarded-for\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-proxy_port_header",
+ "text" : "proxy_port_header",
+ "doc" : "The HTTP request header that carries the original client's source port, EMQX will take the leftmost port in the header as the original client's source port.\n\nThis option is typically used when EMQX is deployed behind a WebSocket proxy.",
+ "type" : "String",
+ "default" : "\"x-forwarded-port\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-level",
+ "text" : "level",
+ "doc" : "Compression level.",
+ "type" : "Enum(none,default,best_compression,best_speed)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-mem_level",
+ "text" : "mem_level",
+ "doc" : "Specifies the size of the compression state.
\nLower values decrease memory usage per connection.",
+ "type" : "Integer(1..9)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-strategy",
+ "text" : "strategy",
+ "doc" : "Specifies the compression strategy.",
+ "type" : "Enum(default,filtered,huffman_only,rle)",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_context_takeover",
+ "text" : "server_context_takeover",
+ "doc" : "Takeover means the compression state is retained between server messages.",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_context_takeover",
+ "text" : "client_context_takeover",
+ "doc" : "Takeover means the compression state is retained between client messages.",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_max_window_bits",
+ "text" : "server_max_window_bits",
+ "doc" : "Specifies the size of the compression context for the server.",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_max_window_bits",
+ "text" : "client_max_window_bits",
+ "doc" : "Specifies the size of the compression context for the client.",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ }
+ ],
+ "text" : "deflate_opts",
+ "doc" : "Compression options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts",
+ "text" : "deflate_opts",
+ "type" : "Struct(deflate_opts)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-validate_utf8",
+ "text" : "validate_utf8",
+ "doc" : "Whether to verify that the payload of `text` and `close` frames is valid UTF-8. Disabling it can save resources and improve performance.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "ws_opts",
+ "doc" : "WebSocket listener options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket",
+ "text" : "websocket",
+ "type" : "Struct(ws_opts)"
+ }
+ ],
+ "text" : "mqtt_ws_listener",
+ "doc" : "Settings for the MQTT over WebSocket listener."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ws",
+ "text" : "ws",
+ "doc" : "HTTP websocket listeners.",
+ "type" : "Map($name->OneOf(Struct(mqtt_ws_listener),String(\"marked_for_deletion\")))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bind",
+ "text" : "bind",
+ "doc" : "IP address and port for the listening socket.",
+ "type" : "String",
+ "default" : "8084"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "The size of the listener's receiving pool.",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "- Adds a static or templated prefix (e.g., `n1/` or `${username}/`) to topics used by clients in `SUBSCRIBE` and `UNSUBSCRIBE` requests, `PUBLISH` messages, and Will Message (if supplied in the `CONNECT` packet).\n- Removes this prefix from topics of messages published to the respective subscriptions.\n\nThe supported placeholders are:\n- `${username}`\n- `${clientid}`\n- `${zone}`\n- `${client_attrs.NAME}`\n\nFor example, with `mountpoint=\"${username}/\"` a client using `u1` as username will have:\n- Client SUBSCRIBE `sensors/#` -> `u1/sensors/#` internally in the broker.\n- Broker PUBLISH `u1/sensors/data` -> `sensors/data` sent to the client.\n\nThe prefix mount/unmount is applied to:\n- Will in `CONNECT`\n- `PUBLISH`\n- `SUBSCRIBE`\n- `UNSUBSCRIBE`\n\nNote: mounting occurs **after authorization/ACL checks**.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-zone",
+ "text" : "zone",
+ "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`",
+ "type" : "String",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.",
+ "type" : "Enum(true,false,quick_deny_anonymous)",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bytes_rate",
+ "text" : "bytes_rate",
+ "doc" : "Limits the number of bytes a single client can send to the broker, per each node.\n\nOnce the limit is reached, EMQX will drop QoS 0 messages and reject QoS 1 and QoS 2 messages\nwith \"Quota Exceeded\" error code (0x97).\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be dropped/rejected.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be dropped/rejected.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bytes_burst",
+ "text" : "bytes_burst",
+ "doc" : "Number of bytes that can be sent in a burst, on top of regular `bytes_rate`.\n\nFor example: `100MB/60m`: Once every 60 minutes, up to 100 megabytes can be sent in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-messages_rate",
+ "text" : "messages_rate",
+ "doc" : "Limits the number of messages a single client can send to the broker, per each node.\n\nOnce the limit is reached, EMQX will drop QoS 0 messages and reject QoS 1 and QoS 2 messages\nwith \"Quota Exceeded\" error code (0x97).\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be dropped/rejected.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be dropped/rejected.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-messages_burst",
+ "text" : "messages_burst",
+ "doc" : "Number of messages that can be sent in a burst, on top of regular `messages_rate`, per each node.\n\nFor example: `10000/60m`: Once in 60 minutes, up to 10000 messages can be sent in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Limits how quickly this listener accepts connections, per each node.\n\nOnce the limit is reached, EMQX will automatically close any new connections right after they’re accepted, effectively draining the queue of connections waiting to be accepted.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_conn_burst",
+ "text" : "max_conn_burst",
+ "doc" : "Number of connections that can be accepted in a burst, on top of regular rate, per each node.\n\nFor example: `10000/60m`: Once every 60 minutes, up to 10000 connections can be accepted in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses. The rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[\"allow all\"]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "Enable the Proxy Protocol V1/2 if the EMQX cluster is deployed behind HAProxy or Nginx.
\nSee: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP, this option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\n\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options",
+ "text" : "tcp_options",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "listener_wss_opts",
+ "doc" : "Socket options for WebSocket/SSL connections."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options",
+ "text" : "ssl_options",
+ "type" : "Struct(listener_wss_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-mqtt_path",
+ "text" : "mqtt_path",
+ "doc" : "WebSocket's MQTT protocol path. By default, the full URL for the WebSocket client to connect is:\n`ws://{host}:{port}/mqtt`.\nAppend `/[...]` to the end of the path to make EMQX accept any subpath.\nFor example, specifying `mqtt/[...]` would allow clients to connect at paths like\n`mqtt/org1` or `mqtt/group2`, etc.\n\nNOTE: An unmatched path will cause the client to be rejected immediately at the HTTP layer,\nmeaning it will not be traceable at the MQTT layer.",
+ "type" : "String",
+ "default" : "\"/mqtt\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-mqtt_piggyback",
+ "text" : "mqtt_piggyback",
+ "doc" : "Whether a WebSocket message is allowed to contain multiple MQTT packets.",
+ "type" : "Enum(single,multiple)",
+ "default" : "multiple"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-compress",
+ "text" : "compress",
+ "doc" : "If true, compress WebSocket messages using zlib.\n\nThe configuration items under deflate_opts belong to the compression-related parameter configuration.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The timeout for waiting for the WebSocket upgrade request. After the timeout, the connection will be closed.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"7200s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-max_frame_size",
+ "text" : "max_frame_size",
+ "doc" : "The maximum length of a single MQTT packet.",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-fail_if_no_subprotocol",
+ "text" : "fail_if_no_subprotocol",
+ "doc" : "If true, the server will return an error when\n the client does not carry the Sec-WebSocket-Protocol field.\n
Note: WeChat applet needs to disable this verification.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-supported_subprotocols",
+ "text" : "supported_subprotocols",
+ "doc" : "Comma-separated list of supported subprotocols.",
+ "type" : "String",
+ "default" : "\"mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-check_origin_enable",
+ "text" : "check_origin_enable",
+ "doc" : "If true, origin HTTP header will be\n validated against the list of allowed origins configured in check_origins\n parameter.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-allow_origin_absence",
+ "text" : "allow_origin_absence",
+ "doc" : "If false and check_origin_enable is\n true, the server will reject requests that don't have origin\n HTTP header.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-check_origins",
+ "text" : "check_origins",
+ "doc" : "List of allowed origins.
See check_origin_enable.",
+ "type" : "String",
+ "default" : "\"http://localhost:18083, http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-proxy_address_header",
+ "text" : "proxy_address_header",
+ "doc" : "The HTTP request header that carries the original client's IP address, EMQX will take the leftmost IP in the header as the original client's IP.\n\nThis option is typically used when EMQX is deployed behind a WebSocket proxy.",
+ "type" : "String",
+ "default" : "\"x-forwarded-for\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-proxy_port_header",
+ "text" : "proxy_port_header",
+ "doc" : "The HTTP request header that carries the original client's source port, EMQX will take the leftmost port in the header as the original client's source port.\n\nThis option is typically used when EMQX is deployed behind a WebSocket proxy.",
+ "type" : "String",
+ "default" : "\"x-forwarded-port\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-level",
+ "text" : "level",
+ "doc" : "Compression level.",
+ "type" : "Enum(none,default,best_compression,best_speed)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-mem_level",
+ "text" : "mem_level",
+ "doc" : "Specifies the size of the compression state.
\nLower values decrease memory usage per connection.",
+ "type" : "Integer(1..9)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-strategy",
+ "text" : "strategy",
+ "doc" : "Specifies the compression strategy.",
+ "type" : "Enum(default,filtered,huffman_only,rle)",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_context_takeover",
+ "text" : "server_context_takeover",
+ "doc" : "Takeover means the compression state is retained between server messages.",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_context_takeover",
+ "text" : "client_context_takeover",
+ "doc" : "Takeover means the compression state is retained between client messages.",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_max_window_bits",
+ "text" : "server_max_window_bits",
+ "doc" : "Specifies the size of the compression context for the server.",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_max_window_bits",
+ "text" : "client_max_window_bits",
+ "doc" : "Specifies the size of the compression context for the client.",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ }
+ ],
+ "text" : "deflate_opts",
+ "doc" : "Compression options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts",
+ "text" : "deflate_opts",
+ "type" : "Struct(deflate_opts)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-validate_utf8",
+ "text" : "validate_utf8",
+ "doc" : "Whether to verify that the payload of `text` and `close` frames is valid UTF-8. Disabling it can save resources and improve performance.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "ws_opts",
+ "doc" : "WebSocket listener options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket",
+ "text" : "websocket",
+ "type" : "Struct(ws_opts)"
+ }
+ ],
+ "text" : "mqtt_wss_listener",
+ "doc" : "Settings for the MQTT over WebSocket/SSL listener."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-wss",
+ "text" : "wss",
+ "doc" : "HTTPS websocket listeners.",
+ "type" : "Map($name->OneOf(Struct(mqtt_wss_listener),String(\"marked_for_deletion\")))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-quic-S-mqtt_quic_listener",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"
\n\nNOTE: QUIC listener supports only 'tlsv1.3' ciphers",
+ "type" : "Array(String)",
+ "default" : "[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "listener_quic_ssl_opts",
+ "doc" : "TLS options for QUIC transport."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "TLS options for QUIC transport",
+ "type" : "Struct(listener_quic_ssl_opts)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bind",
+ "text" : "bind",
+ "doc" : "IP address and port for the listening socket.",
+ "type" : "String",
+ "default" : "14567"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "The size of the listener's receiving pool.",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "- Adds a static or templated prefix (e.g., `n1/` or `${username}/`) to topics used by clients in `SUBSCRIBE` and `UNSUBSCRIBE` requests, `PUBLISH` messages, and Will Message (if supplied in the `CONNECT` packet).\n- Removes this prefix from topics of messages published to the respective subscriptions.\n\nThe supported placeholders are:\n- `${username}`\n- `${clientid}`\n- `${zone}`\n- `${client_attrs.NAME}`\n\nFor example, with `mountpoint=\"${username}/\"` a client using `u1` as username will have:\n- Client SUBSCRIBE `sensors/#` -> `u1/sensors/#` internally in the broker.\n- Broker PUBLISH `u1/sensors/data` -> `sensors/data` sent to the client.\n\nThe prefix mount/unmount is applied to:\n- Will in `CONNECT`\n- `PUBLISH`\n- `SUBSCRIBE`\n- `UNSUBSCRIBE`\n\nNote: mounting occurs **after authorization/ACL checks**.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-zone",
+ "text" : "zone",
+ "doc" : "The configuration zone to which the listener belongs.\nClients connected to this listener will inherit zone-settings created under this zone name.\n\nA zone can override the configs under below root names:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`",
+ "type" : "String",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener, the authentication\nprocess goes through the configured authentication chain.\nWhen set to false, any client (with or without username/password) is allowed to connect.\nWhen set to quick_deny_anonymous, it behaves like when set to true, but clients will be\ndenied immediately without going through any authenticators if username is not provided. This is useful to fence off\nanonymous clients early.",
+ "type" : "Enum(true,false,quick_deny_anonymous)",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bytes_rate",
+ "text" : "bytes_rate",
+ "doc" : "Limits the number of bytes a single client can send to the broker, per each node.\n\nOnce the limit is reached, EMQX will drop QoS 0 messages and reject QoS 1 and QoS 2 messages\nwith \"Quota Exceeded\" error code (0x97).\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be dropped/rejected.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be dropped/rejected.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bytes_burst",
+ "text" : "bytes_burst",
+ "doc" : "Number of bytes that can be sent in a burst, on top of regular `bytes_rate`.\n\nFor example: `100MB/60m`: Once every 60 minutes, up to 100 megabytes can be sent in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-messages_rate",
+ "text" : "messages_rate",
+ "doc" : "Limits the number of messages a single client can send to the broker, per each node.\n\nOnce the limit is reached, EMQX will drop QoS 0 messages and reject QoS 1 and QoS 2 messages\nwith \"Quota Exceeded\" error code (0x97).\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be dropped/rejected.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be dropped/rejected.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-messages_burst",
+ "text" : "messages_burst",
+ "doc" : "Number of messages that can be sent in a burst, on top of regular `messages_rate`, per each node.\n\nFor example: `10000/60m`: Once in 60 minutes, up to 10000 messages can be sent in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Limits how quickly this listener accepts connections, per each node.\n\nOnce the limit is reached, EMQX will automatically close any new connections right after they’re accepted, effectively draining the queue of connections waiting to be accepted.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_conn_burst",
+ "text" : "max_conn_burst",
+ "doc" : "Number of connections that can be accepted in a burst, on top of regular rate, per each node.\n\nFor example: `10000/60m`: Once every 60 minutes, up to 10000 connections can be accepted in a short period of time.",
+ "type" : "String"
+ }
+ ],
+ "text" : "mqtt_quic_listener",
+ "doc" : "Settings for the MQTT over QUIC listener."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-quic",
+ "text" : "quic",
+ "doc" : "QUIC listeners.",
+ "type" : "Map($name->OneOf(Struct(mqtt_quic_listener),String(\"marked_for_deletion\")))"
+ }
+ ],
+ "text" : "listeners",
+ "doc" : "MQTT listeners identified by their protocol type and assigned names"
+ }
+ ],
+ "hash" : "V-listeners",
+ "text" : "listeners",
+ "doc" : "Listener configurations are defined per transport type.\nEach transport type contains a map associating listener names with their configurations.\nBy default, each transport type includes a listener named `default`, which is not explicitly configured within configuration files.\nTo remove a `default` listener, explicitly set its configuration like: `listeners.ws.default = marked_for_deletion`.\n\nAlternatively, to disable a listener without removing its configuration, set the hidden `enable` field to `false`. For example: `listeners.tcp.my_listener.enable = false`.",
+ "type" : "Struct(listeners)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-mqtt-S-mqtt",
+ "fields" : [
+ {
+ "hash" : "V-mqtt-S-mqtt-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "Configure the duration of time that a connection can remain idle (i.e., without any data transfer) before being:\n - Automatically disconnected if no CONNECT package is received from the client yet.\n - Put into hibernation mode to save resources if some CONNECT packages are already received.\nNote: Please set the parameter with caution as long idle time will lead to resource waste.",
+ "type" : "OneOf(String(\"infinity\"),Duration)",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_packet_size",
+ "text" : "max_packet_size",
+ "doc" : "Maximum MQTT packet size allowed. Default: 1 MB, Maximum: 256 MB
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_clientid_len",
+ "text" : "max_clientid_len",
+ "doc" : "Maximum allowed length of MQTT Client ID.",
+ "type" : "Integer(23..65535)",
+ "default" : "65535"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_topic_levels",
+ "text" : "max_topic_levels",
+ "doc" : "Maximum topic levels allowed.",
+ "type" : "Integer(1..65535)",
+ "default" : "128"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_topic_alias",
+ "text" : "max_topic_alias",
+ "doc" : "Maximum topic alias, 0 means no topic alias supported.",
+ "type" : "Integer(0..65535)",
+ "default" : "65535"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-retain_available",
+ "text" : "retain_available",
+ "doc" : "Whether to enable support for MQTT retained message.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-wildcard_subscription",
+ "text" : "wildcard_subscription",
+ "doc" : "Whether to enable support for MQTT wildcard subscription.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-shared_subscription",
+ "text" : "shared_subscription",
+ "doc" : "Whether to enable support for MQTT shared subscription.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-shared_subscription_strategy",
+ "text" : "shared_subscription_strategy",
+ "doc" : "Dispatch strategy for shared subscription.\nEMQX keeps **dispatch state** (such as random seeds, round-robin position, and sticky subscriber choice) as part of the **publishing client’s connection state**. \nIf the publishing client disconnects and reconnects, this state is lost and must be re-initialized\n\n- `random`: Randomly select a subscriber for dispatch;\n- `round_robin`: Clients in a shared subscription group will consume messages in turn, and the progress of the loop is recorded independently in each publisher, so two adjacent messages from **different publishers** may be consumed by the same client in the subscription group;\n- `round_robin_per_group`: Clients in a shared subscription group will consume messages in turn, and the progress of the loop is recorded independently in each node, so two adjacent messages from **different nodes** may be consumed by the same client in the subscription group;\n- `local`: Randomly select a subscriber on the current node, if there are no subscribers on the current node, then randomly select within the cluster;\n- `sticky`: Continuously dispatch messages to the initially selected subscriber until their session ends. The initial selection is made based on `mqtt_shared_subscription_initial_sticky_pick`;\n- `hash_clientid`: Hash the publisher's client ID to select a subscriber;\n- `hash_topic`: Hash the publishing topic to select a subscriber.",
+ "type" : "Enum(random,round_robin,round_robin_per_group,sticky,local,hash_topic,hash_clientid)",
+ "default" : "round_robin"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-shared_subscription_initial_sticky_pick",
+ "text" : "shared_subscription_initial_sticky_pick",
+ "doc" : "The strategy to use for the initial subscriber pick when shared_subscription_strategy is `sticky`.\n - `random`: Randomly select the subscriber;\n - `local`: Randomly select a subscriber on the current node, if there are no subscribers on the current node, then randomly select within the cluster;\n - `hash_clientid`: Hash the publisher's client ID to select a subscriber;\n - `hash_topic`: Hash the publishing topic to select a subscriber.",
+ "type" : "Enum(random,local,hash_topic,hash_clientid)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-exclusive_subscription",
+ "text" : "exclusive_subscription",
+ "doc" : "Whether to enable support for MQTT exclusive subscription.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-ignore_loop_deliver",
+ "text" : "ignore_loop_deliver",
+ "doc" : "Whether the messages sent by the MQTT v3.1.1/v3.1.0 client will be looped back to the publisher itself, similar to No Local in MQTT 5.0.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-strict_mode",
+ "text" : "strict_mode",
+ "doc" : "Whether to parse MQTT messages in strict mode.\nIn strict mode, invalid utf8 strings in for example client ID, topic name, etc. will cause the client to be disconnected.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-response_information",
+ "text" : "response_information",
+ "doc" : "UTF-8 string, for creating the response topic, for example, if set to reqrsp/, the publisher/subscriber will communicate using the topic prefix reqrsp/.\nTo disable this feature, input \"\" in the text box below. Only applicable to MQTT 5.0 clients.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-server_keepalive",
+ "text" : "server_keepalive",
+ "doc" : "The keep alive duration required by EMQX. To use the setting from the client side, choose disabled from the drop-down list. Only applicable to MQTT 5.0 clients.",
+ "type" : "OneOf(Integer(1..+inf),String(\"disabled\"))",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-keepalive_multiplier",
+ "text" : "keepalive_multiplier",
+ "doc" : "Keep-Alive Timeout = Keep-Alive interval × Keep-Alive Multiplier.\nThe default value 1.5 is following the MQTT 5.0 specification. This multiplier is adjustable, providing system administrators flexibility for tailoring to their specific needs. For instance, if a client's 10-second Keep-Alive interval PINGREQ gets delayed by an extra 10 seconds, changing the multiplier to 2 lets EMQX tolerate this delay.",
+ "type" : "Number",
+ "default" : "1.5"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-keepalive_check_interval",
+ "text" : "keepalive_check_interval",
+ "doc" : "The frequency of checking for incoming MQTT packets determines how often the server will check for new MQTT packets.\nIf a certain amount of time passes without any packets being sent from the client, this time will be added up.\nOnce the accumulated time exceeds `keepalive-interval * keepalive-multiplier`, the connection will be terminated.\nThe default is set to 30 seconds, with a minimum value of 1 second and a maximum value of `keepalive-interval / 2`.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Retry interval for QoS 1/2 message delivering.",
+ "type" : "OneOf(String(\"infinity\"),Duration)",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-use_username_as_clientid",
+ "text" : "use_username_as_clientid",
+ "doc" : "Whether to use Username as Client ID.\nThis setting takes effect later than `peer_cert_as_username` and `peer_cert_as_clientid`.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-peer_cert_as_username",
+ "text" : "peer_cert_as_username",
+ "doc" : "Use the CN, DN field in the peer certificate or the entire certificate content as Username. Only works for the TLS connection.\nSupported configurations are the following:\n- cn: CN field of the certificate\n- dn: DN field of the certificate\n- crt: Content of the DER or PEM certificate\n- pem: Convert DER certificate content to PEM format and use as Username\n- md5: MD5 value of the DER or PEM certificate",
+ "type" : "Enum(disabled,cn,dn,crt,pem,md5)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-peer_cert_as_clientid",
+ "text" : "peer_cert_as_clientid",
+ "doc" : "Use the CN, DN field in the peer certificate or the entire certificate content as Client ID. Only works for the TLS connection.\nSupported configurations are the following:\n- cn: CN field of the certificate\n- dn: DN field of the certificate\n- crt: DER or PEM certificate\n- pem: Convert DER certificate content to PEM format and use as Client ID\n- md5: MD5 value of the DER or PEM certificate",
+ "type" : "Enum(disabled,cn,dn,crt,pem,md5)",
+ "default" : "disabled"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init",
+ "fields" : [
+ {
+ "hash" : "V-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init-expression",
+ "text" : "expression",
+ "doc" : "A one line expression to evaluate a set of predefined string functions (like in the rule engine SQL statements).\nThe expression can be a function call with nested calls as its arguments, or direct variable reference.\nSo far, it does not provide user-defined variable binding (like `var a=1`) or user-defined functions.\nAs an example, to extract the prefix of client ID delimited by a dot: `nth(1, tokens(clientid, '.'))`.\n\nThe variables pre-bound variables are:\n- `clientid`: MQTT Client ID.\n- `username`: MQTT Client's username.\n- `user_property.{NAME}`: User properties in the CONNECT packet.\n- `zone`: Listener's config zone.\n- `listener`: The ID (like `tcp:default`) of the listener from which the client is connected.\nFor TLS clients, connected directly or via proxy-protocol (v2) enabled load balancer,\nsome extra variables can be used:\n- `cn`: Client's TLS certificate common name.\n- `dn`: Client's TLS certificate distinguished name (the subject).\n- `peersni`: TLS server name indication sent by the client.\n\nYou can read more about variform expressions in EMQX docs.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init-set_as_attr",
+ "text" : "set_as_attr",
+ "doc" : "The name of the client attribute extracted from the client data.\nThe extracted attribute will be stored in the `client_attrs` property with this name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "client_attrs_init",
+ "doc" : "Specify how to initialize client attributes.\nEach client attribute can be initialized as `client_attrs.{NAME}`,\nwhere `{NAME}` is the name of the attribute specified in the config field `set_as_attr`.\n\nThe initialized client attribute will be stored in the `client_attrs` property with the specified name,\nand can be used as a variable to render a template for mountpoint, authentication and authorization requests.\n\nFor example, use `${client_attrs.tns}` to render an HTTP POST body when `set_as_attr = tns`,\nor render listener config `moutpoint = ${client_attrs.tns}/` for topic namespacing."
+ }
+ ],
+ "hash" : "V-mqtt-S-mqtt-client_attrs_init",
+ "text" : "client_attrs_init",
+ "doc" : "Specify how to initialize client attributes.\nEach client attribute can be initialized as `client_attrs.{NAME}`,\nwhere `{NAME}` is the name of the attribute specified in the config field `set_as_attr`.\n\nThe initialized client attribute will be stored in the `client_attrs` property with the specified name,\nand can be used as a variable to render a template for mountpoint, authentication and authorization requests.\n\nFor example, use `${client_attrs.tns}` to render an HTTP POST body when `set_as_attr = tns`,\nor render listener config `moutpoint = ${client_attrs.tns}/` for topic namespacing.",
+ "type" : "Array(Struct(client_attrs_init))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-clientid_override",
+ "text" : "clientid_override",
+ "doc" : "A one line expression to evaluate a set of predefined string functions (like in the rule engine SQL statements).\nThe expression can be a function call with nested calls as its arguments, or direct variable reference.\nSo far, it does not provide user-defined variable binding (like `var a=1`) or user-defined functions.\nAs an example, to extract the prefix of username delimited by a dot: `nth(1, tokens(username, '.'))`.\n\nThe variables pre-bound variables are:\n- `clientid`: The original MQTT Client ID.\n- `username`: MQTT Client's username.\n- `client_attrs.{NAME}`: Client attributes initialized by per config `client_attrs_init`.\nFor TLS clients, connected directly or via proxy-protocol (v2) enabled load balancer,\nsome extra variables can be used:\n- `cn`: Client's TLS certificate common name.\n- `dn`: Client's TLS certificate distinguished name (the subject).\n- `peersni`: TLS server name indication sent by the client.\n\nYou can read more about variform expressions in EMQX docs.",
+ "type" : "OneOf(String(\"disabled\"),String)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-session_expiry_interval",
+ "text" : "session_expiry_interval",
+ "doc" : "Specifies how long the session will expire after the connection is disconnected, only for non-MQTT 5.0 connections.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"2h\""
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-message_expiry_interval",
+ "text" : "message_expiry_interval",
+ "doc" : "The expiry interval of MQTT messages. For MQTT 5.0 clients, this configuration will only take effect when the `Message-Expiry-Interval` property is not set in the message; otherwise, the value of the `Message-Expiry-Interval` property will be used. For MQTT versions older than 5.0, this configuration will always take effect. Please note that setting `message_expiry_interval` greater than `session_expiry_interval` is meaningless, as all messages will be cleared when the session expires.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_awaiting_rel",
+ "text" : "max_awaiting_rel",
+ "doc" : "For each publisher session, the maximum number of outstanding QoS 2 messages pending on the client to send PUBREL. After reaching this limit, new QoS 2 PUBLISH requests will be rejected with `147(0x93)` until either PUBREL is received or timed out.",
+ "type" : "OneOf(Integer(0..+inf),String(\"infinity\"))",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_qos_allowed",
+ "text" : "max_qos_allowed",
+ "doc" : "Maximum QoS allowed.",
+ "type" : "Integer(0..2)",
+ "default" : "2"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-mqueue_priorities",
+ "text" : "mqueue_priorities",
+ "doc" : "Topic priority list. Prioritize messages in the message queue by topic. The priority range is `[1, 255]`.\n\nThe larger the value, the higher the priority. Messages with higher priority will be sent first.\n\nTopics not in this list will use the default priority (specified by `mqueue_default_priority`).\n\nBy default, this list is empty, which means all topics have the same priority.\n\nNote: commas and equal signs are not supported in topic names.\n\nFor example, if you want `topic/1` to have a higher priority than `topic/2`, you can configure it like this:\n\n`mqueue_priorities: {\"topic/1\": 10, \"topic/2\": 8}`",
+ "type" : "OneOf(String(\"disabled\"),Map)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-mqueue_default_priority",
+ "text" : "mqueue_default_priority",
+ "doc" : "Default topic priority, which will be used by topics not in Topic Priorities (mqueue_priorities).",
+ "type" : "Enum(highest,lowest)",
+ "default" : "lowest"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-mqueue_store_qos0",
+ "text" : "mqueue_store_qos0",
+ "doc" : "Specifies whether to store QoS 0 messages in the message queue while the connection is down but the session remains.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_mqueue_len",
+ "text" : "max_mqueue_len",
+ "doc" : "Maximum queue length. Enqueued messages when persistent client disconnected, or inflight window is full.",
+ "type" : "OneOf(Integer(0..+inf),String(\"infinity\"))",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "Maximum number of QoS 1 and QoS 2 messages that are allowed to be delivered simultaneously before completing the acknowledgment.",
+ "type" : "Integer(1..65535)",
+ "default" : "32"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_subscriptions",
+ "text" : "max_subscriptions",
+ "doc" : "Maximum number of subscriptions allowed per client.",
+ "type" : "OneOf(Integer(1..inf),String(\"infinity\"))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-upgrade_qos",
+ "text" : "upgrade_qos",
+ "doc" : "Force upgrade of QoS level according to subscription.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-await_rel_timeout",
+ "text" : "await_rel_timeout",
+ "doc" : "For client to broker QoS 2 message, the time limit for the broker to wait before the `PUBREL` message is received. The wait is aborted after timed out, meaning the packet ID is freed for new `PUBLISH` requests. Receiving a stale `PUBREL` causes a warning level log. Note, the message is delivered to subscribers before entering the wait for PUBREL.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"300s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-mqtt-S-mqtt-limiter-S-mqtt",
+ "fields" : [
+ {
+ "hash" : "V-mqtt-S-mqtt-limiter-S-mqtt-bytes_rate",
+ "text" : "bytes_rate",
+ "doc" : "Limits the number of bytes a single client can send to the broker, per each node.\n\nOnce the limit is reached, EMQX will drop QoS 0 messages and reject QoS 1 and QoS 2 messages\nwith \"Quota Exceeded\" error code (0x97).\n\nThe unit of the bytes could be: B, KB, MB, GB.\n\nFor example:\n\n- `500KB/s`: Only 500 kilobytes per second will be received, and the remaining bytes will be dropped/rejected.\n- `500MB/10s`: Only 500 megabytes will be received every 10 seconds, and the remaining bytes will be dropped/rejected.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-limiter-S-mqtt-bytes_burst",
+ "text" : "bytes_burst",
+ "doc" : "Number of bytes that can be sent in a burst, on top of regular `bytes_rate`.\n\nFor example: `100MB/60m`: Once every 60 minutes, up to 100 megabytes can be sent in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-limiter-S-mqtt-messages_rate",
+ "text" : "messages_rate",
+ "doc" : "Limits the number of messages a single client can send to the broker, per each node.\n\nOnce the limit is reached, EMQX will drop QoS 0 messages and reject QoS 1 and QoS 2 messages\nwith \"Quota Exceeded\" error code (0x97).\n\nFor example:\n\n- `500/s`: Only 500 messages will be received per second, and the remaining messages will be dropped/rejected.\n- `500/10s`: Only 500 messages will be received every 10 seconds and the remaining messages will be dropped/rejected.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-limiter-S-mqtt-messages_burst",
+ "text" : "messages_burst",
+ "doc" : "Number of messages that can be sent in a burst, on top of regular `messages_rate`, per each node.\n\nFor example: `10000/60m`: Once in 60 minutes, up to 10000 messages can be sent in a short period of time.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-limiter-S-mqtt-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Limits how quickly this listener accepts connections, per each node.\n\nOnce the limit is reached, EMQX will automatically close any new connections right after they’re accepted, effectively draining the queue of connections waiting to be accepted.\n\nFor example:\n\n- `1000/s`: Only accepts 1000 connections per second.\n- `1000/10s`: Only accepts 1000 connections every 10 seconds.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-limiter-S-mqtt-max_conn_burst",
+ "text" : "max_conn_burst",
+ "doc" : "Number of connections that can be accepted in a burst, on top of regular rate, per each node.\n\nFor example: `10000/60m`: Once every 60 minutes, up to 10000 connections can be accepted in a short period of time.",
+ "type" : "String"
+ }
+ ],
+ "text" : "mqtt",
+ "doc" : "MQTT related limiters."
+ }
+ ],
+ "hash" : "V-mqtt-S-mqtt-limiter",
+ "text" : "limiter",
+ "doc" : "MQTT related limiter configuration.",
+ "type" : "Struct(mqtt)"
+ }
+ ],
+ "text" : "mqtt",
+ "doc" : "Global MQTT configuration."
+ }
+ ],
+ "hash" : "V-mqtt",
+ "text" : "mqtt",
+ "doc" : "Global MQTT configuration.\nThe configs here work as default values which can be overridden in zone configs",
+ "type" : "Struct(mqtt)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-builtin_db",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw-name",
+ "text" : "name",
+ "doc" : "For BCRYPT password hashing, must set name to 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw-salt_rounds",
+ "text" : "salt_rounds",
+ "doc" : "Work factor for BCRYPT password generation.",
+ "type" : "Integer(5..10)",
+ "default" : "10"
+ }
+ ],
+ "text" : "bcrypt_rw",
+ "doc" : "Settings for bcrypt password hashing algorithm (for DB backends with write capability)."
+ },
+ {
+ "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "For PBKDF2 password hashing, must set name to 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "Specifies which HMAC function to use in PBKDF2 algorithm. Note that md4, md5, ripemd160 are no longer supported since 5.8.3.",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "Number of iterations for PBKDF2 algorithm. Higher values provide better security but require more computation.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "Length of the derived key in bytes for PBKDF2 algorithm.",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "Settings for PBKDF2 password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512.",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "Salt position for PLAIN, SHA, SHA256 and SHA512 algorithms.",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512."
+ }
+ ],
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "Options for password hash creation and verification.",
+ "type" : "OneOf(Struct(bcrypt_rw),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"built_in_database\")"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-user_id_type",
+ "text" : "user_id_type",
+ "doc" : "Specify whether to use `clientid` or `username` for authentication.",
+ "type" : "Enum(clientid,username)",
+ "default" : "username"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-bootstrap_file",
+ "text" : "bootstrap_file",
+ "doc" : "The bootstrap file imports users into the built-in database.\nIt will not import a user ID that already exists in the database.\nThe file content format is determined by `bootstrap_type`.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/auth-built-in-db-bootstrap.csv\""
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-bootstrap_type",
+ "text" : "bootstrap_type",
+ "doc" : "Specify which type of content the bootstrap file has.\n\n- **`plain`**:\n - Expected data fields: `user_id`, `password`, `is_superuser`\n - `user_id`: Can be Client ID or username, depending on built-in database authentication's `user_id_type` config.\n - `password`: User's plaintext password.\n - `is_superuser`: Boolean, user's administrative status.\n\n- **`hash`**:\n - Expected data fields: `user_id`,`password_hash`,`salt`,`is_superuser`\n - Definitions similar to `plain` type, with `password_hash` and `salt` added for security.\n\nThe content can be either in CSV, or JSON format.\n\nHere is a CSV example: `user_id,password_hash,salt,is_superuser\\nmy_user,b6c743545a7817ae8c8f624371d5f5f0373234bb0ff36b8ffbf19bce0e06ab75,de1024f462fb83910fd13151bd4bd235,true`\n\nAnd JSON content should be decoded into an array of objects, for example: `[{\"user_id\": \"my_user\",\"password\": \"s3cr3tp@ssw0rd\",\"is_superuser\": true}]`.\n\nThe hash string for `password_hash` depends on how `password_hash_algorithm` is configured for the built-in database authentication mechanism. For example, if it's configured as `password_hash_algorithm {name = sha256, salt_position = suffix}`, then the salt is appended to the password before hashed. Here is the equivalent Python expression: `hashlib.sha256(password + salt).hexdigest()`.",
+ "type" : "Enum(hash,plain)",
+ "default" : "plain"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "builtin_db",
+ "doc" : "Configuration of authenticator using built-in database as data source."
+ },
+ {
+ "hash" : "T-authentication-S-mysql",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mysql-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"mysql\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "For BCRYPT password hashing, must set name to 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "Settings for BCRYPT password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "For PBKDF2 password hashing, must set name to 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "Specifies which HMAC function to use in PBKDF2 algorithm. Note that md4, md5, ripemd160 are no longer supported since 5.8.3.",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "Number of iterations for PBKDF2 algorithm. Higher values provide better security but require more computation.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "Length of the derived key in bytes for PBKDF2 algorithm.",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "Settings for PBKDF2 password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512.",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "Salt position for PLAIN, SHA, SHA256 and SHA512 algorithms.",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512."
+ }
+ ],
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "Options for password hash verification.",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-query",
+ "text" : "query",
+ "doc" : "SQL used to query data for authentication, such as password hash.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-query_timeout",
+ "text" : "query_timeout",
+ "doc" : "Timeout for the SQL query.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-mysql-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-mysql-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MySQL default port 3306 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String",
+ "default" : "root"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mysql-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-mysql-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mysql",
+ "doc" : "Configuration of authenticator using MySQL as authentication data source."
+ },
+ {
+ "hash" : "T-authentication-S-postgresql",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-postgresql-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"postgresql\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "For BCRYPT password hashing, must set name to 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "Settings for BCRYPT password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "For PBKDF2 password hashing, must set name to 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "Specifies which HMAC function to use in PBKDF2 algorithm. Note that md4, md5, ripemd160 are no longer supported since 5.8.3.",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "Number of iterations for PBKDF2 algorithm. Higher values provide better security but require more computation.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "Length of the derived key in bytes for PBKDF2 algorithm.",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "Settings for PBKDF2 password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512.",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "Salt position for PLAIN, SHA, SHA256 and SHA512 algorithms.",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512."
+ }
+ ],
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "Options for password hash verification.",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-query",
+ "text" : "query",
+ "doc" : "SQL used to query data for authentication, such as password hash.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-disable_prepared_statements",
+ "text" : "disable_prepared_statements",
+ "doc" : "Disables the usage of prepared statements in the connections.\nSome endpoints, like PGBouncer or Supabase in Transaction mode, do not\nsupport session features such as prepared statements. For such connections,\nthis option should be enabled.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-postgresql-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-postgresql-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "postgresql",
+ "doc" : "Configuration of authenticator using PostgreSQL as authentication data source."
+ },
+ {
+ "hash" : "T-authentication-S-mongo_single",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_single-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"mongodb\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-collection",
+ "text" : "collection",
+ "doc" : "Collection used to store authentication data.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-filter",
+ "text" : "filter",
+ "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_field",
+ "text" : "password_hash_field",
+ "doc" : "Document field that contains password hash.",
+ "type" : "String",
+ "default" : "password_hash"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-salt_field",
+ "text" : "salt_field",
+ "doc" : "Document field that contains the password salt.",
+ "type" : "String",
+ "default" : "salt"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-is_superuser_field",
+ "text" : "is_superuser_field",
+ "doc" : "Document field that defines if the user has superuser privileges.",
+ "type" : "String",
+ "default" : "is_superuser"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "For BCRYPT password hashing, must set name to 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "Settings for BCRYPT password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "For PBKDF2 password hashing, must set name to 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "Specifies which HMAC function to use in PBKDF2 algorithm. Note that md4, md5, ripemd160 are no longer supported since 5.8.3.",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "Number of iterations for PBKDF2 algorithm. Higher values provide better security but require more computation.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "Length of the derived key in bytes for PBKDF2 algorithm.",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "Settings for PBKDF2 password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512.",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "Salt position for PLAIN, SHA, SHA256 and SHA512 algorithms.",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512."
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "Options for password hash verification.",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "Standalone instance. Must be set to 'single' when MongoDB server is running in standalone mode.",
+ "type" : "String(\"single\")",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-w_mode",
+ "text" : "w_mode",
+ "doc" : "Write mode.",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-srv_record",
+ "text" : "srv_record",
+ "doc" : "Use DNS SRV record.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-auth_source",
+ "text" : "auth_source",
+ "doc" : "Database name associated with the user's credentials.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_single-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "Topology of MongoDB."
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_single-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_single-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_single-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mongo_single",
+ "doc" : "Configuration of authenticator using MongoDB (Standalone) as authentication data source."
+ },
+ {
+ "hash" : "T-authentication-S-mongo_rs",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_rs-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"mongodb\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-collection",
+ "text" : "collection",
+ "doc" : "Collection used to store authentication data.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-filter",
+ "text" : "filter",
+ "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_field",
+ "text" : "password_hash_field",
+ "doc" : "Document field that contains password hash.",
+ "type" : "String",
+ "default" : "password_hash"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-salt_field",
+ "text" : "salt_field",
+ "doc" : "Document field that contains the password salt.",
+ "type" : "String",
+ "default" : "salt"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-is_superuser_field",
+ "text" : "is_superuser_field",
+ "doc" : "Document field that defines if the user has superuser privileges.",
+ "type" : "String",
+ "default" : "is_superuser"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "For BCRYPT password hashing, must set name to 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "Settings for BCRYPT password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "For PBKDF2 password hashing, must set name to 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "Specifies which HMAC function to use in PBKDF2 algorithm. Note that md4, md5, ripemd160 are no longer supported since 5.8.3.",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "Number of iterations for PBKDF2 algorithm. Higher values provide better security but require more computation.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "Length of the derived key in bytes for PBKDF2 algorithm.",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "Settings for PBKDF2 password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512.",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "Salt position for PLAIN, SHA, SHA256 and SHA512 algorithms.",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512."
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "Options for password hash verification.",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "Replica set. Must be set to 'rs' when MongoDB server is running in 'replica set' mode.",
+ "type" : "String(\"rs\")",
+ "default" : "rs"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-servers",
+ "text" : "servers",
+ "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-w_mode",
+ "text" : "w_mode",
+ "doc" : "Write mode.",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-r_mode",
+ "text" : "r_mode",
+ "doc" : "Read mode.",
+ "type" : "Enum(master,slave_ok)",
+ "default" : "master"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-replica_set_name",
+ "text" : "replica_set_name",
+ "doc" : "Name of the replica set.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-srv_record",
+ "text" : "srv_record",
+ "doc" : "Use DNS SRV record.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-auth_source",
+ "text" : "auth_source",
+ "doc" : "Database name associated with the user's credentials.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_rs-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "Topology of MongoDB."
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_rs-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_rs-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_rs-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mongo_rs",
+ "doc" : "Configuration of authenticator using MongoDB (Replica Set) as authentication data source."
+ },
+ {
+ "hash" : "T-authentication-S-mongo_sharded",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_sharded-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"mongodb\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-collection",
+ "text" : "collection",
+ "doc" : "Collection used to store authentication data.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-filter",
+ "text" : "filter",
+ "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_field",
+ "text" : "password_hash_field",
+ "doc" : "Document field that contains password hash.",
+ "type" : "String",
+ "default" : "password_hash"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-salt_field",
+ "text" : "salt_field",
+ "doc" : "Document field that contains the password salt.",
+ "type" : "String",
+ "default" : "salt"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-is_superuser_field",
+ "text" : "is_superuser_field",
+ "doc" : "Document field that defines if the user has superuser privileges.",
+ "type" : "String",
+ "default" : "is_superuser"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "For BCRYPT password hashing, must set name to 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "Settings for BCRYPT password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "For PBKDF2 password hashing, must set name to 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "Specifies which HMAC function to use in PBKDF2 algorithm. Note that md4, md5, ripemd160 are no longer supported since 5.8.3.",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "Number of iterations for PBKDF2 algorithm. Higher values provide better security but require more computation.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "Length of the derived key in bytes for PBKDF2 algorithm.",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "Settings for PBKDF2 password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512.",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "Salt position for PLAIN, SHA, SHA256 and SHA512 algorithms.",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512."
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "Options for password hash verification.",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "Sharded cluster. Must be set to 'sharded' when MongoDB server is running in 'sharded' mode.",
+ "type" : "String(\"sharded\")",
+ "default" : "sharded"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-servers",
+ "text" : "servers",
+ "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-w_mode",
+ "text" : "w_mode",
+ "doc" : "Write mode.",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-srv_record",
+ "text" : "srv_record",
+ "doc" : "Use DNS SRV record.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-auth_source",
+ "text" : "auth_source",
+ "doc" : "Database name associated with the user's credentials.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_sharded-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "Topology of MongoDB."
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_sharded-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_sharded-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_sharded-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mongo_sharded",
+ "doc" : "Configuration of authenticator using MongoDB (Sharded Cluster) as authentication data source."
+ },
+ {
+ "hash" : "T-authentication-S-redis_single",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_single-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"redis\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-cmd",
+ "text" : "cmd",
+ "doc" : "The Redis Command used to query data for authentication such as password hash, currently only supports HGET and HMGET.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "For BCRYPT password hashing, must set name to 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "Settings for BCRYPT password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "For PBKDF2 password hashing, must set name to 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "Specifies which HMAC function to use in PBKDF2 algorithm. Note that md4, md5, ripemd160 are no longer supported since 5.8.3.",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "Number of iterations for PBKDF2 algorithm. Higher values provide better security but require more computation.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "Length of the derived key in bytes for PBKDF2 algorithm.",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "Settings for PBKDF2 password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512.",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "Salt position for PLAIN, SHA, SHA256 and SHA512 algorithms.",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512."
+ }
+ ],
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "Options for password hash verification.",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-redis_type",
+ "text" : "redis_type",
+ "doc" : "Single mode. Must be set to 'single' when Redis server is running in single mode.",
+ "type" : "String(\"single\")",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-database",
+ "text" : "database",
+ "doc" : "Redis database ID.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-redis_single-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-redis_single-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "redis_single",
+ "doc" : "Configuration of authenticator using Redis (Standalone) as authentication data source."
+ },
+ {
+ "hash" : "T-authentication-S-redis_cluster",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_cluster-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"redis\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-cmd",
+ "text" : "cmd",
+ "doc" : "The Redis Command used to query data for authentication such as password hash, currently only supports HGET and HMGET.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "For BCRYPT password hashing, must set name to 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "Settings for BCRYPT password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "For PBKDF2 password hashing, must set name to 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "Specifies which HMAC function to use in PBKDF2 algorithm. Note that md4, md5, ripemd160 are no longer supported since 5.8.3.",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "Number of iterations for PBKDF2 algorithm. Higher values provide better security but require more computation.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "Length of the derived key in bytes for PBKDF2 algorithm.",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "Settings for PBKDF2 password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512.",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "Salt position for PLAIN, SHA, SHA256 and SHA512 algorithms.",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512."
+ }
+ ],
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "Options for password hash verification.",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-servers",
+ "text" : "servers",
+ "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-redis_type",
+ "text" : "redis_type",
+ "doc" : "Cluster mode. Must be set to 'cluster' when Redis server is running in clustered mode.",
+ "type" : "String(\"cluster\")",
+ "default" : "cluster"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-redis_cluster-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-redis_cluster-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "redis_cluster",
+ "doc" : "Configuration of authenticator using Redis (Cluster) as authentication data source."
+ },
+ {
+ "hash" : "T-authentication-S-redis_sentinel",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_sentinel-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"redis\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-cmd",
+ "text" : "cmd",
+ "doc" : "The Redis Command used to query data for authentication such as password hash, currently only supports HGET and HMGET.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "For BCRYPT password hashing, must set name to 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "Settings for BCRYPT password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "For PBKDF2 password hashing, must set name to 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "Specifies which HMAC function to use in PBKDF2 algorithm. Note that md4, md5, ripemd160 are no longer supported since 5.8.3.",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "Number of iterations for PBKDF2 algorithm. Higher values provide better security but require more computation.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "Length of the derived key in bytes for PBKDF2 algorithm.",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "Settings for PBKDF2 password hashing algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512.",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "Salt position for PLAIN, SHA, SHA256 and SHA512 algorithms.",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "Settings for simple algorithms like PLAIN, SHA, SHA256 and SHA512."
+ }
+ ],
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "Options for password hash verification.",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-servers",
+ "text" : "servers",
+ "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-redis_type",
+ "text" : "redis_type",
+ "doc" : "Sentinel mode. Must be set to 'sentinel' when Redis server is running in sentinel mode.",
+ "type" : "String(\"sentinel\")",
+ "default" : "sentinel"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-sentinel",
+ "text" : "sentinel",
+ "doc" : "The cluster name in Redis sentinel mode.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-database",
+ "text" : "database",
+ "doc" : "Redis database ID.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-redis_sentinel-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-redis_sentinel-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "redis_sentinel",
+ "doc" : "Configuration of authenticator using Redis (Sentinel) as authentication data source."
+ },
+ {
+ "hash" : "T-authentication-S-http_get",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-http_get-method",
+ "text" : "method",
+ "doc" : "HTTP request method.",
+ "type" : "String(\"get\")"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP headers (without content-type).",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"http\")"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-url",
+ "text" : "url",
+ "doc" : "URL of the HTTP server.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-body",
+ "text" : "body",
+ "doc" : "HTTP request body.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_get-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-http_get-request-S-request",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-http_get-request-S-request-method",
+ "text" : "method",
+ "doc" : "HTTP method.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-request-S-request-path",
+ "text" : "path",
+ "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-request-S-request-body",
+ "text" : "body",
+ "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-request-S-request-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP headers.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-request-S-request-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry times if error on sending request.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-request-S-request-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "request",
+ "doc" : ""
+ }
+ ],
+ "hash" : "V-authentication-S-http_get-request",
+ "text" : "request",
+ "doc" : "Configure HTTP request parameters.",
+ "type" : "Struct(request)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-http_get-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-http_get-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_get-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_get-max_retries",
+ "text" : "max_retries",
+ "doc" : "Deprecated since 5.0.4.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ }
+ ],
+ "text" : "http_get",
+ "doc" : "Configuration of authenticator using HTTP Server as authentication service (Using GET request)."
+ },
+ {
+ "hash" : "T-authentication-S-http_post",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-http_post-method",
+ "text" : "method",
+ "doc" : "HTTP request method.",
+ "type" : "String(\"post\")"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP Headers.",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"http\")"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-url",
+ "text" : "url",
+ "doc" : "URL of the HTTP server.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-body",
+ "text" : "body",
+ "doc" : "HTTP request body.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_post-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-http_post-request-S-request",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-http_post-request-S-request-method",
+ "text" : "method",
+ "doc" : "HTTP method.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-request-S-request-path",
+ "text" : "path",
+ "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-request-S-request-body",
+ "text" : "body",
+ "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-request-S-request-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP headers.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-request-S-request-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry times if error on sending request.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-request-S-request-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "request",
+ "doc" : ""
+ }
+ ],
+ "hash" : "V-authentication-S-http_post-request",
+ "text" : "request",
+ "doc" : "Configure HTTP request parameters.",
+ "type" : "Struct(request)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-http_post-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-http_post-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_post-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_post-max_retries",
+ "text" : "max_retries",
+ "doc" : "Deprecated since 5.0.4.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ }
+ ],
+ "text" : "http_post",
+ "doc" : "Configuration of authenticator using HTTP Server as authentication service (Using POST request)."
+ },
+ {
+ "hash" : "T-authentication-S-jwt_hmac",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-jwt_hmac-algorithm",
+ "text" : "algorithm",
+ "doc" : "JWT signing algorithm, Supports HMAC (configured as hmac-based) and RSA, ECDSA (configured as public-key).",
+ "type" : "Enum(hmac-based)"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-secret",
+ "text" : "secret",
+ "doc" : "The key to verify the JWT using HMAC algorithm.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-secret_base64_encoded",
+ "text" : "secret_base64_encoded",
+ "doc" : "Whether secret is base64 encoded.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"jwt\")"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-acl_claim_name",
+ "text" : "acl_claim_name",
+ "doc" : "The JWT claim designated for accessing ACL (Access Control List) rules can be specified,\nsuch as using the `acl` claim. A typical decoded JWT with this claim might appear as:\n`{\"username\": \"user1\", \"acl\": ...}`.\n\nSupported ACL Rule Formats:\n\n- Object Format:\n Utilizes action types pub (publish), sub (subscribe), or all (both publish and subscribe).\n The value is a list of topic filters.\n Example: `{\"pub\": [\"topic1\"], \"sub\": [], \"all\": [\"${username}/#\"]}`.\n This example signifies that the token owner can publish to topic1 and perform both publish and subscribe\n actions on topics starting with their username.\n Note: In this format, if no topic matches, the action is denied, and the authorization process terminates.\n\n- Array Format (resembles File-Based ACL Rules):\n Example: `[{\"permission\": \"allow\", \"action\": \"all\", \"topic\": \"${username}/#\"}]`.\n Additionally, the `pub` or `publish` action rules can be extended with `qos` and `retain` field,\n and `sub` or `subscribe` action rules can be extended with a `qos` field.\n Note: Here, if no rule matches, the action is not immediately denied.\n The process continues to other configured authorization sources,\n and ultimately falls back to the default permission in config `authorization.no_match`.\n\nThe ACL claim utilizes MQTT topic wildcard matching rules for publishing or subscribing.\nA special syntax for the 'subscribe' action allows the use of `eq` for an exact match.\nFor instance, `eq t/#` permits or denies subscription to `t/#`, but not to `t/1`.",
+ "type" : "String",
+ "default" : "acl"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-verify_claims",
+ "text" : "verify_claims",
+ "doc" : "A list of custom claims to validate. The allowed formats are the following:\nA map where claim names are map keys and expected values are map values:\n { claim_name = \"${username}\", ...}.\n\nA list of maps with name (claim name) and value (expected claim value) keys:\n [{name = \"claim_name\", value = \"${username}\"}, ...].\n\nValues can use the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting\n\nAuthentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in verify_claims.",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-disconnect_after_expire",
+ "text" : "disconnect_after_expire",
+ "doc" : "Disconnect the client after the token expires.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-from",
+ "text" : "from",
+ "doc" : "Field to take JWT from.",
+ "type" : "Enum(username,password)",
+ "default" : "password"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "jwt_hmac",
+ "doc" : "Configuration when the JWT for authentication is issued using the HMAC algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-jwt_public_key",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-jwt_public_key-algorithm",
+ "text" : "algorithm",
+ "doc" : "JWT signing algorithm, Supports HMAC (configured as hmac-based) and RSA, ECDSA (configured as public-key).",
+ "type" : "Enum(public-key)"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-public_key",
+ "text" : "public_key",
+ "doc" : "The public key used to verify the JWT.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"jwt\")"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-acl_claim_name",
+ "text" : "acl_claim_name",
+ "doc" : "The JWT claim designated for accessing ACL (Access Control List) rules can be specified,\nsuch as using the `acl` claim. A typical decoded JWT with this claim might appear as:\n`{\"username\": \"user1\", \"acl\": ...}`.\n\nSupported ACL Rule Formats:\n\n- Object Format:\n Utilizes action types pub (publish), sub (subscribe), or all (both publish and subscribe).\n The value is a list of topic filters.\n Example: `{\"pub\": [\"topic1\"], \"sub\": [], \"all\": [\"${username}/#\"]}`.\n This example signifies that the token owner can publish to topic1 and perform both publish and subscribe\n actions on topics starting with their username.\n Note: In this format, if no topic matches, the action is denied, and the authorization process terminates.\n\n- Array Format (resembles File-Based ACL Rules):\n Example: `[{\"permission\": \"allow\", \"action\": \"all\", \"topic\": \"${username}/#\"}]`.\n Additionally, the `pub` or `publish` action rules can be extended with `qos` and `retain` field,\n and `sub` or `subscribe` action rules can be extended with a `qos` field.\n Note: Here, if no rule matches, the action is not immediately denied.\n The process continues to other configured authorization sources,\n and ultimately falls back to the default permission in config `authorization.no_match`.\n\nThe ACL claim utilizes MQTT topic wildcard matching rules for publishing or subscribing.\nA special syntax for the 'subscribe' action allows the use of `eq` for an exact match.\nFor instance, `eq t/#` permits or denies subscription to `t/#`, but not to `t/1`.",
+ "type" : "String",
+ "default" : "acl"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-verify_claims",
+ "text" : "verify_claims",
+ "doc" : "A list of custom claims to validate. The allowed formats are the following:\nA map where claim names are map keys and expected values are map values:\n { claim_name = \"${username}\", ...}.\n\nA list of maps with name (claim name) and value (expected claim value) keys:\n [{name = \"claim_name\", value = \"${username}\"}, ...].\n\nValues can use the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting\n\nAuthentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in verify_claims.",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-disconnect_after_expire",
+ "text" : "disconnect_after_expire",
+ "doc" : "Disconnect the client after the token expires.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-from",
+ "text" : "from",
+ "doc" : "Field to take JWT from.",
+ "type" : "Enum(username,password)",
+ "default" : "password"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "jwt_public_key",
+ "doc" : "Configuration when the JWT for authentication is issued using RSA or ECDSA algorithm."
+ },
+ {
+ "hash" : "T-authentication-S-jwt_jwks",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-jwt_jwks-use_jwks",
+ "text" : "use_jwks",
+ "doc" : "Whether to use JWKS.",
+ "type" : "Enum(true)"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-endpoint",
+ "text" : "endpoint",
+ "doc" : "JWKS endpoint, it's a read-only endpoint that returns the server's public key set in the JWKS format.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP headers to send with the JWKS request.",
+ "type" : "Map",
+ "default" : "{Accept = \"application/json\"}"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "JWKS refresh interval.",
+ "type" : "Integer",
+ "default" : "300"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-jwt_jwks-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-jwt_jwks-ssl",
+ "text" : "ssl",
+ "doc" : "SSL options.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"jwt\")"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-acl_claim_name",
+ "text" : "acl_claim_name",
+ "doc" : "The JWT claim designated for accessing ACL (Access Control List) rules can be specified,\nsuch as using the `acl` claim. A typical decoded JWT with this claim might appear as:\n`{\"username\": \"user1\", \"acl\": ...}`.\n\nSupported ACL Rule Formats:\n\n- Object Format:\n Utilizes action types pub (publish), sub (subscribe), or all (both publish and subscribe).\n The value is a list of topic filters.\n Example: `{\"pub\": [\"topic1\"], \"sub\": [], \"all\": [\"${username}/#\"]}`.\n This example signifies that the token owner can publish to topic1 and perform both publish and subscribe\n actions on topics starting with their username.\n Note: In this format, if no topic matches, the action is denied, and the authorization process terminates.\n\n- Array Format (resembles File-Based ACL Rules):\n Example: `[{\"permission\": \"allow\", \"action\": \"all\", \"topic\": \"${username}/#\"}]`.\n Additionally, the `pub` or `publish` action rules can be extended with `qos` and `retain` field,\n and `sub` or `subscribe` action rules can be extended with a `qos` field.\n Note: Here, if no rule matches, the action is not immediately denied.\n The process continues to other configured authorization sources,\n and ultimately falls back to the default permission in config `authorization.no_match`.\n\nThe ACL claim utilizes MQTT topic wildcard matching rules for publishing or subscribing.\nA special syntax for the 'subscribe' action allows the use of `eq` for an exact match.\nFor instance, `eq t/#` permits or denies subscription to `t/#`, but not to `t/1`.",
+ "type" : "String",
+ "default" : "acl"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-verify_claims",
+ "text" : "verify_claims",
+ "doc" : "A list of custom claims to validate. The allowed formats are the following:\nA map where claim names are map keys and expected values are map values:\n { claim_name = \"${username}\", ...}.\n\nA list of maps with name (claim name) and value (expected claim value) keys:\n [{name = \"claim_name\", value = \"${username}\"}, ...].\n\nValues can use the following placeholders:\n- ${username}: Will be replaced at runtime with Username used by the client when connecting\n- ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting\n\nAuthentication will verify that the value of claims in the JWT (taken from the Password field) matches what is required in verify_claims.",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-disconnect_after_expire",
+ "text" : "disconnect_after_expire",
+ "doc" : "Disconnect the client after the token expires.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-from",
+ "text" : "from",
+ "doc" : "Field to take JWT from.",
+ "type" : "Enum(username,password)",
+ "default" : "password"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "jwt_jwks",
+ "doc" : "Configuration when JWTs used for authentication need to be fetched from the JWKS endpoint."
+ },
+ {
+ "hash" : "T-authentication-S-scram",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"scram\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"built_in_database\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram-algorithm",
+ "text" : "algorithm",
+ "doc" : "Hashing algorithm.",
+ "type" : "Enum(sha256,sha512)",
+ "default" : "sha256"
+ },
+ {
+ "hash" : "V-authentication-S-scram-iteration_count",
+ "text" : "iteration_count",
+ "doc" : "Iteration count.",
+ "type" : "Integer(0..+inf)",
+ "default" : "4096"
+ },
+ {
+ "hash" : "V-authentication-S-scram-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "scram",
+ "doc" : "Settings for Salted Challenge Response Authentication Mechanism\n(SCRAM) authentication."
+ },
+ {
+ "hash" : "T-authentication-S-ldap",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-ldap-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"ldap\")"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-query_timeout",
+ "text" : "query_timeout",
+ "doc" : "Timeout for the LDAP query.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-ldap-acl_ttl_attribute",
+ "text" : "acl_ttl_attribute",
+ "doc" : "Indicates which attribute is used to represent the ACL TTL.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-publish_attribute",
+ "text" : "publish_attribute",
+ "doc" : "Indicates which attribute is used to represent the allowed topics list of the `publish`.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-subscribe_attribute",
+ "text" : "subscribe_attribute",
+ "doc" : "Indicates which attribute is used to represent the allowed topics list of the `subscribe`.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-all_attribute",
+ "text" : "all_attribute",
+ "doc" : "Indicates which attribute is used to represent the both allowed topics list of `publish` and `subscribe`.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-acl_rule_attribute",
+ "text" : "acl_rule_attribute",
+ "doc" : "Indicates which attribute is used to represent the JSON-encoded ACL rules.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-base_dn",
+ "text" : "base_dn",
+ "doc" : "The name of the base object entry (or possibly the root) relative to\nwhich the Search is to be performed.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-filter",
+ "text" : "filter",
+ "doc" : "The filter that defines the conditions that must be fulfilled in order\nfor the Search to match a given entry.
\nThe syntax of the filter follows RFC 4515 and also supports placeholders.",
+ "type" : "String",
+ "default" : "\"(objectClass=mqttUser)\""
+ },
+ {
+ "hash" : "V-authentication-S-ldap-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-ldap-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe LDAP default port 389 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "Sets the maximum time in milliseconds that is used for each individual request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-ldap-ssl-S-ssl",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl",
+ "doc" : "SSL connection settings."
+ }
+ ],
+ "hash" : "V-authentication-S-ldap-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-ldap-method-S-hash_method",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-ldap-method-S-hash_method-type",
+ "text" : "type",
+ "doc" : "Authentication method type.",
+ "type" : "Enum(hash)",
+ "default" : "hash"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-method-S-hash_method-password_attribute",
+ "text" : "password_attribute",
+ "doc" : "Indicates which attribute is used to represent the user's password.",
+ "type" : "String",
+ "default" : "userPassword"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-method-S-hash_method-is_superuser_attribute",
+ "text" : "is_superuser_attribute",
+ "doc" : "Indicates which attribute is used to represent whether the user is a superuser.",
+ "type" : "String",
+ "default" : "isSuperuser"
+ }
+ ],
+ "text" : "hash_method",
+ "doc" : "Authenticate by comparing the hashed password which was provided by the `password attribute`."
+ },
+ {
+ "hash" : "T-authentication-S-ldap-method-S-bind_method",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-ldap-method-S-bind_method-type",
+ "text" : "type",
+ "doc" : "Authentication method type.",
+ "type" : "Enum(bind)",
+ "default" : "bind"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-method-S-bind_method-is_superuser_attribute",
+ "text" : "is_superuser_attribute",
+ "doc" : "Indicates which attribute is used to represent whether the user is a superuser.",
+ "type" : "String",
+ "default" : "isSuperuser"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-method-S-bind_method-bind_password",
+ "text" : "bind_password",
+ "doc" : "The template for password to bind.",
+ "type" : "String",
+ "default" : "\"${password}\""
+ }
+ ],
+ "text" : "bind_method",
+ "doc" : "Authenticate by the LDAP bind operation."
+ }
+ ],
+ "hash" : "V-authentication-S-ldap-method",
+ "text" : "method",
+ "doc" : "Authentication method.",
+ "type" : "OneOf(Struct(hash_method),Struct(bind_method))"
+ }
+ ],
+ "text" : "ldap",
+ "doc" : "Configuration of authenticator using LDAP as authentication data source."
+ },
+ {
+ "hash" : "T-authentication-S-gcp_device",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-gcp_device-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"gcp_device\")"
+ },
+ {
+ "hash" : "V-authentication-S-gcp_device-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "gcp_device",
+ "doc" : "Configuration of authenticator using GCP Device as authentication data source."
+ },
+ {
+ "hash" : "T-authentication-S-scram_restapi_get",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-method",
+ "text" : "method",
+ "doc" : "HTTP request method.",
+ "type" : "String(\"get\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP headers (without content-type).",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"scram\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"http\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-algorithm",
+ "text" : "algorithm",
+ "doc" : "Hashing algorithm.",
+ "type" : "Enum(sha256,sha512)",
+ "default" : "sha256"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-iteration_count",
+ "text" : "iteration_count",
+ "doc" : "Iteration count.",
+ "type" : "Integer(0..+inf)",
+ "default" : "4096"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-url",
+ "text" : "url",
+ "doc" : "URL of the HTTP server.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-body",
+ "text" : "body",
+ "doc" : "HTTP request body.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-max_retries",
+ "text" : "max_retries",
+ "doc" : "Deprecated since 5.0.4.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-scram_restapi_get-request-S-request",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request-S-request-method",
+ "text" : "method",
+ "doc" : "HTTP method.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request-S-request-path",
+ "text" : "path",
+ "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request-S-request-body",
+ "text" : "body",
+ "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request-S-request-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP headers.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request-S-request-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry times if error on sending request.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request-S-request-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "request",
+ "doc" : ""
+ }
+ ],
+ "hash" : "V-authentication-S-scram_restapi_get-request",
+ "text" : "request",
+ "doc" : "Configure HTTP request parameters.",
+ "type" : "Struct(request)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-scram_restapi_get-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "scram_restapi_get",
+ "doc" : "Configuration of authenticator using HTTP Server as authentication service (Using GET request)."
+ },
+ {
+ "hash" : "T-authentication-S-scram_restapi_post",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-method",
+ "text" : "method",
+ "doc" : "HTTP request method.",
+ "type" : "String(\"post\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP Headers.",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"scram\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"http\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-algorithm",
+ "text" : "algorithm",
+ "doc" : "Hashing algorithm.",
+ "type" : "Enum(sha256,sha512)",
+ "default" : "sha256"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-iteration_count",
+ "text" : "iteration_count",
+ "doc" : "Iteration count.",
+ "type" : "Integer(0..+inf)",
+ "default" : "4096"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-url",
+ "text" : "url",
+ "doc" : "URL of the HTTP server.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-body",
+ "text" : "body",
+ "doc" : "HTTP request body.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-max_retries",
+ "text" : "max_retries",
+ "doc" : "Deprecated since 5.0.4.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-scram_restapi_post-request-S-request",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request-S-request-method",
+ "text" : "method",
+ "doc" : "HTTP method.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request-S-request-path",
+ "text" : "path",
+ "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request-S-request-body",
+ "text" : "body",
+ "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request-S-request-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP headers.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request-S-request-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry times if error on sending request.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request-S-request-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "request",
+ "doc" : ""
+ }
+ ],
+ "hash" : "V-authentication-S-scram_restapi_post-request",
+ "text" : "request",
+ "doc" : "Configure HTTP request parameters.",
+ "type" : "Struct(request)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-scram_restapi_post-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "scram_restapi_post",
+ "doc" : "Configuration of authenticator using HTTP Server as authentication service (Using POST request)."
+ },
+ {
+ "hash" : "T-authentication-S-kerberos",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-kerberos-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-kerberos-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"gssapi\")"
+ },
+ {
+ "hash" : "V-authentication-S-kerberos-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"kerberos\")"
+ },
+ {
+ "hash" : "V-authentication-S-kerberos-principal",
+ "text" : "principal",
+ "doc" : "Server Kerberos principal.\nFor example mqtt/emqx-cluster-1.example.com@MY_REALM.EXAMPLE.COM.\nNOTE: The realm in use has to be configured in /etc/krb5.conf in EMQX nodes.",
+ "type" : "String"
+ }
+ ],
+ "text" : "kerberos",
+ "doc" : "Settings for Kerberos authentication."
+ },
+ {
+ "hash" : "T-authentication-S-cinfo",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-cinfo-mechanism",
+ "text" : "mechanism",
+ "doc" : "Authentication mechanism.",
+ "type" : "String(\"cinfo\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-cinfo-checks-S-cinfo_check",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-cinfo-checks-S-cinfo_check-is_match",
+ "text" : "is_match",
+ "doc" : "One Variform expression or an array of expressions to evaluate with a set of pre-bound variables derived from the client information.\nSupported variables:\n- `username`: the username of the client.\n- `password`: the password of the client.\n- `clientid`: the client ID of the client.\n- `client_attrs.*`: the client attributes of the client.\n- `peerhost`: the IP address of the client.\n- `cert_subject`: the subject of the TLS certificate.\n- `cert_common_name`: the issuer of the TLS certificate.\n- `zone`: the config zone associated with the listener from which the client is accepted.\n\nIf the expression(s) all yields the string value `'true'`, then the associated `result` is returned from this authenticator.\nIf any expression yields a value other than `'true'`, then the current check is skipped.\nFor example, to ensure client ID is always the same as TLS certificate CN, the expression can be `str_eq(clientid, cert_common_name)`.",
+ "type" : "OneOf(String,Array(String))"
+ },
+ {
+ "hash" : "V-authentication-S-cinfo-checks-S-cinfo_check-result",
+ "text" : "result",
+ "doc" : "The result to return if the match condition is `true`.\nSupported results:\n- `ignore`: defer the authentication to the next authenticator in the chain.\n- `allow`: allow the client to connect.\n- `deny`: deny the client to connect.",
+ "type" : "Enum(allow,deny,ignore)"
+ }
+ ],
+ "text" : "cinfo_check",
+ "doc" : "A check to perform on the client information.\nIt defines a match-condition and a result to return if the condition is `true`.\nIf all checks are skipped, the default result `ignore` is returned."
+ }
+ ],
+ "hash" : "V-authentication-S-cinfo-checks",
+ "text" : "checks",
+ "doc" : "A list of checks to perform on the client information.\nIf all checks are skipped, the default result `ignore` is returned.\nThe `ignore` result means to defer the authentication to the next authenticator in the chain.",
+ "type" : "Array(Struct(cinfo_check))"
+ },
+ {
+ "hash" : "V-authentication-S-cinfo-precondition",
+ "text" : "precondition",
+ "doc" : "A Variform expression to evaluate with a set of pre-bound variables derived from the client information.\n\nSupported variables:\n- `username`: The username of the client\n- `password`: The password of the client\n- `clientid`: The client ID of the client\n- `client_attrs.*`: The client attributes of the client\n- `cert_common_name`: The subject field from the client's TLS certificate\n- `cert_subject`: The common name (CN) from the client's TLS certificate\n- `peersni`: The SNI (Server Name Indication) sent by TLS client\n- `listener`: The listener ID (e.g. `tcp:default`)\n- `zone`: The associated config zone.\n\nThe expression must evaluate to a string value of 'true' for this authenticator to be invoked.\nIf the expression evaluates to any other value, this authenticator will be skipped.\n\nExamples:\n- Only invoke if the client is connected from listener `ssl:letsencryt`:\n `str_eq(listener, 'ssl:letsencryt')`\n- Skip if username is empty:\n `not(is_empty_val(username))`\n- Only invoke if password exists and zone is 'zone1':\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\nFind more information about Variform expressions in EMQX doc.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "cinfo",
+ "doc" : "Authenticate clients based on the client information such as username, client ID,\nclient attributes, and data extracted from TLS certificate."
+ }
+ ],
+ "hash" : "V-authentication",
+ "text" : "authentication",
+ "doc" : "Default authentication configs for all MQTT listeners.\n\nFor per-listener overrides see authentication in listener configs\n\nThis option can be configured with:\n\n []: The default value, it allows *ALL* logins- one: For example
{enable:true,backend:\"built_in_database\",mechanism=\"password_based\"} \n - chain: An array of structs.
\n
\n\nWhen a chain is configured, the login credentials are checked against the backends per the configured order, until an 'allow' or 'deny' decision can be made.\n\nIf there is no decision after a full chain exhaustion, the login is rejected.",
+ "type" : "Array(OneOf(Struct(builtin_db),Struct(mysql),Struct(postgresql),Struct(mongo_single),Struct(mongo_rs),Struct(mongo_sharded),Struct(redis_single),Struct(redis_cluster),Struct(redis_sentinel),Struct(http_get),Struct(http_post),Struct(jwt_hmac),Struct(jwt_public_key),Struct(jwt_jwks),Struct(scram),Struct(ldap),Struct(gcp_device),Struct(scram_restapi_get),Struct(scram_restapi_post),Struct(kerberos),Struct(cinfo)))",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication_settings-S-settings",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication_settings-S-settings-node_cache-S-config",
+ "fields" : [
+ {
+ "hash" : "V-authentication_settings-S-settings-node_cache-S-config-enable",
+ "text" : "enable",
+ "doc" : "Enable or disable the cache.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication_settings-S-settings-node_cache-S-config-cache_ttl",
+ "text" : "cache_ttl",
+ "doc" : "Time after which the cached authentication/authorization result will expire.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"1m\""
+ },
+ {
+ "hash" : "V-authentication_settings-S-settings-node_cache-S-config-max_count",
+ "text" : "max_count",
+ "doc" : "Maximum number of cached results.",
+ "type" : "OneOf(String(\"unlimited\"),Integer(0..+inf))",
+ "default" : "1000000"
+ },
+ {
+ "hash" : "V-authentication_settings-S-settings-node_cache-S-config-max_memory",
+ "text" : "max_memory",
+ "doc" : "Maximum memory usage of the cache.",
+ "type" : "OneOf(String(\"unlimited\"),Bytesize)",
+ "default" : "\"100MB\""
+ }
+ ],
+ "text" : "config",
+ "doc" : "Configuration of authentication/authorization cache."
+ }
+ ],
+ "hash" : "V-authentication_settings-S-settings-node_cache",
+ "text" : "node_cache",
+ "type" : "Struct(config)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "settings",
+ "doc" : "Global settings for authentication"
+ }
+ ],
+ "hash" : "V-authentication_settings",
+ "text" : "authentication_settings",
+ "doc" : "Authentication global settings.",
+ "type" : "Struct(settings)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-no_match",
+ "text" : "no_match",
+ "doc" : "Default access control action if the user or client matches no ACL rules,\nor if no such user or client is found by the configurable authorization\nsources such as built_in_database, an HTTP API, or a query against PostgreSQL.\nFind more details in 'authorization.sources' config.",
+ "type" : "Enum(allow,deny)",
+ "default" : "allow"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-deny_action",
+ "text" : "deny_action",
+ "doc" : "The action when the authorization check rejects an operation.",
+ "type" : "Enum(ignore,disconnect)",
+ "default" : "ignore"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-cache-S-authz_cache",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-cache-S-authz_cache-max_size",
+ "text" : "max_size",
+ "doc" : "Maximum number of cached items.",
+ "type" : "Integer(1..1048576)",
+ "default" : "32"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-cache-S-authz_cache-ttl",
+ "text" : "ttl",
+ "doc" : "Time to live for the cached data.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"1m\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-cache-S-authz_cache-excludes",
+ "text" : "excludes",
+ "doc" : "Exclude caching ACL check results for topics matching the given patterns.",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "authz_cache",
+ "doc" : "Settings for the authorization cache."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-cache",
+ "text" : "cache",
+ "type" : "Struct(authz_cache)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-file",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-file-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"file\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-file-path",
+ "text" : "path",
+ "doc" : "Path to the file which contains the ACL rules.\nIf the file provisioned before starting EMQX node,\nit can be placed anywhere as long as EMQX has read access to it.\nThat is, EMQX will treat it as read only.\n\nIn case the rule-set is created or updated from EMQX Dashboard or HTTP API,\na new file will be created and placed in `authz` subdirectory inside EMQX's `data_dir`,\nand the old file will not be used anymore.",
+ "type" : "String"
+ }
+ ],
+ "text" : "file",
+ "doc" : "Authorization using a static file."
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-builtin_db",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-builtin_db-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"built_in_database\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-builtin_db-max_rules",
+ "text" : "max_rules",
+ "doc" : "Maximum number of rules per client/user. Note that performance may decrease as number of rules increases.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ }
+ ],
+ "text" : "builtin_db",
+ "doc" : "Authorization using a built-in database (mnesia)."
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-http_get",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"http\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-url",
+ "text" : "url",
+ "doc" : "URL of the auth server.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.",
+ "type" : "String",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-body",
+ "text" : "body",
+ "doc" : "HTTP request body.",
+ "type" : "Map($name->String)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-max_retries",
+ "text" : "max_retries",
+ "doc" : "Deprecated since 5.0.4.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-http_get-request-S-request",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-method",
+ "text" : "method",
+ "doc" : "HTTP method.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-path",
+ "text" : "path",
+ "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-body",
+ "text" : "body",
+ "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP headers.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry times if error on sending request.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "request",
+ "doc" : ""
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request",
+ "text" : "request",
+ "doc" : "Configure HTTP request parameters.",
+ "type" : "Struct(request)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-method",
+ "text" : "method",
+ "doc" : "HTTP method.",
+ "type" : "String(\"get\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP headers (without content-type).",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}"
+ }
+ ],
+ "text" : "http_get",
+ "doc" : "Authorization using an external HTTP server (via GET requests)."
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-http_post",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"http\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-url",
+ "text" : "url",
+ "doc" : "URL of the auth server.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.",
+ "type" : "String",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-body",
+ "text" : "body",
+ "doc" : "HTTP request body.",
+ "type" : "Map($name->String)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-max_retries",
+ "text" : "max_retries",
+ "doc" : "Deprecated since 5.0.4.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-http_post-request-S-request",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-method",
+ "text" : "method",
+ "doc" : "HTTP method.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-path",
+ "text" : "path",
+ "doc" : "URL path.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-body",
+ "text" : "body",
+ "doc" : "HTTP request body.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP headers.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry times if error on sending request.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "request",
+ "doc" : ""
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request",
+ "text" : "request",
+ "doc" : "Configure HTTP request parameters.",
+ "type" : "Struct(request)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-method",
+ "text" : "method",
+ "doc" : "HTTP method.",
+ "type" : "String(\"post\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP Headers.",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}"
+ }
+ ],
+ "text" : "http_post",
+ "doc" : "Authorization using an external HTTP server (via POST requests)."
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-redis_single",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"redis\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-redis_type",
+ "text" : "redis_type",
+ "doc" : "Single mode. Must be set to 'single' when Redis server is running in single mode.",
+ "type" : "String(\"single\")",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-database",
+ "text" : "database",
+ "doc" : "Redis database ID.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-cmd",
+ "text" : "cmd",
+ "doc" : "Database query used to retrieve authorization data.",
+ "type" : "String"
+ }
+ ],
+ "text" : "redis_single",
+ "doc" : "Authorization using a single Redis instance."
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-redis_sentinel",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"redis\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-servers",
+ "text" : "servers",
+ "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-redis_type",
+ "text" : "redis_type",
+ "doc" : "Sentinel mode. Must be set to 'sentinel' when Redis server is running in sentinel mode.",
+ "type" : "String(\"sentinel\")",
+ "default" : "sentinel"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-sentinel",
+ "text" : "sentinel",
+ "doc" : "The cluster name in Redis sentinel mode.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-database",
+ "text" : "database",
+ "doc" : "Redis database ID.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-cmd",
+ "text" : "cmd",
+ "doc" : "Database query used to retrieve authorization data.",
+ "type" : "String"
+ }
+ ],
+ "text" : "redis_sentinel",
+ "doc" : "Authorization using a Redis Sentinel."
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-redis_cluster",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"redis\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-servers",
+ "text" : "servers",
+ "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-redis_type",
+ "text" : "redis_type",
+ "doc" : "Cluster mode. Must be set to 'cluster' when Redis server is running in clustered mode.",
+ "type" : "String(\"cluster\")",
+ "default" : "cluster"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-cmd",
+ "text" : "cmd",
+ "doc" : "Database query used to retrieve authorization data.",
+ "type" : "String"
+ }
+ ],
+ "text" : "redis_cluster",
+ "doc" : "Authorization using a Redis cluster."
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mysql",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"mysql\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MySQL default port 3306 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String",
+ "default" : "root"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-prepare_statement",
+ "text" : "prepare_statement",
+ "doc" : "Key-value list of SQL prepared statements.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-query",
+ "text" : "query",
+ "doc" : "Database query used to retrieve authorization data.",
+ "type" : "String"
+ }
+ ],
+ "text" : "mysql",
+ "doc" : "Authorization using a MySQL database."
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-postgresql",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"postgresql\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-disable_prepared_statements",
+ "text" : "disable_prepared_statements",
+ "doc" : "Disables the usage of prepared statements in the connections.\nSome endpoints, like PGBouncer or Supabase in Transaction mode, do not\nsupport session features such as prepared statements. For such connections,\nthis option should be enabled.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-prepare_statement",
+ "text" : "prepare_statement",
+ "doc" : "Key-value list of SQL prepared statements.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-query",
+ "text" : "query",
+ "doc" : "Database query used to retrieve authorization data.",
+ "type" : "String"
+ }
+ ],
+ "text" : "postgresql",
+ "doc" : "Authorization using a PostgreSQL database."
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_single",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"mongodb\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-collection",
+ "text" : "collection",
+ "doc" : "`MongoDB` collection containing the authorization data.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-filter",
+ "text" : "filter",
+ "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders
\n - ${username}: Will be replaced at runtime with Username used by the client when connecting
\n - ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-limit",
+ "text" : "limit",
+ "doc" : "Limit the number of records to fetch.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-skip",
+ "text" : "skip",
+ "doc" : "Number of authorization records to skip.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "Standalone instance. Must be set to 'single' when MongoDB server is running in standalone mode.",
+ "type" : "String(\"single\")",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-w_mode",
+ "text" : "w_mode",
+ "doc" : "Write mode.",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-srv_record",
+ "text" : "srv_record",
+ "doc" : "Use DNS SRV record.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-auth_source",
+ "text" : "auth_source",
+ "doc" : "Database name associated with the user's credentials.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_single-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "Topology of MongoDB."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mongo_single",
+ "doc" : "Authorization using a single MongoDB instance."
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_rs",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"mongodb\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-collection",
+ "text" : "collection",
+ "doc" : "`MongoDB` collection containing the authorization data.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-filter",
+ "text" : "filter",
+ "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders
\n - ${username}: Will be replaced at runtime with Username used by the client when connecting
\n - ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-limit",
+ "text" : "limit",
+ "doc" : "Limit the number of records to fetch.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-skip",
+ "text" : "skip",
+ "doc" : "Number of authorization records to skip.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "Replica set. Must be set to 'rs' when MongoDB server is running in 'replica set' mode.",
+ "type" : "String(\"rs\")",
+ "default" : "rs"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-servers",
+ "text" : "servers",
+ "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-w_mode",
+ "text" : "w_mode",
+ "doc" : "Write mode.",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-r_mode",
+ "text" : "r_mode",
+ "doc" : "Read mode.",
+ "type" : "Enum(master,slave_ok)",
+ "default" : "master"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-replica_set_name",
+ "text" : "replica_set_name",
+ "doc" : "Name of the replica set.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-srv_record",
+ "text" : "srv_record",
+ "doc" : "Use DNS SRV record.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-auth_source",
+ "text" : "auth_source",
+ "doc" : "Database name associated with the user's credentials.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "Topology of MongoDB."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mongo_rs",
+ "doc" : "Authorization using a MongoDB replica set."
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"mongodb\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-collection",
+ "text" : "collection",
+ "doc" : "`MongoDB` collection containing the authorization data.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-filter",
+ "text" : "filter",
+ "doc" : "Conditional expression that defines the filter condition in the query.\nFilter supports the following placeholders
\n - ${username}: Will be replaced at runtime with Username used by the client when connecting
\n - ${clientid}: Will be replaced at runtime with Client ID used by the client when connecting",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-limit",
+ "text" : "limit",
+ "doc" : "Limit the number of records to fetch.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-skip",
+ "text" : "skip",
+ "doc" : "Number of authorization records to skip.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "Sharded cluster. Must be set to 'sharded' when MongoDB server is running in 'sharded' mode.",
+ "type" : "String(\"sharded\")",
+ "default" : "sharded"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-servers",
+ "text" : "servers",
+ "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-w_mode",
+ "text" : "w_mode",
+ "doc" : "Write mode.",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-srv_record",
+ "text" : "srv_record",
+ "doc" : "Use DNS SRV record.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-auth_source",
+ "text" : "auth_source",
+ "doc" : "Database name associated with the user's credentials.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "Topology of MongoDB."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mongo_sharded",
+ "doc" : "Authorization using a sharded MongoDB cluster."
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-ldap",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"ldap\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-publish_attribute",
+ "text" : "publish_attribute",
+ "doc" : "Indicates which attribute is used to represent the allowed topics list of the `publish`.",
+ "type" : "String",
+ "default" : "mqttPublishTopic"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-subscribe_attribute",
+ "text" : "subscribe_attribute",
+ "doc" : "Indicates which attribute is used to represent the allowed topics list of the `subscribe`.",
+ "type" : "String",
+ "default" : "mqttSubscriptionTopic"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-all_attribute",
+ "text" : "all_attribute",
+ "doc" : "Indicates which attribute is used to represent the both allowed topics list of `publish` and `subscribe`.",
+ "type" : "String",
+ "default" : "mqttPubSubTopic"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-acl_rule_attribute",
+ "text" : "acl_rule_attribute",
+ "doc" : "Indicates which attribute is used to represent the JSON-encoded ACL rules.",
+ "type" : "String",
+ "default" : "mqttAclRule"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-query_timeout",
+ "text" : "query_timeout",
+ "doc" : "Timeout for the LDAP query.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-base_dn",
+ "text" : "base_dn",
+ "doc" : "The name of the base object entry (or possibly the root) relative to\nwhich the Search is to be performed.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-filter",
+ "text" : "filter",
+ "doc" : "The filter that defines the conditions that must be fulfilled in order\nfor the Search to match a given entry.
\nThe syntax of the filter follows RFC 4515 and also supports placeholders.",
+ "type" : "String",
+ "default" : "\"(objectClass=mqttUser)\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe LDAP default port 389 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "Sets the maximum time in milliseconds that is used for each individual request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-ldap-ssl-S-ssl",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl",
+ "doc" : "SSL connection settings."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "ldap",
+ "doc" : "LDAP Authorization settings"
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources",
+ "text" : "sources",
+ "doc" : "Authorization data sources.
\nAn array of authorization (ACL) data providers.\nIt is designed as an array, not a hash-map, so the sources can be\nordered to form a chain of access controls.
\n\nWhen authorizing a 'publish' or 'subscribe' action, the configured\nsources are checked in order. When checking an ACL source,\nin case the client (identified by username or client ID) is not found,\nit moves on to the next source. And it stops immediately\nonce an 'allow' or 'deny' decision is returned.
\n\nIf the client is not found in any of the sources,\nthe default action configured in 'authorization.no_match' is applied.
\n\nNOTE:\nThe source elements are identified by their 'type'.\nIt is NOT allowed to configure two or more sources of the same type.",
+ "type" : "Array(OneOf(Struct(file),Struct(builtin_db),Struct(http_get),Struct(http_post),Struct(redis_single),Struct(redis_sentinel),Struct(redis_cluster),Struct(mysql),Struct(postgresql),Struct(mongo_single),Struct(mongo_rs),Struct(mongo_sharded),Struct(ldap)))",
+ "default" : "[{enable = true, path = \"${EMQX_ETC_DIR}/acl.conf\", type = file}]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-node_cache-S-config",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-node_cache-S-config-enable",
+ "text" : "enable",
+ "doc" : "Enable or disable the cache.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-node_cache-S-config-cache_ttl",
+ "text" : "cache_ttl",
+ "doc" : "Time after which the cached authentication/authorization result will expire.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"1m\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-node_cache-S-config-max_count",
+ "text" : "max_count",
+ "doc" : "Maximum number of cached results.",
+ "type" : "OneOf(String(\"unlimited\"),Integer(0..+inf))",
+ "default" : "1000000"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-node_cache-S-config-max_memory",
+ "text" : "max_memory",
+ "doc" : "Maximum memory usage of the cache.",
+ "type" : "OneOf(String(\"unlimited\"),Bytesize)",
+ "default" : "\"100MB\""
+ }
+ ],
+ "text" : "config",
+ "doc" : "Configuration of authentication/authorization cache."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-node_cache",
+ "text" : "node_cache",
+ "type" : "Struct(config)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "authorization",
+ "doc" : "Settings that control client authorization."
+ }
+ ],
+ "hash" : "V-authorization",
+ "text" : "authorization",
+ "doc" : "Authorization a.k.a. ACL.
\nIn EMQX, MQTT client access control is extremely flexible.
\nAn out-of-the-box set of authorization data sources are supported.\nFor example,
\n'file' source is to support concise and yet generic ACL rules in a file;
\n'built_in_database' source can be used to store per-client customizable rule sets,\nnatively in the EMQX node;
\n'http' source to make EMQX call an external HTTP API to make the decision;
\n'PostgreSQL' etc. to look up clients or rules from external databases",
+ "type" : "Struct(authorization)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-node-S-node",
+ "fields" : [
+ {
+ "hash" : "V-node-S-node-name",
+ "text" : "name",
+ "doc" : "Unique name of the EMQX node. It must follow %name%@FQDN or\n%name%@IPv4 format.",
+ "type" : "String",
+ "default" : "\"emqx@127.0.0.1\""
+ },
+ {
+ "hash" : "V-node-S-node-cookie",
+ "text" : "cookie",
+ "doc" : "Secret cookie is a random string that should be the same on all nodes in\nthe given EMQX cluster, but unique per EMQX cluster. It is used to prevent EMQX nodes that\nbelong to different clusters from accidentally connecting to each other.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-node-S-node-max_ports",
+ "text" : "max_ports",
+ "doc" : "Maximum number of simultaneously open files and sockets for this Erlang system.\nFor more information, see: https://www.erlang.org/doc/man/erl.html",
+ "type" : "Integer(1024..134217727)",
+ "default" : "1048576"
+ },
+ {
+ "hash" : "V-node-S-node-dist_buffer_size",
+ "text" : "dist_buffer_size",
+ "doc" : "Erlang's distribution buffer busy limit in kilobytes.",
+ "type" : "Integer(1..2097151)",
+ "default" : "8192"
+ },
+ {
+ "hash" : "V-node-S-node-data_dir",
+ "text" : "data_dir",
+ "doc" : "Path to the persistent data directory.
\nPossible auto-created subdirectories are:
\n- `mnesia/`: EMQX's built-in database directory.
\nFor example, `mnesia/emqx@127.0.0.1`.
\nThere should be only one such subdirectory.
\nMeaning, in case the node is to be renamed (to e.g. `emqx@10.0.1.1`),
\nthe old dir should be deleted first.
\n- `configs`: Generated configs at boot time, and cluster/local override configs.
\n- `patches`: Hot-patch beam files are to be placed here.
\n- `trace`: Trace log files.
\n\n**NOTE**: One data dir cannot be shared by two or more EMQX nodes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-node-S-node-global_gc_interval",
+ "text" : "global_gc_interval",
+ "doc" : "Periodic garbage collection interval. Set to disabled to have it disabled.
\nOnly use this feature as a workaround if EMQX memory usage keeps growing and significantly exceeds normal levels, and manual garbage collection can indeed release a large amount of memory.",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-node-S-node-role",
+ "aliases" : [
+ "db_role"
+ ],
+ "text" : "role",
+ "doc" : "Select a node role.
\ncore nodes provide durability of the data, and take care of writes.\nIt is recommended to place core nodes in different racks or different availability zones.
\nreplicant nodes are ephemeral worker nodes. Removing them from the cluster\ndoesn't affect database redundancy
\nIt is recommended to have more replicant nodes than core nodes.
\nNote: this parameter only takes effect when the backend is set\nto rlog.",
+ "type" : "Enum(core,replicant)",
+ "default" : "core"
+ }
+ ],
+ "text" : "node",
+ "doc" : "Node name, cookie, config & data directories and the Erlang virtual machine (BEAM) boot parameters."
+ }
+ ],
+ "hash" : "V-node",
+ "text" : "node",
+ "type" : "Struct(node)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-name",
+ "text" : "name",
+ "doc" : "Human-friendly name of the EMQX cluster.",
+ "type" : "String",
+ "default" : "emqxcl"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-discovery_strategy",
+ "text" : "discovery_strategy",
+ "doc" : "Service discovery method for the cluster nodes. Possible values are:\n- manual: Use emqx ctl cluster command to manage cluster.
\n- static: Configure static nodes list by setting seeds in config file.
\n- dns: Use DNS A record to discover peer nodes.
\n- etcd: Use etcd to discover peer nodes.
\n- k8s: Use Kubernetes API to discover peer pods.",
+ "type" : "Enum(manual,static,singleton,dns,etcd,k8s)",
+ "default" : "manual"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-autoclean",
+ "text" : "autoclean",
+ "doc" : "Remove disconnected nodes from the cluster after this interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"24h\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-autoheal",
+ "text" : "autoheal",
+ "doc" : "If true, the node will try to heal network partitions automatically.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-proto_dist",
+ "text" : "proto_dist",
+ "doc" : "The Erlang distribution protocol for the cluster.
\n- inet_tcp: IPv4 TCP
\n- inet_tls: IPv4 TLS, works together with etc/ssl_dist.conf
\n- inet6_tcp: IPv6 TCP
\n- inet6_tls: IPv6 TLS, works together with etc/ssl_dist.conf",
+ "type" : "Enum(inet_tcp,inet6_tcp,inet_tls,inet6_tls)",
+ "default" : "inet_tcp"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-static-S-cluster_static",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-static-S-cluster_static-seeds",
+ "text" : "seeds",
+ "doc" : "List EMQX node names in the static cluster. See node.name.",
+ "type" : "OneOf(String,Array(String))",
+ "default" : "[]"
+ }
+ ],
+ "text" : "cluster_static",
+ "doc" : "Service discovery via static nodes.\nThe new node joins the cluster by connecting to one of the bootstrap nodes."
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-static",
+ "text" : "static",
+ "type" : "Struct(cluster_static)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-dns-S-cluster_dns",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-dns-S-cluster_dns-name",
+ "text" : "name",
+ "doc" : "The domain name from which to discover peer EMQX nodes' IP addresses.\nApplicable when cluster.discovery_strategy = dns",
+ "type" : "String",
+ "default" : "localhost"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-dns-S-cluster_dns-record_type",
+ "text" : "record_type",
+ "doc" : "DNS record type.",
+ "type" : "Enum(a,aaaa,srv)",
+ "default" : "a"
+ }
+ ],
+ "text" : "cluster_dns",
+ "doc" : "Service discovery via DNS SRV records."
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-dns",
+ "text" : "dns",
+ "type" : "Struct(cluster_dns)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-etcd-S-cluster_etcd",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-server",
+ "text" : "server",
+ "doc" : "List of endpoint URLs of the etcd cluster",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-prefix",
+ "text" : "prefix",
+ "doc" : "Key prefix used for EMQX service discovery.",
+ "type" : "String",
+ "default" : "emqxcl"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-node_ttl",
+ "text" : "node_ttl",
+ "doc" : "Expiration time of the etcd key associated with the node.\nIt is refreshed automatically, as long as the node is alive.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"1m\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options",
+ "aliases" : [
+ "ssl"
+ ],
+ "text" : "ssl_options",
+ "doc" : "Options for the TLS connection to the etcd cluster.",
+ "type" : "Struct(ssl_client_opts)"
+ }
+ ],
+ "text" : "cluster_etcd",
+ "doc" : "Service discovery using 'etcd' service."
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-etcd",
+ "text" : "etcd",
+ "type" : "Struct(cluster_etcd)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-k8s-S-cluster_k8s",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-apiserver",
+ "text" : "apiserver",
+ "doc" : "Kubernetes API endpoint URL.",
+ "type" : "String",
+ "default" : "\"https://kubernetes.default.svc:443\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-service_name",
+ "text" : "service_name",
+ "doc" : "EMQX broker service name.",
+ "type" : "String",
+ "default" : "emqx"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-address_type",
+ "text" : "address_type",
+ "doc" : "Address type used for connecting to the discovered nodes.\nSetting cluster.k8s.address_type to ip will\nmake EMQX to discover IP addresses of peer nodes from Kubernetes API.",
+ "type" : "Enum(ip,dns,hostname)",
+ "default" : "ip"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-namespace",
+ "text" : "namespace",
+ "doc" : "Kubernetes namespace.",
+ "type" : "String",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-suffix",
+ "text" : "suffix",
+ "doc" : "Node name suffix.
\nNote: this parameter is only relevant when address_type is dns\nor hostname.",
+ "type" : "String",
+ "default" : "\"pod.local\""
+ }
+ ],
+ "text" : "cluster_k8s",
+ "doc" : "Service discovery via Kubernetes API server."
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-k8s",
+ "text" : "k8s",
+ "type" : "Struct(cluster_k8s)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-links-S-link",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-name",
+ "text" : "name",
+ "doc" : "Linked (remote) cluster name. Must be exactly equal to the value of `cluster.name` configured at the remote cluster. Must not be equal to the local cluster.name. All configured cluster link names must be unique.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-server",
+ "text" : "server",
+ "doc" : "MQTT host and port of the remote EMQX broker.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-clientid",
+ "text" : "clientid",
+ "doc" : "Optional Base MQTT client ID for connecting to the remote EMQX cluster. If omitted, local `cluster.name` is used. EMQX maintains several connections between linked clusters, so distinct suffixes are automatically appended to the base client ID.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-username",
+ "text" : "username",
+ "doc" : "Optional MQTT username for connecting to the remote EMQX cluster.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-password",
+ "text" : "password",
+ "doc" : "Optional MQTT username for connecting to the remote EMQX cluster.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl",
+ "text" : "ssl",
+ "doc" : "SSL configuration for connecting to the remote EMQX cluster.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-topics",
+ "text" : "topics",
+ "doc" : "MQTT topics to be forwarded by the linked remote EMQX broker to the local broker. Messages are only forwarded if the local EMQX broker has matching subscriber(s).\nWildcards are supported. Setting empty topics list on one side of the link can be used to establish unidirectional links: the side with the empty topics won't receive remote messages, but it can forward relevant messages to its linked counterpart (according to the topics configured on that side of the link).",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the pool of MQTT clients that will publish messages to the linked EMQX broker.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Delay for the MQTT bridge to retry sending the QoS1/QoS2 messages in case of ACK not received.",
+ "type" : "String",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "Max inflight (sent, but un-acked) messages of the MQTT protocol",
+ "type" : "Integer(0..+inf)",
+ "default" : "32"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-auto_restart_interval",
+ "text" : "auto_restart_interval",
+ "doc" : "Deprecated since 5.1.0.",
+ "type" : "OneOf(String(\"infinity\"),Duration)"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-enable_queue",
+ "text" : "enable_queue",
+ "doc" : "Deprecated since v5.0.14.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "creation_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(creation_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "link",
+ "doc" : "Cluster link configuration"
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-links",
+ "text" : "links",
+ "doc" : "The list of the linked EMQX clusters.",
+ "type" : "Array(Struct(link))",
+ "default" : "[]"
+ }
+ ],
+ "text" : "cluster",
+ "doc" : "EMQX nodes can form a cluster to scale up the total capacity.
\n Here holds the configs to instruct how individual nodes can discover each other."
+ }
+ ],
+ "hash" : "V-cluster",
+ "text" : "cluster",
+ "type" : "Struct(cluster)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-log-S-log",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-log-S-log-console-S-console_handler",
+ "fields" : [
+ {
+ "hash" : "V-log-S-log-console-S-console_handler-level",
+ "text" : "level",
+ "doc" : "The log level for the current log handler.\nDefaults to warning.",
+ "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)",
+ "default" : "warning"
+ },
+ {
+ "hash" : "V-log-S-log-console-S-console_handler-enable",
+ "text" : "enable",
+ "doc" : "Enable this log handler.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-log-S-log-console-S-console_handler-formatter",
+ "aliases" : [
+ "format"
+ ],
+ "text" : "formatter",
+ "doc" : "Choose log formatter. text for free text, and json for structured logging.",
+ "type" : "Enum(text,json)",
+ "default" : "text"
+ },
+ {
+ "hash" : "V-log-S-log-console-S-console_handler-timestamp_format",
+ "text" : "timestamp_format",
+ "doc" : "Pick a timestamp format:\n- `auto`: automatically choose the best format based on log formatter. `epoch` for JSON and `rfc3339` for text.\n- `epoch`: Unix epoch time in microseconds.\n- `rfc3339`: RFC3339 format.",
+ "type" : "Enum(auto,epoch,rfc3339)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-log-S-log-console-S-console_handler-time_offset",
+ "text" : "time_offset",
+ "doc" : "The time offset to be used when formatting the timestamp.\nCan be one of:\n - system: the time offset used by the local system\n - utc: the UTC time offset\n - +-[hh]:[mm]: user specified time offset, such as \"-02:00\" or \"+00:00\"\nDefaults to: system.\nThis config has no effect for when formatter is json as the timestamp in JSON is milliseconds since epoch.",
+ "type" : "String",
+ "default" : "system"
+ },
+ {
+ "hash" : "V-log-S-log-console-S-console_handler-payload_encode",
+ "text" : "payload_encode",
+ "doc" : "Determine the format of the payload format in the trace file.
\n`text`: Text-based protocol or plain text protocol.\n It is recommended when payload is JSON encoded.
\n`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.
\n`hidden`: payload is obfuscated as `******`",
+ "type" : "Enum(hex,text,hidden)",
+ "default" : "text"
+ }
+ ],
+ "text" : "console_handler",
+ "doc" : "Log handler that prints log events to the EMQX console."
+ }
+ ],
+ "hash" : "V-log-S-log-console",
+ "aliases" : [
+ "console_handler"
+ ],
+ "text" : "console",
+ "type" : "Struct(console_handler)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-log-S-log-file-S-log_file_handler",
+ "fields" : [
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-path",
+ "aliases" : [
+ "file",
+ "to"
+ ],
+ "text" : "path",
+ "doc" : "Name the log file.",
+ "type" : "String",
+ "default" : "\"${EMQX_LOG_DIR}/emqx.log\""
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-rotation_count",
+ "aliases" : [
+ "rotation"
+ ],
+ "text" : "rotation_count",
+ "doc" : "Maximum number of log files.",
+ "type" : "Integer(1..128)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-rotation_size",
+ "aliases" : [
+ "max_size"
+ ],
+ "text" : "rotation_size",
+ "doc" : "This parameter controls log file rotation. The value `infinity` means the log file will grow indefinitely, otherwise the log file will be rotated once it reaches `rotation_size` in bytes.",
+ "type" : "OneOf(String(\"infinity\"),Bytesize)",
+ "default" : "\"50MB\""
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-level",
+ "text" : "level",
+ "doc" : "The log level for the current log handler.\nDefaults to warning.",
+ "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)",
+ "default" : "warning"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-formatter",
+ "aliases" : [
+ "format"
+ ],
+ "text" : "formatter",
+ "doc" : "Choose log formatter. text for free text, and json for structured logging.",
+ "type" : "Enum(text,json)",
+ "default" : "text"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-timestamp_format",
+ "text" : "timestamp_format",
+ "doc" : "Pick a timestamp format:\n- `auto`: automatically choose the best format based on log formatter. `epoch` for JSON and `rfc3339` for text.\n- `epoch`: Unix epoch time in microseconds.\n- `rfc3339`: RFC3339 format.",
+ "type" : "Enum(auto,epoch,rfc3339)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-time_offset",
+ "text" : "time_offset",
+ "doc" : "The time offset to be used when formatting the timestamp.\nCan be one of:\n - system: the time offset used by the local system\n - utc: the UTC time offset\n - +-[hh]:[mm]: user specified time offset, such as \"-02:00\" or \"+00:00\"\nDefaults to: system.\nThis config has no effect for when formatter is json as the timestamp in JSON is milliseconds since epoch.",
+ "type" : "String",
+ "default" : "system"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-payload_encode",
+ "text" : "payload_encode",
+ "doc" : "Determine the format of the payload format in the trace file.
\n`text`: Text-based protocol or plain text protocol.\n It is recommended when payload is JSON encoded.
\n`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.
\n`hidden`: payload is obfuscated as `******`",
+ "type" : "Enum(hex,text,hidden)",
+ "default" : "text"
+ }
+ ],
+ "text" : "log_file_handler",
+ "doc" : "Log handler that prints log events to files."
+ },
+ {
+ "hash" : "T-log-S-log-file-S-log_file_handler",
+ "fields" : [
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-path",
+ "aliases" : [
+ "file",
+ "to"
+ ],
+ "text" : "path",
+ "doc" : "Name the log file.",
+ "type" : "String",
+ "default" : "\"${EMQX_LOG_DIR}/emqx.log\""
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-rotation_count",
+ "aliases" : [
+ "rotation"
+ ],
+ "text" : "rotation_count",
+ "doc" : "Maximum number of log files.",
+ "type" : "Integer(1..128)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-rotation_size",
+ "aliases" : [
+ "max_size"
+ ],
+ "text" : "rotation_size",
+ "doc" : "This parameter controls log file rotation. The value `infinity` means the log file will grow indefinitely, otherwise the log file will be rotated once it reaches `rotation_size` in bytes.",
+ "type" : "OneOf(String(\"infinity\"),Bytesize)",
+ "default" : "\"50MB\""
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-level",
+ "text" : "level",
+ "doc" : "The log level for the current log handler.\nDefaults to warning.",
+ "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)",
+ "default" : "warning"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-formatter",
+ "aliases" : [
+ "format"
+ ],
+ "text" : "formatter",
+ "doc" : "Choose log formatter. text for free text, and json for structured logging.",
+ "type" : "Enum(text,json)",
+ "default" : "text"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-timestamp_format",
+ "text" : "timestamp_format",
+ "doc" : "Pick a timestamp format:\n- `auto`: automatically choose the best format based on log formatter. `epoch` for JSON and `rfc3339` for text.\n- `epoch`: Unix epoch time in microseconds.\n- `rfc3339`: RFC3339 format.",
+ "type" : "Enum(auto,epoch,rfc3339)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-time_offset",
+ "text" : "time_offset",
+ "doc" : "The time offset to be used when formatting the timestamp.\nCan be one of:\n - system: the time offset used by the local system\n - utc: the UTC time offset\n - +-[hh]:[mm]: user specified time offset, such as \"-02:00\" or \"+00:00\"\nDefaults to: system.\nThis config has no effect for when formatter is json as the timestamp in JSON is milliseconds since epoch.",
+ "type" : "String",
+ "default" : "system"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-payload_encode",
+ "text" : "payload_encode",
+ "doc" : "Determine the format of the payload format in the trace file.
\n`text`: Text-based protocol or plain text protocol.\n It is recommended when payload is JSON encoded.
\n`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.
\n`hidden`: payload is obfuscated as `******`",
+ "type" : "Enum(hex,text,hidden)",
+ "default" : "text"
+ }
+ ],
+ "text" : "log_file_handler",
+ "doc" : "Log handler that prints log events to files."
+ }
+ ],
+ "hash" : "V-log-S-log-file",
+ "aliases" : [
+ "file_handlers"
+ ],
+ "text" : "file",
+ "doc" : "File-based log handlers.",
+ "type" : "OneOf(Struct(log_file_handler),Map($handler_name->Struct(log_file_handler)))",
+ "default" : "{level = warning}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-log-S-log-throttling-S-log_throttling",
+ "fields" : [
+ {
+ "hash" : "V-log-S-log-throttling-S-log_throttling-time_window",
+ "text" : "time_window",
+ "doc" : "This configuration setting controls the logging behavior for throttled messages,\nincluding, but not limited to messages like 'authorization_permission_denied'.\nWithin each defined time window, only one instance of a throttled message will be logged to prevent log flooding.\nAt the conclusion of each time window, a summary log will be generated, detailing the occurrence of any throttled messages during that period.\nIt's important to note that the shortest effective time window for this setting is 1 second (`1s`).\nShould a value lower than `1s` be specified, it will automatically be adjusted to `1s`.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"1m\""
+ }
+ ],
+ "text" : "log_throttling",
+ "doc" : "Log throttling feature reduces the number of potentially flooding logged events by\ndropping all but the first event within a configured time window.\nThe throttling is automatically disabled if `console` or `file` log level is set to debug."
+ }
+ ],
+ "hash" : "V-log-S-log-throttling",
+ "text" : "throttling",
+ "type" : "Struct(log_throttling)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-log-S-log-audit-S-log_audit_handler",
+ "fields" : [
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-path",
+ "text" : "path",
+ "doc" : "Name the audit log file.",
+ "type" : "String",
+ "default" : "\"${EMQX_LOG_DIR}/audit.log\""
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-rotation_count",
+ "text" : "rotation_count",
+ "doc" : "Maximum number of log files.",
+ "type" : "Integer(1..128)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-rotation_size",
+ "text" : "rotation_size",
+ "doc" : "This parameter controls log file rotation. The value `infinity` means the log file will grow indefinitely, otherwise the log file will be rotated once it reaches `rotation_size` in bytes.",
+ "type" : "OneOf(String(\"infinity\"),Bytesize)",
+ "default" : "\"50MB\""
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-max_filter_size",
+ "text" : "max_filter_size",
+ "doc" : "Store the latest N log entries in a database for allow `/audit` HTTP API to filter and retrieval of log data.\nThe interval for purging redundant log records is maintained within a range of 10~20 seconds.",
+ "type" : "Integer(10..30000)",
+ "default" : "5000"
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-ignore_high_frequency_request",
+ "text" : "ignore_high_frequency_request",
+ "doc" : "Ignore high frequency requests to avoid flooding the audit log,\nsuch as publish/subscribe kick out http api requests are ignored.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-timestamp_format",
+ "text" : "timestamp_format",
+ "doc" : "Pick a timestamp format:\n- `auto`: automatically choose the best format based on log formatter. `epoch` for JSON and `rfc3339` for text.\n- `epoch`: Unix epoch time in microseconds.\n- `rfc3339`: RFC3339 format.",
+ "type" : "Enum(auto,epoch,rfc3339)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-time_offset",
+ "text" : "time_offset",
+ "doc" : "The time offset to be used when formatting the timestamp.\nCan be one of:\n - system: the time offset used by the local system\n - utc: the UTC time offset\n - +-[hh]:[mm]: user specified time offset, such as \"-02:00\" or \"+00:00\"\nDefaults to: system.\nThis config has no effect for when formatter is json as the timestamp in JSON is milliseconds since epoch.",
+ "type" : "String",
+ "default" : "system"
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-payload_encode",
+ "text" : "payload_encode",
+ "doc" : "Determine the format of the payload format in the trace file.
\n`text`: Text-based protocol or plain text protocol.\n It is recommended when payload is JSON encoded.
\n`hex`: Binary hexadecimal encode. It is recommended when payload is a custom binary protocol.
\n`hidden`: payload is obfuscated as `******`",
+ "type" : "Enum(hex,text,hidden)",
+ "default" : "text"
+ }
+ ],
+ "text" : "log_audit_handler",
+ "doc" : "Audit log handler that prints log events to files."
+ }
+ ],
+ "hash" : "V-log-S-log-audit",
+ "text" : "audit",
+ "doc" : "Audit file-based log handler.",
+ "type" : "Struct(log_audit_handler)",
+ "default" : "{enable = false, level = info}"
+ }
+ ],
+ "text" : "log",
+ "doc" : "EMQX supports multiple log handlers, one console handler and multiple file handlers.\nEMQX by default logs to console when running in docker or in console/foreground mode,\notherwise it logs to file `${EMQX_LOG_DIR}/emqx.log.N`.\nFor advanced configuration, you can find more parameters in this section."
+ }
+ ],
+ "hash" : "V-log",
+ "text" : "log",
+ "doc" : "EMQX provides support for two primary log handlers: `file` and `console`, with an additional `audit` handler specifically designed to always direct logs to files.\nThe system's default log handling behavior can be configured via the environment variable `EMQX_DEFAULT_LOG_HANDLER`, which accepts the following settings:\n\n- `file`: Directs log output exclusively to files.\n- `console`: Channels log output solely to the console.\n\nIt's noteworthy that `EMQX_DEFAULT_LOG_HANDLER` is set to `file` when EMQX is initiated via systemd's `emqx.service` file.\nIn scenarios outside systemd initiation, `console` serves as the default log handler.",
+ "type" : "Struct(log)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-rpc-S-rpc",
+ "fields" : [
+ {
+ "hash" : "V-rpc-S-rpc-mode",
+ "text" : "mode",
+ "doc" : "In sync mode the sending side waits for the ack from the receiving side.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-protocol",
+ "aliases" : [
+ "driver"
+ ],
+ "text" : "protocol",
+ "doc" : "Transport protocol used for inter-broker communication",
+ "type" : "Enum(tcp,ssl)",
+ "default" : "tcp"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-async_batch_size",
+ "text" : "async_batch_size",
+ "doc" : "The maximum number of batch messages sent in asynchronous mode.\n Note that this configuration does not work in synchronous mode.",
+ "type" : "Integer",
+ "default" : "256"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-port_discovery",
+ "text" : "port_discovery",
+ "doc" : "manual: discover ports by server_port.
\nstateless: discover ports in a stateless manner, using the following algorithm.\nIf node name is emqxN@127.0.0.1, where the N is an integer,\nthen the listening port will be 5370 + N.\nNOTE: when `port_discovery` is `manual`, `server_port` configuration has no effect.",
+ "type" : "Enum(manual,stateless)",
+ "default" : "stateless"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-server_port",
+ "aliases" : [
+ "tcp_server_port",
+ "ssl_server_port"
+ ],
+ "text" : "server_port",
+ "doc" : "Listening port used by RPC local service.
\nNote that this config only takes effect when rpc.port_discovery is set to manual.",
+ "type" : "Integer(1..+inf)",
+ "default" : "5369"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-client_num",
+ "aliases" : [
+ "tcp_client_num"
+ ],
+ "text" : "client_num",
+ "doc" : "Set the maximum number of RPC communication channels initiated by this node to each remote node.",
+ "type" : "Integer(1..256)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "Timeout for establishing an RPC connection.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-certfile",
+ "text" : "certfile",
+ "doc" : "Path to TLS certificate file used to validate identity of the cluster nodes.\nNote that this config only takes effect when rpc.driver is set to ssl.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-keyfile",
+ "text" : "keyfile",
+ "doc" : "Path to the private key file for the rpc.certfile.
\nNote: contents of this file are secret, so it's necessary to set permissions to 600.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Path to certification authority TLS certificate file used to validate rpc.certfile.
\nNote: certificates of all nodes in the cluster must be signed by the same CA.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "Timeout for sending the RPC request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-authentication_timeout",
+ "text" : "authentication_timeout",
+ "doc" : "Timeout for the remote node authentication.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-call_receive_timeout",
+ "text" : "call_receive_timeout",
+ "doc" : "Timeout for the reply to a synchronous RPC.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-socket_keepalive_idle",
+ "text" : "socket_keepalive_idle",
+ "doc" : "Corresponds to the `TCP_KEEPIDLE` socket option. The time (in seconds) the connection needs to remain idle before TCP starts sending keepalive probes.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"15m\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-socket_keepalive_interval",
+ "text" : "socket_keepalive_interval",
+ "doc" : "Corresponds to the `TCP_KEEPINTVL` socket option. The time (in seconds) between individual keepalive probes.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"75s\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-socket_keepalive_count",
+ "text" : "socket_keepalive_count",
+ "doc" : "Corresponds to the `TCP_KEEPCNT` socket option. The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end.",
+ "type" : "Integer",
+ "default" : "9"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-socket_sndbuf",
+ "text" : "socket_sndbuf",
+ "doc" : "TCP tuning parameters. TCP sending buffer size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-socket_recbuf",
+ "text" : "socket_recbuf",
+ "doc" : "TCP tuning parameters. TCP receiving buffer size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-socket_buffer",
+ "text" : "socket_buffer",
+ "doc" : "TCP tuning parameters. Socket buffer size in user mode.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-insecure_fallback",
+ "text" : "insecure_fallback",
+ "doc" : "Enable compatibility with old RPC authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-tls_versions",
+ "text" : "tls_versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-listen_address",
+ "text" : "listen_address",
+ "doc" : "Indicates the IP address for the RPC server to listen on. For example, use \"0.0.0.0\" for IPv4 or \"::\" for IPv6.",
+ "type" : "String",
+ "default" : "\"0.0.0.0\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-ipv6_only",
+ "text" : "ipv6_only",
+ "doc" : "This setting is effective only when rpc.listen_address is assigned an IPv6 address.\nIf set to true, the RPC client will exclusively use IPv6 for connections.\nOtherwise, the client might opt for IPv4, even if the server is on IPv6.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "rpc",
+ "doc" : "EMQX uses a library called gen_rpc for inter-broker communication.
\nMost of the time the default config should work,\nbut in case you need to do performance fine-tuning or experiment a bit,\nthis is where to look."
+ }
+ ],
+ "hash" : "V-rpc",
+ "text" : "rpc",
+ "type" : "Struct(rpc)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sys_topics-S-sys_topics",
+ "fields" : [
+ {
+ "hash" : "V-sys_topics-S-sys_topics-sys_msg_interval",
+ "text" : "sys_msg_interval",
+ "doc" : "Time interval for publishing following system messages:\n - `$SYS/brokers`\n - `$SYS/brokers//version`\n - `$SYS/brokers//sysdescr`\n - `$SYS/brokers//stats/`\n - `$SYS/brokers//metrics/`",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "\"1m\""
+ },
+ {
+ "hash" : "V-sys_topics-S-sys_topics-sys_heartbeat_interval",
+ "text" : "sys_heartbeat_interval",
+ "doc" : "Time interval for publishing following heartbeat messages:\n - `$SYS/brokers//uptime`\n - `$SYS/brokers//datetime`",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sys_topics-S-sys_topics-sys_event_messages-S-event_names",
+ "fields" : [
+ {
+ "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_connected",
+ "text" : "client_connected",
+ "doc" : "Enable to publish client connected event messages",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_disconnected",
+ "text" : "client_disconnected",
+ "doc" : "Enable to publish client disconnected event messages.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_subscribed",
+ "text" : "client_subscribed",
+ "doc" : "Enable to publish event message that client subscribed a topic successfully.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_unsubscribed",
+ "text" : "client_unsubscribed",
+ "doc" : "Enable to publish event message that client unsubscribed a topic successfully.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "event_names",
+ "doc" : "Enable or disable client lifecycle event publishing.\n\nThe following options affect MQTT clients as well as\ngateway clients. The types of the clients\nare distinguished by the topic prefix:\n\n- For the MQTT clients, the format is:\n`$SYS/broker//clients//`\n- For the Gateway clients, it is\n`$SYS/broker//gateway//clients//`\n"
+ }
+ ],
+ "hash" : "V-sys_topics-S-sys_topics-sys_event_messages",
+ "text" : "sys_event_messages",
+ "doc" : "Client events messages.",
+ "type" : "Struct(event_names)"
+ }
+ ],
+ "text" : "sys_topics",
+ "doc" : "The EMQX Broker periodically publishes its own status, message statistics,\nclient online and offline events to the system topic starting with `$SYS/`.\n\nThe following options control the behavior of `$SYS` topics."
+ }
+ ],
+ "hash" : "V-sys_topics",
+ "text" : "sys_topics",
+ "doc" : "System topics configuration.",
+ "type" : "Struct(sys_topics)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-force_shutdown-S-force_shutdown",
+ "fields" : [
+ {
+ "hash" : "V-force_shutdown-S-force_shutdown-max_mailbox_size",
+ "aliases" : [
+ "max_message_queue_len"
+ ],
+ "text" : "max_mailbox_size",
+ "doc" : "EMQX creates at least one lightweight process for each client connection.\n\nEach process has its own message queue (aka mailbox) to hold messages from other processes (e.g. MQTT messages) so that the process can read messages from the message queue (mailbox) at any time.\n\nIf the system is busy or the process hangs due to a busy socket (see `high_watermark`), the message queue can accumulate many messages.\n\nTo avoid excessive memory usage, EMQX will force a process to shut down when the length of its message queue exceeds `max_mailbox_size`.",
+ "type" : "Integer(0..inf)",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-force_shutdown-S-force_shutdown-max_heap_size",
+ "text" : "max_heap_size",
+ "doc" : "The maximum heap size of the process. If the `force_shutdown` is enabled, processes that exceed this limit will automatically exit or be forcibly killed. Messages in the process message queue (mailbox) are also part of the heap. The shutdown of a process can be divided into the following two situations:\n\n- The process actively checks the current heap size during its own operation, and actively exits after finding that it exceeds the limit.\n- The underlying scheduling system checks the current heap size after performing garbage collection for the process, and forcibly kills the process after finding that it exceeds the limit.\n\nNote: The Error logs generated by the above two will be different. The log generated by the former is similar to `...errorContext: connection_shutdown, reason: #{max => 2097152, reason => proc_heap_too_large, value => 2787348}..`,\nand the log generated by the latter is similar to `...Context: maximum heap size reached...`.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"32MB\""
+ }
+ ],
+ "text" : "force_shutdown",
+ "doc" : "When the process message queue length, or the memory bytes\nreaches a certain value, the process is forced to close.\n\nNote: \"message queue\" here refers to the \"message mailbox\"\nof the Erlang process, not the `mqueue` of QoS 1 and QoS 2."
+ }
+ ],
+ "hash" : "V-force_shutdown",
+ "text" : "force_shutdown",
+ "type" : "Struct(force_shutdown)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_storage-S-durable_storage",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"builtin_raft\")",
+ "default" : "builtin_raft"
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-replication_factor",
+ "text" : "replication_factor",
+ "doc" : "Number of identical replicas each shard should have.\nIncreasing this number improves durability and availability at the expense of greater resource consumption.\nQuorum of replicas is needed to be healthy for the replication to work, hence an odd number of replicas is a good pick in general.\nPlease note that it takes effect only during the initialization of the durable storage database.\nChanging this configuration parameter after the database has been already created won't take any effect.",
+ "type" : "Integer(1..+inf)",
+ "default" : "3"
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-n_sites",
+ "text" : "n_sites",
+ "doc" : "Number of storage sites that need to share responsibility over the set of storage shards.\nIn this context, sites are EMQX nodes with message durability enabled.\nPlease note that it takes effect only during the initialization of the durable storage database.\nDuring this phase at least that many sites should come online to distribute shards between them, otherwise message storage will be unavailable until then.\nAfter the initialization is complete, sites may be offline, which will affect availability depending on the number of offline sites and replication factor.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-data_dir",
+ "text" : "data_dir",
+ "doc" : "File system directory where the database is located.\n\nBy default, it is equal to `node.data_dir`.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-n_shards",
+ "text" : "n_shards",
+ "doc" : "The built-in durable storage partitions data into shards.\nThis configuration parameter defines the number of shards.\nPlease note that it takes effect only during the initialization of the durable storage database.\nChanging this configuration parameter after the database has been already created won't take any effect.",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-transaction-S-optimistic_transaction",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-transaction-S-optimistic_transaction-flush_interval",
+ "text" : "flush_interval",
+ "doc" : "Specifies the maximum time operations may linger in the buffer before they are committed to the storage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-transaction-S-optimistic_transaction-idle_flush_interval",
+ "text" : "idle_flush_interval",
+ "doc" : "If shard doesn't receive new transactions within this period, the buffer is flushed early.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"1ms\""
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-transaction-S-optimistic_transaction-conflict_window",
+ "text" : "conflict_window",
+ "doc" : "Builtin durable storage backends track recent updates over a period of time known as the conflict tracking window.\n\nTransactions that started earlier than the beginning of the window are automatically rejected.\nSo, effectively, this parameter limits the time the transactions can run.\n\nHigher values reduce the risk of rejecting transactions due to long run time, but may increase RAM demands.\n\nThis value should be greater than the flush interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "optimistic_transaction",
+ "doc" : "Transaction settings for built-in durable storage backends."
+ }
+ ],
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-transaction",
+ "text" : "transaction",
+ "doc" : "Transaction settings.",
+ "type" : "Struct(optimistic_transaction)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized_v2",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized_v2-type",
+ "text" : "type",
+ "doc" : "Wildcard-optimized layout type.",
+ "type" : "String(\"wildcard_optimized_v2\")",
+ "default" : "wildcard_optimized_v2"
+ }
+ ],
+ "text" : "layout_builtin_wildcard_optimized_v2",
+ "doc" : "_Wildcard-optimized_ layout is designed to maximize the throughput of wildcard subscriptions covering large numbers of topics.\n\nFor example, it can handle scenarios where a very large number of clients publish data to the topics containing their client ID, such as: `sensor/%device-version%/%clientid%/temperature`, `sensor/%device-version%/%clientid%/pressure`, etc.\nThis layout will automatically group such topics into a single stream, so a client subscribing to a topic filter containing wildcards (such as `sensor/+/+/temperature`) will be able to consume messages published by all devices as a single batch.\n\nThis layout is efficient for non-wildcard subscriptions as well."
+ },
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized-type",
+ "text" : "type",
+ "doc" : "Wildcard-optimized layout type.",
+ "type" : "String(\"wildcard_optimized\")",
+ "default" : "wildcard_optimized"
+ }
+ ],
+ "text" : "layout_builtin_wildcard_optimized",
+ "doc" : "_Wildcard-optimized_ layout is designed to maximize the throughput of wildcard subscriptions covering large numbers of topics.\n\nFor example, it can handle scenarios where a very large number of clients publish data to the topics containing their client ID, such as: `sensor/%device-version%/%clientid%/temperature`, `sensor/%device-version%/%clientid%/pressure`, etc.\nThis layout will automatically group such topics into a single stream, so a client subscribing to a topic filter containing wildcards (such as `sensor/+/+/temperature`) will be able to consume messages published by all devices as a single batch.\n\nThis layout is efficient for non-wildcard subscriptions as well."
+ },
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_reference",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_reference-type",
+ "text" : "type",
+ "doc" : "Reference layout type.",
+ "type" : "String(\"reference\")",
+ "default" : "reference"
+ }
+ ],
+ "text" : "layout_builtin_reference",
+ "doc" : "A simplistic layout type that stores all messages from all topics in chronological order in a single stream.\n\nNot recommended for production use."
+ }
+ ],
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout",
+ "text" : "layout",
+ "doc" : "Storage layout is a method of arranging messages from various topics and clients on disc.\n\nDepending on the type of workload and the topic structure, different types of strategies for storing the data can be employed to maximize efficiency of reading messages from the durable storage.",
+ "type" : "OneOf(Struct(layout_builtin_wildcard_optimized_v2),Struct(layout_builtin_wildcard_optimized),Struct(layout_builtin_reference))",
+ "default" : "{type = wildcard_optimized_v2}"
+ }
+ ],
+ "text" : "builtin_raft",
+ "doc" : "Builtin storage backend utilizing embedded RocksDB key-value store."
+ },
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "String(\"builtin_local\")",
+ "default" : "builtin_local"
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-data_dir",
+ "text" : "data_dir",
+ "doc" : "File system directory where the database is located.\n\nBy default, it is equal to `node.data_dir`.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-n_shards",
+ "text" : "n_shards",
+ "doc" : "The built-in durable storage partitions data into shards.\nThis configuration parameter defines the number of shards.\nPlease note that it takes effect only during the initialization of the durable storage database.\nChanging this configuration parameter after the database has been already created won't take any effect.",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-transaction-S-optimistic_transaction",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-transaction-S-optimistic_transaction-flush_interval",
+ "text" : "flush_interval",
+ "doc" : "Specifies the maximum time operations may linger in the buffer before they are committed to the storage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-transaction-S-optimistic_transaction-idle_flush_interval",
+ "text" : "idle_flush_interval",
+ "doc" : "If shard doesn't receive new transactions within this period, the buffer is flushed early.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"1ms\""
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-transaction-S-optimistic_transaction-conflict_window",
+ "text" : "conflict_window",
+ "doc" : "Builtin durable storage backends track recent updates over a period of time known as the conflict tracking window.\n\nTransactions that started earlier than the beginning of the window are automatically rejected.\nSo, effectively, this parameter limits the time the transactions can run.\n\nHigher values reduce the risk of rejecting transactions due to long run time, but may increase RAM demands.\n\nThis value should be greater than the flush interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "optimistic_transaction",
+ "doc" : "Transaction settings for built-in durable storage backends."
+ }
+ ],
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-transaction",
+ "text" : "transaction",
+ "doc" : "Transaction settings.",
+ "type" : "Struct(optimistic_transaction)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized_v2",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized_v2-type",
+ "text" : "type",
+ "doc" : "Wildcard-optimized layout type.",
+ "type" : "String(\"wildcard_optimized_v2\")",
+ "default" : "wildcard_optimized_v2"
+ }
+ ],
+ "text" : "layout_builtin_wildcard_optimized_v2",
+ "doc" : "_Wildcard-optimized_ layout is designed to maximize the throughput of wildcard subscriptions covering large numbers of topics.\n\nFor example, it can handle scenarios where a very large number of clients publish data to the topics containing their client ID, such as: `sensor/%device-version%/%clientid%/temperature`, `sensor/%device-version%/%clientid%/pressure`, etc.\nThis layout will automatically group such topics into a single stream, so a client subscribing to a topic filter containing wildcards (such as `sensor/+/+/temperature`) will be able to consume messages published by all devices as a single batch.\n\nThis layout is efficient for non-wildcard subscriptions as well."
+ },
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized-type",
+ "text" : "type",
+ "doc" : "Wildcard-optimized layout type.",
+ "type" : "String(\"wildcard_optimized\")",
+ "default" : "wildcard_optimized"
+ }
+ ],
+ "text" : "layout_builtin_wildcard_optimized",
+ "doc" : "_Wildcard-optimized_ layout is designed to maximize the throughput of wildcard subscriptions covering large numbers of topics.\n\nFor example, it can handle scenarios where a very large number of clients publish data to the topics containing their client ID, such as: `sensor/%device-version%/%clientid%/temperature`, `sensor/%device-version%/%clientid%/pressure`, etc.\nThis layout will automatically group such topics into a single stream, so a client subscribing to a topic filter containing wildcards (such as `sensor/+/+/temperature`) will be able to consume messages published by all devices as a single batch.\n\nThis layout is efficient for non-wildcard subscriptions as well."
+ },
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_reference",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_reference-type",
+ "text" : "type",
+ "doc" : "Reference layout type.",
+ "type" : "String(\"reference\")",
+ "default" : "reference"
+ }
+ ],
+ "text" : "layout_builtin_reference",
+ "doc" : "A simplistic layout type that stores all messages from all topics in chronological order in a single stream.\n\nNot recommended for production use."
+ }
+ ],
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout",
+ "text" : "layout",
+ "doc" : "Storage layout is a method of arranging messages from various topics and clients on disc.\n\nDepending on the type of workload and the topic structure, different types of strategies for storing the data can be employed to maximize efficiency of reading messages from the durable storage.",
+ "type" : "OneOf(Struct(layout_builtin_wildcard_optimized_v2),Struct(layout_builtin_wildcard_optimized),Struct(layout_builtin_reference))",
+ "default" : "{type = wildcard_optimized_v2}"
+ }
+ ],
+ "text" : "builtin_local",
+ "doc" : "Builtin storage backend utilizing embedded RocksDB key-value store.\nThis backend doesn't support clustering."
+ }
+ ],
+ "hash" : "V-durable_storage-S-durable_storage-messages",
+ "text" : "messages",
+ "doc" : "Configuration related to the durable storage of MQTT messages.",
+ "type" : "OneOf(Struct(builtin_raft),Struct(builtin_local))",
+ "default" : "{backend = builtin_raft}"
+ }
+ ],
+ "text" : "durable_storage",
+ "doc" : "Configuration related to the EMQX durable storages.\n\nEMQX uses durable storages to offload various data, such as MQTT messages, to disc."
+ }
+ ],
+ "hash" : "V-durable_storage",
+ "text" : "durable_storage",
+ "doc" : "Configuration related to the EMQX durable storages.\n\nEMQX uses durable storages to offload various data, such as MQTT messages, to disc.",
+ "type" : "Struct(durable_storage)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-force_gc-S-force_gc",
+ "fields" : [
+ {
+ "hash" : "V-force_gc-S-force_gc-count",
+ "text" : "count",
+ "doc" : "GC the process after this many received messages.",
+ "type" : "Integer(0..inf)",
+ "default" : "16000"
+ },
+ {
+ "hash" : "V-force_gc-S-force_gc-bytes",
+ "text" : "bytes",
+ "doc" : "GC the process after specified number of bytes have passed through.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"16MB\""
+ }
+ ],
+ "text" : "force_gc",
+ "doc" : "Force garbage collection in MQTT connection process after\n they process certain number of messages or bytes of data."
+ }
+ ],
+ "hash" : "V-force_gc",
+ "text" : "force_gc",
+ "type" : "Struct(force_gc)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sysmon-S-sysmon",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-sysmon-S-sysmon-vm-S-sysmon_vm",
+ "fields" : [
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_check_interval",
+ "text" : "process_check_interval",
+ "doc" : "The time interval for the periodic process count limit check, used together with `process_high_watermark` and `process_low_watermark`.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_high_watermark",
+ "text" : "process_high_watermark",
+ "doc" : "The threshold, as percentage of processes, for how many\n processes can simultaneously exist at the local node before the corresponding\n alarm is raised.",
+ "type" : "String",
+ "default" : "\"80%\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_low_watermark",
+ "text" : "process_low_watermark",
+ "doc" : "The threshold, as percentage of processes, for how many\n processes can simultaneously exist at the local node before the corresponding\n alarm is cleared.",
+ "type" : "String",
+ "default" : "\"60%\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-long_gc",
+ "text" : "long_gc",
+ "doc" : "When an Erlang process spends long time to perform garbage collection, a warning level long_gc log is emitted,\nand an MQTT message is published to the system topic $SYS/sysmon/long_gc.",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-long_schedule",
+ "text" : "long_schedule",
+ "doc" : "When the Erlang VM detect a task scheduled for too long, a warning level 'long_schedule' log is emitted,\nand an MQTT message is published to the system topic $SYS/sysmon/long_schedule.",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "\"240ms\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-large_heap",
+ "text" : "large_heap",
+ "doc" : "When the heap memory occupied by a process exceeds the size specified by `large_heap`, the system will write a warning level `large_heap` log, and an MQTT message will be published to the system topic `$SYS/sysmon/large_heap`.",
+ "type" : "OneOf(String(\"disabled\"),Bytesize)",
+ "default" : "\"32MB\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-busy_dist_port",
+ "text" : "busy_dist_port",
+ "doc" : "When the RPC connection used to communicate with other nodes in the cluster is overloaded,\nthere will be a busy_dist_port warning log,\nand an MQTT message is published to system topic $SYS/sysmon/busy_dist_port.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-busy_port",
+ "text" : "busy_port",
+ "doc" : "When a port (e.g. TCP socket) is overloaded, there will be a busy_port warning log,\nand an MQTT message is published to the system topic $SYS/sysmon/busy_port.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "sysmon_vm",
+ "doc" : "This part of the configuration is responsible for collecting\n BEAM VM events, such as long garbage collection, traffic congestion in the inter-broker\n communication, etc."
+ }
+ ],
+ "hash" : "V-sysmon-S-sysmon-vm",
+ "text" : "vm",
+ "type" : "Struct(sysmon_vm)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sysmon-S-sysmon-os-S-sysmon_os",
+ "fields" : [
+ {
+ "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_check_interval",
+ "text" : "cpu_check_interval",
+ "doc" : "The time interval for the periodic CPU check. Disabled on Windows platform.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_high_watermark",
+ "text" : "cpu_high_watermark",
+ "doc" : "The threshold, as percentage of system CPU load,\n for how much system cpu can be used before the corresponding alarm is raised. Disabled on Windows platform",
+ "type" : "String",
+ "default" : "\"80%\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_low_watermark",
+ "text" : "cpu_low_watermark",
+ "doc" : "The threshold, as percentage of system CPU load,\n for how much system cpu can be used before the corresponding alarm is cleared. Disabled on Windows platform",
+ "type" : "String",
+ "default" : "\"60%\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-mem_check_interval",
+ "text" : "mem_check_interval",
+ "doc" : "The time interval for the periodic memory check. Disabled on Windows platform.",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-sysmem_high_watermark",
+ "text" : "sysmem_high_watermark",
+ "doc" : "The threshold, as percentage of system memory,\n for how much system memory can be allocated before the corresponding alarm is raised. Disabled on Windows platform",
+ "type" : "String",
+ "default" : "\"70%\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-procmem_high_watermark",
+ "text" : "procmem_high_watermark",
+ "doc" : "The threshold, as percentage of system memory,\n for how much system memory can be allocated by one Erlang process before\n the corresponding alarm is raised. Disabled on Windows platform.",
+ "type" : "String",
+ "default" : "\"5%\""
+ }
+ ],
+ "text" : "sysmon_os",
+ "doc" : "This part of the configuration is responsible for monitoring\n the host OS health, such as free memory, disk space, CPU load, etc."
+ }
+ ],
+ "hash" : "V-sysmon-S-sysmon-os",
+ "text" : "os",
+ "type" : "Struct(sysmon_os)"
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-mnesia_tm_mailbox_size_alarm_threshold",
+ "text" : "mnesia_tm_mailbox_size_alarm_threshold",
+ "doc" : "The threshold above which an alarm is raised for the mailbox size of the mnesia transaction manager. This process handles all transactions in EMQX's internal database mnesia.\n\nThere are several reasons that could give raise to this alarm. A few things to check for or consider:\n- Lower `max_conn_rate`, so that clients join at a slower pace;\n- Increase CPU / RAM resources for EMQX;\n- Lower retained message rate from the client side;\n- Check if intra-cluster network bandwidth is reaching a maximum.",
+ "type" : "Integer(1..+inf)",
+ "default" : "500"
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-broker_pool_mailbox_size_alarm_threshold",
+ "text" : "broker_pool_mailbox_size_alarm_threshold",
+ "doc" : "The threshold above which an alarm is raised for the maximum mailbox size among the broker pool workers. Broker pool workers handle adding and removing subscriptions, and replication of routing information.\n\nThere are several reasons that could give raise to this alarm. A few things to check for or consider:\n- Increase CPU / RAM resources for EMQX;\n- Review the subscriptions that clients are doing, for example, try to compact topic filters;\n- Check if intra-cluster network bandwidth is reaching a maximum.",
+ "type" : "Integer(1..+inf)",
+ "default" : "500"
+ }
+ ],
+ "text" : "sysmon",
+ "doc" : "Features related to system monitoring and introspection."
+ }
+ ],
+ "hash" : "V-sysmon",
+ "text" : "sysmon",
+ "type" : "Struct(sysmon)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-alarm-S-alarm",
+ "fields" : [
+ {
+ "hash" : "V-alarm-S-alarm-actions",
+ "text" : "actions",
+ "doc" : "The actions triggered when the alarm is activated.
Currently, the following actions are supported: log and publish.\nlog is to write the alarm to log (console or file).\npublish is to publish the alarm as an MQTT message to the system topics:\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/activate and\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/deactivate",
+ "type" : "Array(Enum(log,publish))",
+ "default" : "[log, publish]"
+ },
+ {
+ "hash" : "V-alarm-S-alarm-size_limit",
+ "text" : "size_limit",
+ "doc" : "The maximum number of historical alarms that can be stored.\n\nWhen the maximum number is reached, the oldest historical alarms will be deleted to store new historical alarms.",
+ "type" : "Integer(1..3000)",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-alarm-S-alarm-validity_period",
+ "text" : "validity_period",
+ "doc" : "The validity period of historical alarms. Calculated from the time of activation of the historical alarm instead of the time of cancelation.\n\nIf it exists longer than the validity period, the alarm will be deleted.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"24h\""
+ }
+ ],
+ "text" : "alarm",
+ "doc" : "Settings for the alarms."
+ }
+ ],
+ "hash" : "V-alarm",
+ "text" : "alarm",
+ "type" : "Struct(alarm)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-flapping_detect-S-flapping_detect",
+ "fields" : [
+ {
+ "hash" : "V-flapping_detect-S-flapping_detect-enable",
+ "text" : "enable",
+ "doc" : "Enable flapping connection detection feature.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-flapping_detect-S-flapping_detect-window_time",
+ "text" : "window_time",
+ "doc" : "The time window for flapping detection.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"1m\""
+ },
+ {
+ "hash" : "V-flapping_detect-S-flapping_detect-max_count",
+ "text" : "max_count",
+ "doc" : "The maximum number of disconnects allowed for a MQTT Client in `window_time`",
+ "type" : "Integer(0..+inf)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-flapping_detect-S-flapping_detect-ban_time",
+ "text" : "ban_time",
+ "doc" : "How long the flapping clientid will be banned.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ }
+ ],
+ "text" : "flapping_detect",
+ "doc" : "This config controls the allowed maximum number of `CONNECT` packets received\nfrom the same clientid in a time frame defined by `window_time`.\nAfter the limit is reached, successive `CONNECT` requests are forbidden\n(banned) until the end of the time period defined by `ban_time`."
+ }
+ ],
+ "hash" : "V-flapping_detect",
+ "text" : "flapping_detect",
+ "type" : "Struct(flapping_detect)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_sessions-S-durable_sessions",
+ "fields" : [
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-enable",
+ "text" : "enable",
+ "doc" : "Use durable storage for client sessions persistence.\nIf enabled, sessions configured to outlive client connections, along with their corresponding messages, will be durably stored and survive broker downtime.\n\n::: warning\nMessages sent to the durable sessions are saved on disc.\nThis inevitably limits the overall throughput of the system.\n:::",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-batch_size",
+ "text" : "batch_size",
+ "doc" : "This value affects the flow control for the persistent sessions.\nPersistent session queries the durable message storage in batches.\nThis value specifies size of the batch.\n\nNote: larger batches generally improve the throughput and overall performance of the system, but increase RAM usage per client.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-idle_poll_interval",
+ "text" : "idle_poll_interval",
+ "doc" : "Expiry interval for poll requests sent by durable sessions to the storage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-heartbeat_interval",
+ "text" : "heartbeat_interval",
+ "doc" : "Durable sessions back up their state on disc every heartbeat interval.\n\nHeartbeat interval is also taken into account during garbage collection of expired sessions.\nIt is added to the session expiry time as a safety margin when precise time of session termination is not precisely known.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5000ms\""
+ },
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-session_gc_interval",
+ "text" : "session_gc_interval",
+ "doc" : "The interval at which session garbage collection is executed for persistent sessions.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10m\""
+ },
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-session_gc_batch_size",
+ "text" : "session_gc_batch_size",
+ "doc" : "The size of each batch of expired persistent sessions to be garbage collected per iteration.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-message_retention_period",
+ "text" : "message_retention_period",
+ "doc" : "Broker keeps messages sent to the durable sessions for this period of time.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"1d\""
+ }
+ ],
+ "text" : "durable_sessions",
+ "doc" : "Settings related to the durable session feature."
+ }
+ ],
+ "hash" : "V-durable_sessions",
+ "text" : "durable_sessions",
+ "type" : "Struct(durable_sessions)"
+ },
+ {
+ "hash" : "V-config_backup_interval",
+ "text" : "config_backup_interval",
+ "doc" : "Interval at which backups to `cluster.hocon` are made. Even if multiple configuration updates are made withing this interval, only one backup will be made with the current configuration.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-doris-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\n A host entry has the following form: `Host[:Port]`.
\n The Doris default port 9030 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String",
+ "default" : "root"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl",
+ "doc" : "SSL connection settings."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-doris-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a connector to Doris tables."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-doris",
+ "text" : "doris",
+ "doc" : "Configuration for a connector to Doris tables.",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-clickhouse-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-url",
+ "text" : "url",
+ "doc" : "The HTTP URL to the Clickhouse server that you want to connect to (for example http://myhostname:8123)",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the Clickhouse server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a Clickhouse bridge."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-clickhouse",
+ "text" : "clickhouse",
+ "doc" : "ClickHouse Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-rabbitmq-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The RabbitMQ server address that you want to connect to (for example, localhost).",
+ "type" : "String",
+ "default" : "localhost"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-port",
+ "text" : "port",
+ "doc" : "The RabbitMQ server address that you want to connect to (for example, localhost).",
+ "type" : "Integer(1..65535)",
+ "default" : "5672"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username used to authenticate with the RabbitMQ server.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "The size of the connection pool.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-timeout",
+ "text" : "timeout",
+ "doc" : "The timeout for waiting on the connection to be established.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-virtual_host",
+ "text" : "virtual_host",
+ "doc" : "The virtual host to use when connecting to the RabbitMQ server.",
+ "type" : "String",
+ "default" : "\"/\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-heartbeat",
+ "text" : "heartbeat",
+ "doc" : "The interval for sending heartbeat messages to the RabbitMQ server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Connector resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "The configuration for the RabbitMQ connector."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-rabbitmq",
+ "text" : "rabbitmq",
+ "doc" : "RabbitMQ Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mqtt-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the pool of MQTT clients that will publish messages to the remote broker.
\nEach MQTT client will be assigned 'clientid' of the form '${clientid_prefix}:${bridge_name}:egress:${node}:${n}'\nwhere 'n' is the number of a client inside the pool.\n\nThis option does not take effect if `static_clientids` is not empty. When static client IDs is in use, pool size is always derived from the number of assigned IDs for each node.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-mode",
+ "text" : "mode",
+ "doc" : "Deprecated since v5.1.0 & e5.1.0.",
+ "type" : "Enum(cluster_shareload)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The host and port of the remote MQTT broker",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-clientid_prefix",
+ "text" : "clientid_prefix",
+ "doc" : "Optional prefix to prepend to the clientid used by egress bridges.\nDoes not apply if `static_clientids` is used.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-static_clientids-S-static_clientid_entry",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-static_clientids-S-static_clientid_entry-node",
+ "text" : "node",
+ "doc" : "Node name (e.g.: `emqx@10.0.0.1`).",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-static_clientids-S-static_clientid_entry-ids",
+ "text" : "ids",
+ "doc" : "Array of static client IDs assigned to this node.",
+ "type" : "Array(String)"
+ }
+ ],
+ "text" : "static_clientid_entry",
+ "doc" : "Entries mapping EMQX node names to static client IDs.\n\nIf any entries are defined, then only EMQX nodes matching those entries will start MQTT clients with the corresponding clientids."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-static_clientids",
+ "text" : "static_clientids",
+ "doc" : "Entries mapping EMQX node names to static client IDs.\n\nIf any entries are defined, then only EMQX nodes matching those entries will start MQTT clients with the corresponding clientids.",
+ "type" : "Array(Struct(static_clientid_entry))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-reconnect_interval",
+ "text" : "reconnect_interval",
+ "doc" : "Deprecated since v5.0.16.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-proto_ver",
+ "text" : "proto_ver",
+ "doc" : "The MQTT protocol version",
+ "type" : "Enum(v3,v4,v5)",
+ "default" : "v4"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-bridge_mode",
+ "text" : "bridge_mode",
+ "doc" : "If enable bridge mode.\nNOTE: This setting is only for MQTT protocol version older than 5.0, and the remote MQTT\nbroker MUST support this feature.\nIf bridge_mode is set to true, the bridge will indicate to the remote broker that it is a bridge not an ordinary client.\nThis means that loop detection will be more effective and that retained messages will be propagated correctly.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username of the MQTT protocol",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password of the MQTT protocol
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-clean_start",
+ "text" : "clean_start",
+ "doc" : "Whether to start a clean session when reconnecting a remote broker for ingress bridge",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-keepalive",
+ "text" : "keepalive",
+ "doc" : "Time interval is a string that contains a number followed by time unit:\n - `ms` for milliseconds\n - `s` for seconds\n - `m` for minutes\n - `h` for hours\nor combination of whereof: `1h5m0s`",
+ "type" : "String",
+ "default" : "\"160s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "Timeout for connecting to the remote broker. The connection worker process is blocked up to this amount of time when attempting the initial connection.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Delay for the MQTT bridge to retry sending the QoS1/QoS2 messages in case of ACK not received.",
+ "type" : "String",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "Max inflight (sent, but un-acked) messages of the MQTT protocol",
+ "type" : "Integer(0..+inf)",
+ "default" : "32"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configurations for an MQTT connector."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mqtt",
+ "text" : "mqtt",
+ "doc" : "MQTT Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-dynamo-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-url",
+ "text" : "url",
+ "doc" : "The url of DynamoDB endpoint.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-region",
+ "text" : "region",
+ "doc" : "Region of AWS Dynamo",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-aws_access_key_id",
+ "text" : "aws_access_key_id",
+ "doc" : "Access Key ID for connecting to DynamoDB.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-aws_secret_access_key",
+ "text" : "aws_secret_access_key",
+ "doc" : "AWS Secret Access Key for connecting to DynamoDB.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for an DynamoDB connector."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-dynamo",
+ "text" : "dynamo",
+ "doc" : "DynamoDB Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-timescale-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-disable_prepared_statements",
+ "text" : "disable_prepared_statements",
+ "doc" : "Disables the usage of prepared statements in the connections.\nSome endpoints, like PGBouncer or Supabase in Transaction mode, do not\nsupport session features such as prepared statements. For such connections,\nthis option should be enabled.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "The configuration for the PostgreSQL connector."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-timescale",
+ "text" : "timescale",
+ "doc" : "Timescale Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-bootstrap_hosts",
+ "text" : "bootstrap_hosts",
+ "doc" : "A comma separated list of Kafka host:port endpoints to bootstrap the client.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "Maximum wait time for TCP connection establishment (including authentication time if enabled).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-min_metadata_refresh_interval",
+ "text" : "min_metadata_refresh_interval",
+ "doc" : "Minimum time interval the client has to wait before refreshing Kafka broker and topic metadata. Setting too small value may add extra load on Kafka.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-metadata_request_timeout",
+ "text" : "metadata_request_timeout",
+ "doc" : "Maximum wait time when fetching topic metadata.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password-mechanism",
+ "text" : "mechanism",
+ "doc" : "SASL authentication mechanism.",
+ "type" : "Enum(plain,scram_sha_256,scram_sha_512)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password-username",
+ "text" : "username",
+ "doc" : "SASL authentication username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password-password",
+ "text" : "password",
+ "doc" : "SASL authentication password.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_username_password",
+ "doc" : "Username/password based authentication."
+ },
+ {
+ "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_gssapi_kerberos",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_principal",
+ "text" : "kerberos_principal",
+ "doc" : "SASL GSSAPI authentication Kerberos principal. For example kafka/node1.example.com@EXAMPLE.COM, NOTE: The realm in use has to be configured in /etc/krb5.conf in EMQX nodes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_keytab_file",
+ "text" : "kerberos_keytab_file",
+ "doc" : "SASL GSSAPI authentication Kerberos keytab file path. NOTE: This file has to be placed in EMQX nodes, and the EMQX service runner user requires read permission.",
+ "type" : "String"
+ }
+ ],
+ "text" : "auth_gssapi_kerberos",
+ "doc" : "Use GSSAPI/Kerberos authentication."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication",
+ "text" : "authentication",
+ "doc" : "Authentication configs.\n- none: No authentication.\n- msk_iam: Use [MSK IAM authentication](https://docs.aws.amazon.com/msk/latest/developerguide/security-iam.html). Note: This only works when EMQX is running on an EC2 instance.\n- basic auth: Simple username and password authentication.\n- kerberos: Use Kerberos GSSAPI authentication.",
+ "type" : "OneOf(String(\"none\"),String(\"msk_iam\"),Struct(auth_username_password),Struct(auth_gssapi_kerberos))",
+ "default" : "none"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Fine tune the socket send buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Fine tune the socket receive buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "When set to 'true', TCP buffer is sent as soon as possible. Otherwise, the OS kernel may buffer small TCP packets for a while (40 ms by default).",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive",
+ "text" : "tcp_keepalive",
+ "doc" : "Enable TCP keepalive.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX will start sending probes after the connection is idle for 240 seconds, and the probes are sent every 30 seconds until a response is received, if it misses 5 consecutive responses, the connection should be closed.\nDefault: 'none'",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "socket_opts",
+ "doc" : "Extra socket options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts",
+ "text" : "socket_opts",
+ "doc" : "Extra socket options.",
+ "type" : "Struct(socket_opts)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-health_check_topic",
+ "text" : "health_check_topic",
+ "doc" : "Topic name used exclusively for more accurate connector health checks.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Server Name Indication (SNI) setting for TLS handshake.
\n- auto: Allow the client to automatically determine the appropriate SNI.
\n- disable: If you wish to prevent the client from sending the SNI.
\n- Other string values will be sent as-is.",
+ "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)",
+ "default" : "auto"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "TLS/SSL options for client."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl",
+ "text" : "ssl",
+ "type" : "Struct(ssl_client_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a Kafka Producer Client."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_producer",
+ "text" : "kafka_producer",
+ "doc" : "Kafka Producer Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-datalayers-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe Datalayers default port 8361 is used if `[:Port]` is not specified.",
+ "type" : "String",
+ "default" : "\"127.0.0.1:8361\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer",
+ "default" : "8"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-driver_type",
+ "text" : "driver_type",
+ "doc" : "The Driver used to communicate with Datalayers service.",
+ "type" : "Enum(influxdb_v1)",
+ "default" : "influxdb_v1"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-database",
+ "text" : "database",
+ "doc" : "Datalayers database.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-username",
+ "text" : "username",
+ "doc" : "Datalayers username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-password",
+ "text" : "password",
+ "doc" : "Datalayers password.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "datalayers_influxdb_v1_parameters",
+ "doc" : "Set of parameters specific for the given type of this Datalayers connector."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters",
+ "text" : "parameters",
+ "doc" : "Set of parameters specific for the given type of this Datalayers connector.",
+ "type" : "OneOf(Struct(datalayers_influxdb_v1_parameters))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a Datalayers bridge."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-datalayers",
+ "text" : "datalayers",
+ "doc" : "Datalayers Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-couchbase-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\n A host entry has the following form: `Host[:Port]`.
\n The Couchbase default query service port 8093 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-pipelining",
+ "text" : "pipelining",
+ "doc" : "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-username",
+ "text" : "username",
+ "doc" : "Username for Couchbase service.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-password",
+ "text" : "password",
+ "doc" : "Password for Couchbase service.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a connector to Couchbase service."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-couchbase",
+ "text" : "couchbase",
+ "doc" : "Couchbase Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "Standalone instance. Must be set to 'single' when MongoDB server is running in standalone mode.",
+ "type" : "String(\"single\")",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single-w_mode",
+ "text" : "w_mode",
+ "doc" : "Write mode.",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ }
+ ],
+ "text" : "connector_single",
+ "doc" : "Settings for a single MongoDB instance."
+ },
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "Sharded cluster. Must be set to 'sharded' when MongoDB server is running in 'sharded' mode.",
+ "type" : "String(\"sharded\")",
+ "default" : "sharded"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded-servers",
+ "text" : "servers",
+ "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded-w_mode",
+ "text" : "w_mode",
+ "doc" : "Write mode.",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ }
+ ],
+ "text" : "connector_sharded",
+ "doc" : "Settings for sharded cluster."
+ },
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "Replica set. Must be set to 'rs' when MongoDB server is running in 'replica set' mode.",
+ "type" : "String(\"rs\")",
+ "default" : "rs"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-servers",
+ "text" : "servers",
+ "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe MongoDB default port 27017 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-w_mode",
+ "text" : "w_mode",
+ "doc" : "Write mode.",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-r_mode",
+ "text" : "r_mode",
+ "doc" : "Read mode.",
+ "type" : "Enum(master,slave_ok)",
+ "default" : "master"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-replica_set_name",
+ "text" : "replica_set_name",
+ "doc" : "Name of the replica set.",
+ "type" : "String"
+ }
+ ],
+ "text" : "connector_rs",
+ "doc" : "Settings for replica set."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters",
+ "text" : "parameters",
+ "doc" : "Set of parameters specific for the given type of this MongoDB connector, `mongo_type` can be one of `single` (Standalone), `sharded` (Sharded) or `rs` (Replica Set).",
+ "type" : "OneOf(Struct(connector_single),Struct(connector_sharded),Struct(connector_rs))"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-srv_record",
+ "text" : "srv_record",
+ "doc" : "Use DNS SRV record.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "Whether to use MongoDB's legacy protocol for communicating with the database. The default is to attempt to automatically determine if the newer protocol is supported.",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-auth_source",
+ "text" : "auth_source",
+ "doc" : "Database name associated with the user's credentials.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "The maximum number of additional workers that can be created when all workers in the pool are busy. This helps to manage temporary spikes in workload by allowing more concurrent connections to the MongoDB server.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "Period of time before workers that exceed the configured pool size (\"overflow\") to be terminated.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "Period for checking if there are more workers than configured (\"overflow\").
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "The size of the latency window for selecting among multiple suitable MongoDB instances.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "The duration to attempt a connection before timing out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "The duration to attempt to send or to receive on a socket before the attempt times out.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "Specifies how long to block for server selection before throwing an exception.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "The maximum duration that a worker can wait for a connection to become available.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "Controls when the driver checks the state of the MongoDB deployment. Specify the interval between checks, counted from the end of the previous check until the beginning of the next one. If the number of connections is increased (which will happen, for example, if you increase the pool size), you may need to increase this period as well to avoid creating too many log entries in the MongoDB log file.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "Controls the minimum amount of time to wait between heartbeats.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "Topology of MongoDB."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for MongoDB action"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mongodb",
+ "text" : "mongodb",
+ "doc" : "MongoDB Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-matrix-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-disable_prepared_statements",
+ "text" : "disable_prepared_statements",
+ "doc" : "Disables the usage of prepared statements in the connections.\nSome endpoints, like PGBouncer or Supabase in Transaction mode, do not\nsupport session features such as prepared statements. For such connections,\nthis option should be enabled.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "The configuration for the PostgreSQL connector."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-matrix",
+ "text" : "matrix",
+ "doc" : "Matrix Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-elasticsearch-S-config",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-pool_type",
+ "text" : "pool_type",
+ "doc" : "The type of the pool. Can be one of `random`, `hash`.",
+ "type" : "Enum(random,hash)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Elasticsearch default port 9200 is used if `[:Port]` is not specified.",
+ "type" : "String",
+ "default" : "\"127.0.0.1:9200\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic-username",
+ "text" : "username",
+ "doc" : "The username as configured at the ElasticSearch REST interface",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic-password",
+ "text" : "password",
+ "doc" : "The password as configured at the ElasticSearch REST interface
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_basic",
+ "doc" : "Basic Authentication"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication",
+ "text" : "authentication",
+ "doc" : "Authentication configuration",
+ "type" : "OneOf(Struct(auth_basic))"
+ }
+ ],
+ "text" : "config",
+ "doc" : "Configuration for ElasticSearch bridge."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-elasticsearch",
+ "text" : "elasticsearch",
+ "doc" : "ElasticSearch Connector Config",
+ "type" : "Map($name->Struct(config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-http-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-url",
+ "text" : "url",
+ "doc" : "The URL of the HTTP action.
\nTemplate with variables is allowed in the path, but variables cannot be used in the scheme, host,\nor port part.
\nFor example, http://localhost:9901/${topic} is allowed, but\n http://${host}:9901/message or http://localhost:${port}/message \nis not allowed.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-headers",
+ "text" : "headers",
+ "doc" : "The headers of the HTTP request.
\nTemplate with variables is allowed.",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=5\"}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-pool_type",
+ "text" : "pool_type",
+ "doc" : "The type of the pool. Can be one of `random`, `hash`.",
+ "type" : "Enum(random,hash)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-request",
+ "text" : "request",
+ "doc" : "Deprecated since 5.3.2.",
+ "type" : "Map"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for an HTTP action."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-http",
+ "text" : "http",
+ "doc" : "HTTP Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_blob_storage-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-account_name",
+ "text" : "account_name",
+ "doc" : "Account name for Azure Blob Storage service.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-account_key",
+ "text" : "account_key",
+ "doc" : "Account key for Azure Blob Storage service.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a connector to Azure Blob Storage service."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_blob_storage",
+ "text" : "azure_blob_storage",
+ "doc" : "Azure Blob Storage Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-oracle-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
A host entry has the following form: `Host[:Port]`.
The Oracle Database default port 1521 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-sid",
+ "text" : "sid",
+ "doc" : "Sid for Oracle Database.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-service_name",
+ "text" : "service_name",
+ "doc" : "Service Name for Oracle Database.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-role",
+ "text" : "role",
+ "doc" : "Select which role to use to link to the Oracle database.
- normal: Does not use any special roles
- sysdba: System database administrator role with advanced privileges",
+ "type" : "Enum(normal,sysdba)",
+ "default" : "normal"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for an Oracle Client."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-oracle",
+ "text" : "oracle",
+ "doc" : "Oracle Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-cassandra-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-servers",
+ "text" : "servers",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port][,Host2:Port]`.
\nThe Cassandra default port 9042 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-keyspace",
+ "text" : "keyspace",
+ "doc" : "Keyspace name to connect to.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a Cassandra bridge."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-cassandra",
+ "text" : "cassandra",
+ "doc" : "Cassandra Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-opents-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The URL of OpenTSDB endpoint.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-summary",
+ "text" : "summary",
+ "doc" : "Whether to return summary information.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-details",
+ "text" : "details",
+ "doc" : "Whether to return detailed information.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for OpenTSDB Connector."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-opents",
+ "text" : "opents",
+ "doc" : "OpenTSDB Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-hstreamdb-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-url",
+ "text" : "url",
+ "doc" : "HStreamDB Server URL. This URL will be used as the gRPC HTTP server address.",
+ "type" : "String",
+ "default" : "\"http://127.0.0.1:6570\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-grpc_timeout",
+ "text" : "grpc_timeout",
+ "doc" : "The timeout for HStreamDB gRPC requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for an HStreamDB connector."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-hstreamdb",
+ "text" : "hstreamdb",
+ "doc" : "HStreamDB Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kinesis-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-aws_access_key_id",
+ "text" : "aws_access_key_id",
+ "doc" : "Access Key ID for connecting to Amazon Kinesis.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-aws_secret_access_key",
+ "text" : "aws_secret_access_key",
+ "doc" : "AWS Secret Access Key for connecting to Amazon Kinesis.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-endpoint",
+ "text" : "endpoint",
+ "doc" : "The url of Amazon Kinesis endpoint.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry times if an error occurs when sending a request.",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a Kinesis Client."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kinesis",
+ "text" : "kinesis",
+ "doc" : "Kinesis Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-snowflake-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The address of Snowflake computing server to connect to.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-account",
+ "text" : "account",
+ "doc" : "Account ID for Snowflake.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-dsn",
+ "text" : "dsn",
+ "doc" : "Data Source Name (DSN) associated with the installed Snowflake ODBC driver.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-private_key_path",
+ "text" : "private_key_path",
+ "doc" : "Full file path to the private key to be used for the ODBC connection. This path must be the same on all nodes of the cluster.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-private_key_password",
+ "text" : "private_key_password",
+ "doc" : "Password to decrypt the private key. Do not set this value if the private key is not encrypted.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-snowflake-S-config_connector-proxy-S-proxy_config",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-proxy-S-proxy_config-host",
+ "text" : "host",
+ "doc" : "Proxy host address to connect to.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-proxy-S-proxy_config-port",
+ "text" : "port",
+ "doc" : "Proxy port to use when connecting.",
+ "type" : "Integer(1..65535)"
+ }
+ ],
+ "text" : "proxy_config",
+ "doc" : "Proxy configuration. Only plain HTTP proxies are currently supported (no HTTPS)."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-proxy",
+ "text" : "proxy",
+ "doc" : "Proxy configuration. Only plain HTTP proxies are currently supported (no HTTPS).",
+ "type" : "OneOf(String(\"none\"),Struct(proxy_config))",
+ "default" : "none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a connector to Snowflake service."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-snowflake",
+ "text" : "snowflake",
+ "doc" : "Snowflake Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-tdengine-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe TDengine default port 6041 is used if `[:Port]` is not specified.
\nThis field also supports an HTTPS URLs to connect to the TDengine Cloud. For example: `https://gw.us-west-2.aws.cloud.tdengine.com `",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-token",
+ "text" : "token",
+ "doc" : "The token used when connecting to TDengine Cloud.
\nIf this value is provided, it will override the authentication method of Username and Password.
\nDefault is empty.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for TDengine Connector."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-tdengine",
+ "text" : "tdengine",
+ "doc" : "TDengine Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-influxdb-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe InfluxDB default port 8086 is used if `[:Port]` is not specified.",
+ "type" : "String",
+ "default" : "\"127.0.0.1:8086\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-influxdb_type",
+ "text" : "influxdb_type",
+ "doc" : "InfluxDB's protocol. Support InfluxDB v1.8 and before.",
+ "type" : "String(\"influxdb_api_v1\")",
+ "default" : "influxdb_api_v1"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-database",
+ "text" : "database",
+ "doc" : "InfluxDB database.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-username",
+ "text" : "username",
+ "doc" : "InfluxDB username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-password",
+ "text" : "password",
+ "doc" : "InfluxDB password.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "connector_influxdb_api_v1",
+ "doc" : "InfluxDB's protocol. Support InfluxDB v1.8 and before."
+ },
+ {
+ "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-influxdb_type",
+ "text" : "influxdb_type",
+ "doc" : "InfluxDB's protocol. Support InfluxDB v2.0 and after.",
+ "type" : "String(\"influxdb_api_v2\")",
+ "default" : "influxdb_api_v2"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-bucket",
+ "text" : "bucket",
+ "doc" : "InfluxDB bucket name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-org",
+ "text" : "org",
+ "doc" : "Organization name of InfluxDB.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-token",
+ "text" : "token",
+ "doc" : "InfluxDB token.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "connector_influxdb_api_v2",
+ "doc" : "InfluxDB's protocol. Support InfluxDB v2.0 and after."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters",
+ "text" : "parameters",
+ "doc" : "Set of parameters specific for the given type of this InfluxDB connector, `influxdb_type` can be one of `influxdb_api_v1`, `influxdb_api_v1`.",
+ "type" : "OneOf(Struct(connector_influxdb_api_v1),Struct(connector_influxdb_api_v2))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for an InfluxDB bridge."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-influxdb",
+ "text" : "influxdb",
+ "doc" : "InfluxDB Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-redis-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-redis_type",
+ "text" : "redis_type",
+ "doc" : "Single mode. Must be set to 'single' when Redis server is running in single mode.",
+ "type" : "String(\"single\")",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-database",
+ "text" : "database",
+ "doc" : "Redis database ID.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ }
+ ],
+ "text" : "redis_single_connector",
+ "doc" : "Redis connector in sentinel mode"
+ },
+ {
+ "hash" : "T-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-servers",
+ "text" : "servers",
+ "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-redis_type",
+ "text" : "redis_type",
+ "doc" : "Sentinel mode. Must be set to 'sentinel' when Redis server is running in sentinel mode.",
+ "type" : "String(\"sentinel\")",
+ "default" : "sentinel"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-sentinel",
+ "text" : "sentinel",
+ "doc" : "The cluster name in Redis sentinel mode.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-database",
+ "text" : "database",
+ "doc" : "Redis database ID.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ }
+ ],
+ "text" : "redis_sentinel_connector",
+ "doc" : "Redis connector in sentinel mode"
+ },
+ {
+ "hash" : "T-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-servers",
+ "text" : "servers",
+ "doc" : "A Node list for Cluster to connect to. The nodes should be separated with commas, such as: `Node[,Node].`\nFor each Node should be: The IPv4 or IPv6 address or the hostname to connect to.\nA host entry has the following form: `Host[:Port]`.\nThe Redis default port 6379 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-redis_type",
+ "text" : "redis_type",
+ "doc" : "Cluster mode. Must be set to 'cluster' when Redis server is running in clustered mode.",
+ "type" : "String(\"cluster\")",
+ "default" : "cluster"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ }
+ ],
+ "text" : "redis_cluster_connector",
+ "doc" : "Redis connector in cluster mode"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters",
+ "text" : "parameters",
+ "doc" : "Set of parameters specific for the given type of this Redis connector, `redis_type` can be one of `single`, `cluster` or `sentinel`.",
+ "type" : "OneOf(Struct(redis_single_connector),Struct(redis_sentinel_connector),Struct(redis_cluster_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a Redis action."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-redis",
+ "text" : "redis",
+ "doc" : "Redis Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-pipelining",
+ "text" : "pipelining",
+ "doc" : "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry times if an error occurs when sending a request.",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "Deprecated since e5.0.1.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-service_account_json",
+ "text" : "service_account_json",
+ "doc" : "JSON containing the GCP Service Account credentials to be used with PubSub.\nWhen a GCP Service Account is created (as described in https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount), you have the option of downloading the credentials in JSON form. That's the file needed.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a GCP PubSub Consumer Client."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer",
+ "text" : "gcp_pubsub_consumer",
+ "doc" : "GCP PubSub Consumer Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-greptimedb-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe GreptimeDB default port 8086 is used if `[:Port]` is not specified.",
+ "type" : "String",
+ "default" : "\"127.0.0.1:4001\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-dbname",
+ "text" : "dbname",
+ "doc" : "GreptimeDB database.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-username",
+ "text" : "username",
+ "doc" : "GreptimeDB username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-password",
+ "text" : "password",
+ "doc" : "GreptimeDB password.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for an GreptimeDB action."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-greptimedb",
+ "text" : "greptimedb",
+ "doc" : "GreptimeDB Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-tablestore-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-storage_model_type",
+ "text" : "storage_model_type",
+ "doc" : "Storage model type. Can be one of `timeseries` or `order`.",
+ "type" : "Enum(timeseries)",
+ "default" : "timeseries"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-endpoint",
+ "text" : "endpoint",
+ "doc" : "Endpoint for the Tablestore. e.g. https://myinstance.cn-hangzhou.ots.aliyuncs.com",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-instance_name",
+ "text" : "instance_name",
+ "doc" : "Instance name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-access_key_id",
+ "text" : "access_key_id",
+ "doc" : "Key ID. e.g. NTS**********************
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-access_key_secret",
+ "text" : "access_key_secret",
+ "doc" : "Key secret. e.g. 7NR2****************************************
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer",
+ "default" : "8"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-tablestore-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a Tablestore bridge."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-tablestore",
+ "text" : "tablestore",
+ "doc" : "Tablestore Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mysql-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe MySQL default port 3306 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String",
+ "default" : "root"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a MySQL action."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mysql",
+ "text" : "mysql",
+ "doc" : "MySQL Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-bootstrap_hosts",
+ "text" : "bootstrap_hosts",
+ "doc" : "A comma separated list of Kafka host:port endpoints to bootstrap the client.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "Maximum wait time for TCP connection establishment (including authentication time if enabled).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-min_metadata_refresh_interval",
+ "text" : "min_metadata_refresh_interval",
+ "doc" : "Minimum time interval the client has to wait before refreshing Kafka broker and topic metadata. Setting too small value may add extra load on Kafka.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-metadata_request_timeout",
+ "text" : "metadata_request_timeout",
+ "doc" : "Maximum wait time when fetching topic metadata.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password-mechanism",
+ "text" : "mechanism",
+ "doc" : "SASL authentication mechanism.",
+ "type" : "Enum(plain,scram_sha_256,scram_sha_512)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password-username",
+ "text" : "username",
+ "doc" : "SASL authentication username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password-password",
+ "text" : "password",
+ "doc" : "SASL authentication password.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_username_password",
+ "doc" : "Username/password based authentication."
+ },
+ {
+ "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_gssapi_kerberos",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_principal",
+ "text" : "kerberos_principal",
+ "doc" : "SASL GSSAPI authentication Kerberos principal. For example kafka/node1.example.com@EXAMPLE.COM, NOTE: The realm in use has to be configured in /etc/krb5.conf in EMQX nodes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_keytab_file",
+ "text" : "kerberos_keytab_file",
+ "doc" : "SASL GSSAPI authentication Kerberos keytab file path. NOTE: This file has to be placed in EMQX nodes, and the EMQX service runner user requires read permission.",
+ "type" : "String"
+ }
+ ],
+ "text" : "auth_gssapi_kerberos",
+ "doc" : "Use GSSAPI/Kerberos authentication."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication",
+ "text" : "authentication",
+ "doc" : "Authentication configs.\n- none: No authentication.\n- msk_iam: Use [MSK IAM authentication](https://docs.aws.amazon.com/msk/latest/developerguide/security-iam.html). Note: This only works when EMQX is running on an EC2 instance.\n- basic auth: Simple username and password authentication.\n- kerberos: Use Kerberos GSSAPI authentication.",
+ "type" : "OneOf(String(\"none\"),String(\"msk_iam\"),Struct(auth_username_password),Struct(auth_gssapi_kerberos))",
+ "default" : "none"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Fine tune the socket send buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Fine tune the socket receive buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "When set to 'true', TCP buffer is sent as soon as possible. Otherwise, the OS kernel may buffer small TCP packets for a while (40 ms by default).",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive",
+ "text" : "tcp_keepalive",
+ "doc" : "Enable TCP keepalive.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX will start sending probes after the connection is idle for 240 seconds, and the probes are sent every 30 seconds until a response is received, if it misses 5 consecutive responses, the connection should be closed.\nDefault: 'none'",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "socket_opts",
+ "doc" : "Extra socket options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts",
+ "text" : "socket_opts",
+ "doc" : "Extra socket options.",
+ "type" : "Struct(socket_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Server Name Indication (SNI) setting for TLS handshake.
\n- auto: Allow the client to automatically determine the appropriate SNI.
\n- disable: If you wish to prevent the client from sending the SNI.
\n- Other string values will be sent as-is.",
+ "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)",
+ "default" : "auto"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "TLS/SSL options for client."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl",
+ "text" : "ssl",
+ "type" : "Struct(ssl_client_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a Kafka Consumer Client."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_consumer",
+ "text" : "kafka_consumer",
+ "doc" : "Kafka Consumer Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-pool_type",
+ "text" : "pool_type",
+ "doc" : "The type of the pool. Can be one of `random`, `hash`.",
+ "type" : "Enum(random,hash)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-driver",
+ "text" : "driver",
+ "doc" : "The drivers for IoTDB connector, can be:\n- rest\n- thrift",
+ "type" : "Enum(restapi)",
+ "default" : "restapi"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-base_url",
+ "text" : "base_url",
+ "doc" : "The base URL of the external IoTDB service's REST interface.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-iotdb_version",
+ "text" : "iotdb_version",
+ "doc" : "The version of the IoTDB system to connect to.",
+ "type" : "Enum(v1.3.x,v1.1.x,v1.0.x,v0.13.x)",
+ "default" : "\"v1.3.x\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi-authentication-S-authentication",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-authentication-S-authentication-username",
+ "text" : "username",
+ "doc" : "The username as configured at the IoTDB REST/Thrift interface",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-authentication-S-authentication-password",
+ "text" : "password",
+ "doc" : "The password as configured at the IoTDB/Thrift REST interface
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "authentication",
+ "doc" : "Authentication configuration"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-authentication",
+ "text" : "authentication",
+ "doc" : "Authentication configuration",
+ "type" : "OneOf(Struct(authentication))",
+ "default" : "auth_basic"
+ }
+ ],
+ "text" : "config_restapi",
+ "doc" : "Configuration for Apache IoTDB bridge."
+ },
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_thrift",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-driver",
+ "text" : "driver",
+ "doc" : "The drivers for IoTDB connector, can be:\n- rest\n- thrift",
+ "type" : "Enum(thrift)",
+ "default" : "restapi"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-server",
+ "text" : "server",
+ "doc" : "The address of the IoTDB Thrift server (host:port)",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-protocol_version",
+ "text" : "protocol_version",
+ "doc" : "The version of IoTDB Thrift protocol",
+ "type" : "Enum(protocol_v1,protocol_v2,protocol_v3)",
+ "default" : "protocol_v3"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-zoneId",
+ "text" : "zoneId",
+ "doc" : "Timezone for IoTDB Thrift session",
+ "type" : "String",
+ "default" : "\"Asia/Shanghai\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size for the IoTDB Thrift connection pool",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "Timeout for connecting to the IoTDB Thrift server
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-recv_timeout",
+ "text" : "recv_timeout",
+ "doc" : "Timeout for IoTDB Thrift server response
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-username",
+ "text" : "username",
+ "doc" : "The username as configured at the IoTDB REST/Thrift interface",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-password",
+ "text" : "password",
+ "doc" : "The password as configured at the IoTDB/Thrift REST interface
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Connector resource options"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_thrift",
+ "doc" : "Configuration for Apache IoTDB bridge."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-iotdb",
+ "text" : "iotdb",
+ "doc" : "IoTDB Connector Config",
+ "type" : "Map($name->OneOf(Struct(config_restapi),Struct(config_thrift)))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-bootstrap_hosts",
+ "text" : "bootstrap_hosts",
+ "doc" : "A comma separated list of Azure Event Hubs Kafka host[:port] namespace endpoints to bootstrap the client. Default port number is 9093.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "Maximum wait time for TCP connection establishment (including authentication time if enabled).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-min_metadata_refresh_interval",
+ "text" : "min_metadata_refresh_interval",
+ "doc" : "Minimum time interval the client has to wait before refreshing Azure Event Hubs Kafka broker and topic metadata. Setting too small value may add extra load on Azure Event Hubs.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-metadata_request_timeout",
+ "text" : "metadata_request_timeout",
+ "doc" : "Maximum wait time when fetching metadata from Azure Event Hubs.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-authentication-S-auth_username_password",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-authentication-S-auth_username_password-password",
+ "text" : "password",
+ "doc" : "The Connection String for connecting to Azure Event Hubs. Should be the \"connection string-primary key\" of a Namespace shared access policy.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_username_password",
+ "doc" : "Username/password based authentication."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-authentication",
+ "text" : "authentication",
+ "doc" : "Authentication configs.",
+ "type" : "Struct(auth_username_password)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Fine tune the socket send buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Fine tune the socket receive buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "When set to 'true', TCP buffer is sent as soon as possible. Otherwise, the OS kernel may buffer small TCP packets for a while (40 ms by default).",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive",
+ "text" : "tcp_keepalive",
+ "doc" : "Enable TCP keepalive.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX will start sending probes after the connection is idle for 240 seconds, and the probes are sent every 30 seconds until a response is received, if it misses 5 consecutive responses, the connection should be closed.\nDefault: 'none'",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "socket_opts",
+ "doc" : "Extra socket options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts",
+ "text" : "socket_opts",
+ "doc" : "Extra socket options.",
+ "type" : "Struct(socket_opts)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-health_check_topic",
+ "text" : "health_check_topic",
+ "doc" : "Topic name used exclusively for more accurate connector health checks.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "String(\"true\")",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Server Name Indication (SNI) setting for TLS handshake.
\n- auto: The client will use \"servicebus.windows.net\" as SNI.
\n- disable: If you wish to prevent the client from sending the SNI.
\n- Other string values it will be sent as-is.",
+ "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)",
+ "default" : "auto"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "TLS/SSL options for Azure Event Hubs client."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl",
+ "text" : "ssl",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = true}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for an Azure Event Hubs bridge."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer",
+ "text" : "azure_event_hub_producer",
+ "doc" : "Azure Event Hub Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-syskeeper_proxy-S-config",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-listen",
+ "text" : "listen",
+ "doc" : "The listening address for this Syskeeper proxy server",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-acceptors",
+ "text" : "acceptors",
+ "doc" : "The number of the acceptors",
+ "type" : "Integer(0..+inf)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "The maximum to wait for the handshake when a connection is created
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config",
+ "doc" : "Configuration for a Syskeeper proxy connector"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy",
+ "text" : "syskeeper_proxy",
+ "doc" : "Syskeeper Proxy Connector Config",
+ "type" : "Map($name->Struct(config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3tables-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-access_key_id",
+ "text" : "access_key_id",
+ "doc" : "The access key ID of the S3Tables bucket.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-secret_access_key",
+ "text" : "secret_access_key",
+ "doc" : "The secret access key of the S3Tables bucket.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3tables_arn",
+ "text" : "s3tables_arn",
+ "doc" : "The ARN of the S3Tables bucket to be used.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-access_method",
+ "text" : "access_method",
+ "doc" : "Method to be used to access the bucket through HTTP API.",
+ "type" : "Enum(path,vhost)",
+ "default" : "path"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ipv6_probe",
+ "text" : "ipv6_probe",
+ "doc" : "Whether to probe for IPv6 support.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "Deprecated since 5.8.2.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = true}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP headers.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry times if error on sending request.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "transport_options",
+ "doc" : "Options for the HTTP transport layer used by the S3 client"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options",
+ "text" : "transport_options",
+ "doc" : "Options for the HTTP transport layer used by the S3 client.",
+ "type" : "Struct(transport_options)"
+ }
+ ],
+ "text" : "s3_client_params",
+ "doc" : "S3 connection parameters for reading and writing objects to S3Tables bucket."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client",
+ "text" : "s3_client",
+ "doc" : "S3 connection parameters for reading and writing objects to S3Tables bucket.",
+ "type" : "Struct(s3_client_params)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3tables-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a connector to S3Tables tables."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3tables",
+ "text" : "s3tables",
+ "doc" : "S3Tables Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-syskeeper_forwarder-S-config",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-server",
+ "text" : "server",
+ "doc" : "The address of the Syskeeper proxy server",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-ack_mode",
+ "text" : "ack_mode",
+ "doc" : "Specify whether the proxy server should reply with an acknowledgement for the message forwarding, can be:
- need_ack
- no_ack
",
+ "type" : "Enum(need_ack,no_ack)",
+ "default" : "no_ack"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-ack_timeout",
+ "text" : "ack_timeout",
+ "doc" : "The maximum time to wait for an acknowledgement from the proxy server
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config",
+ "doc" : "Configuration for a Syskeeper forwarder connector"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder",
+ "text" : "syskeeper_forwarder",
+ "doc" : "Syskeeper Connector Config",
+ "type" : "Map($name->Struct(config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pulsar-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-servers",
+ "text" : "servers",
+ "doc" : "A comma separated list of Pulsar URLs in the form scheme://host[:port]\n for the client to connect to. The supported schemes are pulsar:// (default)\n and pulsar+ssl://. The default port is 6650.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_basic",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_basic-username",
+ "text" : "username",
+ "doc" : "Basic authentication username. The `username` part of the `username:password` authentication string.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_basic-password",
+ "text" : "password",
+ "doc" : "Basic authentication password. The `password` part of the `username:password` authentication string.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_basic",
+ "doc" : "Parameters for basic authentication."
+ },
+ {
+ "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_token",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_token-jwt",
+ "text" : "jwt",
+ "doc" : "JWT authentication token.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_token",
+ "doc" : "Parameters for token authentication."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication",
+ "text" : "authentication",
+ "doc" : "Authentication configs.",
+ "type" : "OneOf(String(\"none\"),Struct(auth_basic),Struct(auth_token))",
+ "default" : "none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "Maximum wait time for TCP connection establishment (including authentication time if enabled).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Pulsar connector resource options"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Pulsar connector config"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pulsar",
+ "text" : "pulsar",
+ "doc" : "Pulsar Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pgsql-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe PostgreSQL default port 5432 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-disable_prepared_statements",
+ "text" : "disable_prepared_statements",
+ "doc" : "Disables the usage of prepared statements in the connections.\nSome endpoints, like PGBouncer or Supabase in Transaction mode, do not\nsupport session features such as prepared statements. For such connections,\nthis option should be enabled.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "The configuration for the PostgreSQL connector."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pgsql",
+ "text" : "pgsql",
+ "doc" : "PostgreSQL Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-bootstrap_hosts",
+ "text" : "bootstrap_hosts",
+ "doc" : "A comma separated list of Confluent Kafka host[:port] namespace endpoints to bootstrap the client. Default port number is 9092.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "Maximum wait time for TCP connection establishment (including authentication time if enabled).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-min_metadata_refresh_interval",
+ "text" : "min_metadata_refresh_interval",
+ "doc" : "Minimum time interval the client has to wait before refreshing Confluent Kafka broker and topic metadata. Setting too small value may add extra load on Confluent.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-metadata_request_timeout",
+ "text" : "metadata_request_timeout",
+ "doc" : "Maximum wait time when fetching metadata from Confluent.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-authentication-S-auth_username_password",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-authentication-S-auth_username_password-username",
+ "text" : "username",
+ "doc" : "Confluent Key.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-authentication-S-auth_username_password-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_username_password",
+ "doc" : "Username/password based authentication."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-authentication",
+ "text" : "authentication",
+ "doc" : "Authentication configs.",
+ "type" : "Struct(auth_username_password)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Fine tune the socket send buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Fine tune the socket receive buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "When set to 'true', TCP buffer is sent as soon as possible. Otherwise, the OS kernel may buffer small TCP packets for a while (40 ms by default).",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive",
+ "text" : "tcp_keepalive",
+ "doc" : "Enable TCP keepalive.\nThe value is three comma separated numbers in the format of 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX will start sending probes after the connection is idle for 240 seconds, and the probes are sent every 30 seconds until a response is received, if it misses 5 consecutive responses, the connection should be closed.\nDefault: 'none'",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "socket_opts",
+ "doc" : "Extra socket options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts",
+ "text" : "socket_opts",
+ "doc" : "Extra socket options.",
+ "type" : "Struct(socket_opts)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-health_check_topic",
+ "text" : "health_check_topic",
+ "doc" : "Topic name used exclusively for more accurate connector health checks.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Server Name Indication (SNI) setting for TLS handshake.
\n- auto: The client will use \"servicebus.windows.net\" as SNI.
\n- disable: If you wish to prevent the client from sending the SNI.
\n- Other string values it will be sent as-is.",
+ "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)",
+ "default" : "auto"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "TLS/SSL options for Confluent client."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl",
+ "text" : "ssl",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = true}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a Confluent action."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-confluent_producer",
+ "text" : "confluent_producer",
+ "doc" : "Confluent Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-rocketmq-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-servers",
+ "text" : "servers",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe RocketMQ default port 9876 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-namespace",
+ "text" : "namespace",
+ "doc" : "The namespace field MUST be set if you are using the RocketMQ service in\naliyun cloud and also the namespace is enabled,\nor if you have configured a namespace in your RocketMQ server.\nFor RocketMQ in aliyun cloud, the namespace is the instance ID.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-access_key",
+ "text" : "access_key",
+ "doc" : "RocketMQ server `accessKey`.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-secret_key",
+ "text" : "secret_key",
+ "doc" : "RocketMQ server `secretKey`.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-security_token",
+ "text" : "security_token",
+ "doc" : "RocketMQ Server Security Token
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for an RocketMQ Client."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-rocketmq",
+ "text" : "rocketmq",
+ "doc" : "RocketMQ Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-disk_log-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-filepath",
+ "text" : "filepath",
+ "doc" : "Base file path to the log file to be written to. Actual log files will have the format `filepath.N`, where `N` is `1..max_file_number`. The currently used file can be found by taking the file with the most recent modification date. Note that the directory containing it must also be writable by the EMQX application user, as it'll also contain extra files for internal use (ending in `.siz` and `.idx`).",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-max_file_size",
+ "text" : "max_file_size",
+ "doc" : "Maximum size for the currently active log file. At least one entry is written to each log, so the final file size may exceed this maximum if a single log entry exceeds this value.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-max_file_number",
+ "text" : "max_file_number",
+ "doc" : "Maximum number of log files to be used. Once the maximum number of files is reached and a new rotation is required, the oldest such file is truncated and used as the new current file.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-disk_log-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a Disk Logging connector."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-disk_log",
+ "text" : "disk_log",
+ "doc" : "Disk Log Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-sqlserver-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-driver",
+ "text" : "driver",
+ "doc" : "SQL Server Driver Name",
+ "type" : "String",
+ "default" : "\"ms-sql\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe SQL Server default port 1433 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String",
+ "default" : "sa"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a Microsoft SOL Server connector."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-sqlserver",
+ "text" : "sqlserver",
+ "doc" : "Microsoft SQL Server Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-access_key_id",
+ "text" : "access_key_id",
+ "doc" : "The access key ID of the S3 bucket.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-secret_access_key",
+ "text" : "secret_access_key",
+ "doc" : "The secret access key of the S3 bucket.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-host",
+ "text" : "host",
+ "doc" : "The host of the S3 endpoint.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-port",
+ "text" : "port",
+ "doc" : "The port of the S3 endpoint.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-access_method",
+ "text" : "access_method",
+ "doc" : "Method to be used to access the bucket through HTTP API.",
+ "type" : "Enum(path,vhost)",
+ "default" : "path"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ipv6_probe",
+ "text" : "ipv6_probe",
+ "doc" : "Whether to probe for IPv6 support.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "Deprecated since 5.8.2.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = true}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP headers.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry times if error on sending request.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "transport_options",
+ "doc" : "Options for the HTTP transport layer used by the S3 client"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options",
+ "text" : "transport_options",
+ "doc" : "Options for the HTTP transport layer used by the S3 client.",
+ "type" : "Struct(transport_options)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "s3_connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(s3_connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a connector to S3 API compatible storage service."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3",
+ "text" : "s3",
+ "doc" : "S3 Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-gcp_pubsub_producer-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-pipelining",
+ "text" : "pipelining",
+ "doc" : "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry times if an error occurs when sending a request.",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "Deprecated since e5.0.1.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-service_account_json",
+ "text" : "service_account_json",
+ "doc" : "JSON containing the GCP Service Account credentials to be used with PubSub.\nWhen a GCP Service Account is created (as described in https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount), you have the option of downloading the credentials in JSON form. That's the file needed.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Configuration for a GCP PubSub Producer Client."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer",
+ "text" : "gcp_pubsub_producer",
+ "doc" : "GCP PubSub Producer Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ }
+ ],
+ "text" : "connectors",
+ "doc" : "Connectors that are used to connect to external systems"
+ }
+ ],
+ "hash" : "V-connectors",
+ "text" : "connectors",
+ "type" : "Struct(connectors)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, FROM_UNIXTIME(${timestamp}/1000))\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-parameters-S-action_parameters-undefined_vars_as_null",
+ "text" : "undefined_vars_as_null",
+ "doc" : "When writing to databases, treat undefined variables as NULL.\nWhen this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.\nThis option should always be `true` if possible; the default value `false` is only to ensure backward compatibility.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Additional parameters specific to this action type"
+ }
+ ],
+ "hash" : "V-actions-S-actions-doris-S-doris-parameters",
+ "text" : "parameters",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "doris",
+ "doc" : "Action to interact with a Doris Connector."
+ }
+ ],
+ "hash" : "V-actions-S-actions-doris",
+ "text" : "doris",
+ "doc" : "Doris Action Config",
+ "type" : "Map($name->Struct(doris))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "The template string can contain ${field} placeholders for message metadata and payload field. Make sure that the inserted values are formatted and escaped correctly. [Prepared Statement](https://docs.emqx.com/en/enterprise/v5.0/data-integration/data-bridges.html#Prepared-Statement) is not supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters-undefined_vars_as_null",
+ "text" : "undefined_vars_as_null",
+ "doc" : "When writing to databases, treat undefined variables as NULL.\nWhen this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.\nThis option should always be `true` if possible; the default value `false` is only to ensure backward compatibility.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters-batch_value_separator",
+ "text" : "batch_value_separator",
+ "doc" : "The default value ',' works for the VALUES format. You can also use other separator if other format is specified. See [INSERT INTO Statement](https://clickhouse.com/docs/en/sql-reference/statements/insert-into).",
+ "type" : "String",
+ "default" : "\", \""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Action specific configs."
+ }
+ ],
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters",
+ "text" : "parameters",
+ "doc" : "Action specific configs.",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "clickhouse_action",
+ "doc" : "Action configs."
+ }
+ ],
+ "hash" : "V-actions-S-actions-clickhouse",
+ "text" : "clickhouse",
+ "doc" : "ClickHouse Action Config",
+ "type" : "Map($name->Struct(clickhouse_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-wait_for_publish_confirmations",
+ "text" : "wait_for_publish_confirmations",
+ "doc" : "A boolean value that indicates whether to wait for RabbitMQ to confirm message publication when using publisher confirms.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-publish_confirmation_timeout",
+ "text" : "publish_confirmation_timeout",
+ "doc" : "The timeout for waiting on the connection to be established.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-exchange",
+ "text" : "exchange",
+ "doc" : "The name of the RabbitMQ exchange where the messages will be sent. Supports templates (e.g.: `e-${payload.e}`). Leave blank and configure `routing_key` to the specified Queue to use RabbitMQ's default Exchange.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-routing_key",
+ "text" : "routing_key",
+ "doc" : "The routing key used to route messages to the correct queue in the RabbitMQ exchange. Supports templates (e.g.: `k-${payload.r}`).
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-delivery_mode",
+ "text" : "delivery_mode",
+ "doc" : "The delivery mode for messages published to RabbitMQ. Delivery mode non_persistent (1) is suitable for messages that don't require persistence across RabbitMQ restarts, whereas delivery mode persistent (2) is designed for messages that must survive RabbitMQ restarts.",
+ "type" : "Enum(non_persistent,persistent)",
+ "default" : "non_persistent"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-payload_template",
+ "text" : "payload_template",
+ "doc" : "The template for formatting the payload of the message before sending it to RabbitMQ. Template placeholders, such as ${field1.sub_field}, will be substituted with the respective field's value. When left empty, the entire input message will be used as the payload, formatted as a JSON text. This behavior is equivalent to specifying ${.} as the payload template.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "The action config defines how this bridge send messages to the remote RabbitMQ broker"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters",
+ "text" : "parameters",
+ "doc" : "The action config defines how this bridge send messages to the remote RabbitMQ broker",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "publisher_action",
+ "doc" : "Action configs."
+ }
+ ],
+ "hash" : "V-actions-S-actions-rabbitmq",
+ "text" : "rabbitmq",
+ "doc" : "RabbitMQ Action Config",
+ "type" : "Map($name->Struct(publisher_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-topic",
+ "text" : "topic",
+ "doc" : "Forward to which topic of the remote broker.
\nTemplate with variables is allowed.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-qos",
+ "text" : "qos",
+ "doc" : "The QoS of the MQTT message to be sent.
\nTemplate with variables is allowed.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the MQTT message to be sent.
\nTemplate with variables is allowed.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-payload",
+ "text" : "payload",
+ "doc" : "The payload of the MQTT message to be sent.
\nTemplate with variables is allowed.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Action specific configs."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters",
+ "text" : "parameters",
+ "doc" : "Action specific configs.",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "mqtt_publisher_action",
+ "doc" : "Action configs."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mqtt",
+ "text" : "mqtt",
+ "doc" : "MQTT Publisher Action Config",
+ "type" : "Map($name->Struct(mqtt_publisher_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-template",
+ "text" : "template",
+ "doc" : "Template, the default value is empty. When this value is empty the whole message will be stored in the database.
\nThe template can be any valid JSON with placeholders and make sure all keys for table are here, example:
\n {\"id\" : \"${id}\", \"clientid\" : \"${clientid}\", \"data\" : \"${payload.data}\"}
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-hash_key",
+ "text" : "hash_key",
+ "doc" : "DynamoDB Hash Key",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-range_key",
+ "text" : "range_key",
+ "doc" : "DynamoDB Range Key",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-table",
+ "text" : "table",
+ "doc" : "DynamoDB Table.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-undefined_vars_as_null",
+ "text" : "undefined_vars_as_null",
+ "doc" : "When writing to databases, treat undefined variables as NULL.\nWhen this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.\nThis option should always be `true` if possible; the default value `false` is only to ensure backward compatibility.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Action specific configuration."
+ }
+ ],
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters",
+ "text" : "parameters",
+ "doc" : "Action specific configuration.",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "dynamo_action",
+ "doc" : "Configuration for DynamoDB action."
+ }
+ ],
+ "hash" : "V-actions-S-actions-dynamo",
+ "text" : "dynamo",
+ "doc" : "DynamoDB Action Config",
+ "type" : "Map($name->Struct(dynamo_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Configuration Parameters Specific to the PostgreSQL Action"
+ }
+ ],
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-parameters",
+ "text" : "parameters",
+ "doc" : "Configuration Parameters Specific to the PostgreSQL Action",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "pgsql_action",
+ "doc" : "Configuration for PostgreSQL Action"
+ }
+ ],
+ "hash" : "V-actions-S-actions-timescale",
+ "text" : "timescale",
+ "doc" : "Timescale Action Config",
+ "type" : "Map($name->Struct(pgsql_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in Kafka.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-topic",
+ "text" : "topic",
+ "doc" : "Kafka topic name. Supports templates (e.g.: `t-${payload.t}`).
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message-key",
+ "text" : "key",
+ "doc" : "Template for rendering message key. If the template is rendered into a NULL value (i.e. there is no such data field in Rule Engine context) then NULL (but not empty string) is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${.clientid}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message-value",
+ "text" : "value",
+ "doc" : "Template for rendering Kafka message value. If the template is rendered into a NULL value (i.e. there is no such data field in Rule Engine context) then Kafka's NULL (but not empty string) is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${.}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message-timestamp",
+ "text" : "timestamp",
+ "doc" : "Which timestamp to use. The timestamp is expected to be a millisecond precision Unix epoch which can be in string format, e.g. 1661326462115 or '1661326462115'. When the desired data field for this template is not found, or if the found data is not a valid integer, the current system timestamp will be used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${.timestamp}\""
+ }
+ ],
+ "text" : "kafka_message",
+ "doc" : "Template for rendering a message."
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message",
+ "text" : "message",
+ "doc" : "Template for rendering a message.",
+ "type" : "Struct(kafka_message)"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_linger_time",
+ "text" : "max_linger_time",
+ "doc" : "Maximum duration for a per-partition producer to wait for messages in order to collect a batch to buffer.\nThe default value `0` means no wait. For non-memory buffer mode, it's advised to configure at least `5ms` for less IOPS.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_linger_bytes",
+ "text" : "max_linger_bytes",
+ "doc" : "Maximum number of bytes for a per-partition producer to wait for messages in order to collect a batch to buffer.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"10MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_batch_bytes",
+ "text" : "max_batch_bytes",
+ "doc" : "Maximum bytes to collect in a Kafka message batch. Most of the Kafka brokers default to a limit of 1 MB batch size. EMQX's default value is less than 1 MB in order to compensate Kafka message encoding overheads (especially when each individual message is very small). When a single message is over the limit, it is still sent (as a single element batch).
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"896KB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-compression",
+ "text" : "compression",
+ "doc" : "Specify the method of compression.",
+ "type" : "Enum(no_compression,snappy,gzip)",
+ "default" : "no_compression"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-partition_strategy",
+ "text" : "partition_strategy",
+ "doc" : "Partition strategy is to tell the producer how to dispatch messages to partitions.\n\nrandom: Randomly pick a partition for each message.\nkey_dispatch: Assigns messages to partitions based on a hash of the message key,\nensuring consistent partition for messages with the same key.",
+ "type" : "Enum(random,key_dispatch)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-required_acks",
+ "text" : "required_acks",
+ "doc" : "The acknowledgement criteria for the partition leader. It determines the level of confirmation required from partition replicas before sending an acknowledgement back to the producer.\n\nall_isr: Require all in-sync replicas to acknowledge.\nleader_only: Require only the partition-leader's acknowledgement.\nnone: No need for Kafka to acknowledge at all.",
+ "type" : "Enum(all_isr,leader_only,none)",
+ "default" : "all_isr"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_headers",
+ "text" : "kafka_headers",
+ "doc" : "Provide a placeholder for message headers
\ne.g. ${pub_props}
\nNote that the value of the placeholder must be either an object:\n{\"foo\": \"bar\"}\nor an array of key-value pairs:\n[{\"key\": \"foo\", \"value\": \"bar\"}]
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_key",
+ "text" : "kafka_ext_header_key",
+ "doc" : "Key of the header. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_value",
+ "text" : "kafka_ext_header_value",
+ "doc" : "Value of the header. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ }
+ ],
+ "text" : "producer_kafka_ext_headers",
+ "doc" : "Provide more key-value pairs for message headers
\nThe key-value pairs here will be combined with the\nvalue of kafka_headers field before sending producing."
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers",
+ "text" : "kafka_ext_headers",
+ "doc" : "Provide more key-value pairs for message headers
\nThe key-value pairs here will be combined with the\nvalue of kafka_headers field before sending producing.",
+ "type" : "Array(Struct(producer_kafka_ext_headers))"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_header_value_encode_mode",
+ "text" : "kafka_header_value_encode_mode",
+ "doc" : "The encoding mode for headers.\n\n - `none`: Add only strings are added as header values\n - `json`: Encode header values as JSON string",
+ "type" : "Enum(none,json)",
+ "default" : "none"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-partition_count_refresh_interval",
+ "text" : "partition_count_refresh_interval",
+ "doc" : "The time interval for Kafka producer to discover increased number of partitions.\nAfter the number of partitions is increased in Kafka, EMQX will start taking the\ndiscovered partitions into account when dispatching messages per partition_strategy.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-partitions_limit",
+ "text" : "partitions_limit",
+ "doc" : "Limit the number of partitions to produce data for the given topic.\nThe special value `all_partitions` is to utilize all partitions for the topic.\nSetting this to a value which is greater than the total number of partitions in has no effect.",
+ "type" : "OneOf(String(\"all_partitions\"),Integer(1..+inf))",
+ "default" : "all_partitions"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "The maximum number of message batches that the producer can send to each partition before it must wait for an acknowledgement.\nSetting a higher number can enhance throughput. However, value above 1 may lead to potential message reordering risks.",
+ "type" : "Integer(1..+inf)",
+ "default" : "10"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-mode",
+ "text" : "mode",
+ "doc" : "Message buffer mode.\n\nmemory: Buffer all messages in memory. The messages will be lost in case of EMQX node restart\ndisk: Buffer all messages on disk. The messages on disk are able to survive EMQX node restart.\nhybrid: Buffer message in memory first, when up to certain limit (see segment_bytes config for more information), then start offloading messages to disk, Like memory mode, the messages will be lost in case of EMQX node restart.",
+ "type" : "Enum(memory,disk,hybrid)",
+ "default" : "memory"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-per_partition_limit",
+ "text" : "per_partition_limit",
+ "doc" : "Number of bytes allowed to buffer for each partition. When this limit is exceeded, older messages will be discarded to make room for new messages to be buffered.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-segment_bytes",
+ "text" : "segment_bytes",
+ "doc" : "Applicable when buffer mode is set to disk or hybrid.\nThis setting specifies the size of each buffer file stored on disk.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"10MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-memory_overload_protection",
+ "text" : "memory_overload_protection",
+ "doc" : "Applicable when buffer mode is set to memory\nEMQX will drop old buffered messages under high memory pressure. The high memory threshold is defined in config sysmon.os.sysmem_high_watermark. NOTE: This config only works on Linux.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "producer_buffer",
+ "doc" : "Configure producer message buffer.\n\nTell Kafka producer how to buffer messages when EMQX has more messages to send than Kafka can keep up, or when Kafka is down."
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Configure producer message buffer.\n\nTell Kafka producer how to buffer messages when EMQX has more messages to send than Kafka can keep up, or when Kafka is down.",
+ "type" : "Struct(producer_buffer)"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(async,sync)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-sync_query_timeout",
+ "text" : "sync_query_timeout",
+ "doc" : "This parameter defines the timeout limit for synchronous queries. It applies only when the query mode is configured to 'sync'.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "producer_kafka_opts",
+ "doc" : "Kafka producer configs."
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters",
+ "aliases" : [
+ "kafka"
+ ],
+ "text" : "parameters",
+ "doc" : "Kafka producer configs.",
+ "type" : "Struct(producer_kafka_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts",
+ "text" : "resource_opts",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "kafka_producer_action",
+ "doc" : "Producer Action"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer",
+ "text" : "kafka_producer",
+ "doc" : "Kafka Producer Action Config",
+ "type" : "Map($name->Struct(kafka_producer_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-parameters-S-action_parameters-write_syntax",
+ "text" : "write_syntax",
+ "doc" : "Conf of InfluxDB line protocol to write data points. It is a text-based format that provides the measurement, tag set, field set, and timestamp of a data point, and placeholder supported.\nSee also [InfluxDB 1.8 Line Protocol](https://docs.influxdata.com/influxdb/v1.8/write_protocols/line_protocol_tutorial/)
\nTLDR:
\n```\n[,=[,=]] =[,=] []\n```\nPlease note that a placeholder for an integer value must be annotated with a suffix `i`. For example `${payload.int_value}i`.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-parameters-S-action_parameters-precision",
+ "text" : "precision",
+ "doc" : "Datalayers time precision.",
+ "type" : "Enum(ns,us,ms,s)",
+ "default" : "ms"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Additional parameters specific to this action type"
+ }
+ ],
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-parameters",
+ "text" : "parameters",
+ "doc" : "Additional parameters specific to this action type",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "datalayers_action",
+ "doc" : "Action to interact with a Datalayers connector"
+ }
+ ],
+ "hash" : "V-actions-S-actions-datalayers",
+ "text" : "datalayers",
+ "doc" : "Datalayers Action Config",
+ "type" : "Map($name->Struct(datalayers_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase-parameters-S-parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-parameters-S-parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-parameters-S-parameters-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry times if error on sending request.",
+ "type" : "Integer(0..+inf)",
+ "default" : "3"
+ }
+ ],
+ "text" : "parameters",
+ "doc" : "Set of parameters for the action."
+ }
+ ],
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-parameters",
+ "text" : "parameters",
+ "doc" : "Set of parameters for the action.",
+ "type" : "Struct(parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "couchbase",
+ "doc" : "Action that takes incoming events and uploads them to the Couchbase service."
+ }
+ ],
+ "hash" : "V-actions-S-actions-couchbase",
+ "text" : "couchbase",
+ "doc" : "Couchbase Action Config",
+ "type" : "Map($name->Struct(couchbase))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-parameters-S-action_parameters-collection",
+ "text" : "collection",
+ "doc" : "The collection where data will be stored into
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "mqtt"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-parameters-S-action_parameters-payload_template",
+ "text" : "payload_template",
+ "doc" : "The template for formatting the outgoing messages. If undefined, rule engine will use JSON format to serialize all visible inputs, such as clientid, topic, payload etc.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Additional parameters specific to this action type"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-parameters",
+ "text" : "parameters",
+ "doc" : "Additional parameters specific to this action type",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "mongodb_action",
+ "doc" : "Action to interact with a MongoDB connector"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mongodb",
+ "text" : "mongodb",
+ "doc" : "MongoDB Action Config",
+ "type" : "Map($name->Struct(mongodb_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Configuration Parameters Specific to the PostgreSQL Action"
+ }
+ ],
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-parameters",
+ "text" : "parameters",
+ "doc" : "Configuration Parameters Specific to the PostgreSQL Action",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "pgsql_action",
+ "doc" : "Configuration for PostgreSQL Action"
+ }
+ ],
+ "hash" : "V-actions-S-actions-matrix",
+ "text" : "matrix",
+ "doc" : "Matrix Action Config",
+ "type" : "Map($name->Struct(pgsql_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-action",
+ "text" : "action",
+ "doc" : "Insert a new doc record.",
+ "type" : "String(\"create\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-index",
+ "text" : "index",
+ "doc" : "Name of index, or index alias to perform the action on.\nThis parameter is required.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-id",
+ "text" : "id",
+ "doc" : "The document ID. If no ID is specified, a document ID is automatically generated.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-doc",
+ "text" : "doc",
+ "doc" : "JSON document. If undefined, rule engine will use JSON format to serialize all visible inputs, such as clientid, topic, payload etc.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-routing",
+ "text" : "routing",
+ "doc" : "Custom value used to route operations to a specific shard.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-require_alias",
+ "text" : "require_alias",
+ "doc" : "If true, the request's actions must target an index alias. Defaults to false",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-overwrite",
+ "text" : "overwrite",
+ "doc" : "Set to false If a document with the specified _id already exists(conflict), the operation will fail.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-max_retries",
+ "text" : "max_retries",
+ "doc" : "HTTP request max retry times if failed.",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ }
+ ],
+ "text" : "action_create",
+ "doc" : "Adds a JSON document to the specified index and makes it searchable.\nIf the target is an index and the document already exists,\nthe request updates the document and increments its version."
+ },
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-action",
+ "text" : "action",
+ "doc" : "Delete a doc record.",
+ "type" : "String(\"delete\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-index",
+ "text" : "index",
+ "doc" : "Name of index, or index alias to perform the action on.\nThis parameter is required.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-id",
+ "text" : "id",
+ "doc" : "The document ID. If no ID is specified, a document ID is automatically generated.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-routing",
+ "text" : "routing",
+ "doc" : "Custom value used to route operations to a specific shard.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-max_retries",
+ "text" : "max_retries",
+ "doc" : "HTTP request max retry times if failed.",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ }
+ ],
+ "text" : "action_delete",
+ "doc" : "Removes a JSON document from the specified index."
+ },
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-action",
+ "text" : "action",
+ "doc" : "Update an existing document or insert a new document if it doesn't exist (when `doc_as_upsert` is `true`).",
+ "type" : "String(\"update\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-index",
+ "text" : "index",
+ "doc" : "Name of index, or index alias to perform the action on.\nThis parameter is required.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-id",
+ "text" : "id",
+ "doc" : "The document ID. If no ID is specified, a document ID is automatically generated.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-doc",
+ "text" : "doc",
+ "doc" : "JSON document. If undefined, rule engine will use JSON format to serialize all visible inputs, such as clientid, topic, payload etc.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-doc_as_upsert",
+ "text" : "doc_as_upsert",
+ "doc" : "When set to `true`, the document will be used as the upsert value - meaning it will be inserted if it doesn't exist, or updated if it does.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-routing",
+ "text" : "routing",
+ "doc" : "Custom value used to route operations to a specific shard.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-require_alias",
+ "text" : "require_alias",
+ "doc" : "If true, the request's actions must target an index alias. Defaults to false",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-max_retries",
+ "text" : "max_retries",
+ "doc" : "HTTP request max retry times if failed.",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ }
+ ],
+ "text" : "action_update",
+ "doc" : "Updates a document using the specified doc."
+ }
+ ],
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters",
+ "text" : "parameters",
+ "doc" : "ElasticSearch action parameters",
+ "type" : "OneOf(Struct(action_create),Struct(action_delete),Struct(action_update))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "action_config",
+ "doc" : "ElasticSearch Action Configuration"
+ }
+ ],
+ "hash" : "V-actions-S-actions-elasticsearch",
+ "text" : "elasticsearch",
+ "doc" : "Elasticsearch Bridge",
+ "type" : "Map($action_name->Struct(action_config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action-parameters-S-parameters_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-path",
+ "text" : "path",
+ "doc" : "The URL path for this Action.
\nThis path will be appended to the Connector's url configuration to form the full\nURL address.\nTemplate with variables is allowed in this option. For example, /room/${room_no}
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-method",
+ "text" : "method",
+ "doc" : "The method of the HTTP request. All the available methods are: post, put, get, delete.
\nTemplate with variables is allowed.",
+ "type" : "Enum(post,put,get,delete)",
+ "default" : "post"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-headers",
+ "text" : "headers",
+ "doc" : "The headers of the HTTP request.
\nTemplate with variables is allowed.",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=5\"}"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-body",
+ "text" : "body",
+ "doc" : "The body of the HTTP request.
\nIf not provided, the body will be a JSON object of all the available fields.
\nThere, 'all the available fields' means the context of a MQTT message when\nthis webhook is triggered by receiving a MQTT message (the `local_topic` is set),\nor the context of the event when this webhook is triggered by a rule (i.e. this\nwebhook is used as an action of a rule).
\nTemplate with variables is allowed.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-max_retries",
+ "text" : "max_retries",
+ "doc" : "HTTP request max retry times if failed.",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "Deprecated since v5.0.26.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "parameters_opts",
+ "doc" : "The parameters for HTTP action."
+ }
+ ],
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters",
+ "text" : "parameters",
+ "doc" : "The parameters for HTTP action.",
+ "type" : "Struct(parameters_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "http_action",
+ "doc" : "Configuration for an HTTP action."
+ }
+ ],
+ "hash" : "V-actions-S-actions-http",
+ "aliases" : [
+ "webhook"
+ ],
+ "text" : "http",
+ "doc" : "HTTP Action Config",
+ "type" : "Map($name->Struct(http_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-mode",
+ "text" : "mode",
+ "doc" : "Enables time-based aggregation of incoming events and uploading them to the Azure Blob Storage service as a single object.",
+ "type" : "String(\"aggregated\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-type",
+ "text" : "type",
+ "doc" : "Records (events) will be aggregated and uploaded as a CSV file.",
+ "type" : "String(\"csv\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-column_order",
+ "text" : "column_order",
+ "doc" : "Event fields that will be ordered first as columns in the resulting CSV file.
\nRegardless of this setting, resulting CSV will contain all the fields of aggregated events, but all the columns not explicitly mentioned here will be ordered after the ones listed here in the lexicographical order.",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "container_csv",
+ "doc" : "Records (events) will be aggregated and uploaded as a CSV file."
+ },
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_json_lines",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_json_lines-type",
+ "text" : "type",
+ "doc" : "Records (events) will be aggregated and uploaded as a [JSON Lines](https://jsonlines.org/) file.",
+ "type" : "String(\"json_lines\")"
+ }
+ ],
+ "text" : "container_json_lines",
+ "doc" : "Records (events) will be aggregated and uploaded as a [JSON Lines](https://jsonlines.org/) file."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container",
+ "text" : "container",
+ "doc" : "Settings governing the file format of an upload containing aggregated events.",
+ "type" : "OneOf(Struct(container_csv),Struct(container_json_lines))",
+ "default" : "{type = csv}"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-time_interval",
+ "text" : "time_interval",
+ "doc" : "Amount of time events will be aggregated in a single object before uploading.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"1h\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-max_records",
+ "text" : "max_records",
+ "doc" : "Number of records (events) allowed per each aggregated object. Each aggregated upload will contain no more than that number of events, but may contain less.
\n If event rate is high enough, there obviously may be more than one aggregated upload during the same time interval. These uploads will have different, but consecutive sequence numbers, which will be a part of Azure Blob Storage blob name.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1000000"
+ }
+ ],
+ "text" : "aggregation",
+ "doc" : "Set of parameters governing the aggregation process."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation",
+ "text" : "aggregation",
+ "doc" : "Set of parameters governing the aggregation process.",
+ "type" : "Struct(aggregation)"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-container",
+ "text" : "container",
+ "doc" : "The Azure Blob Storage container name. Does not support templates.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-blob",
+ "text" : "blob",
+ "doc" : "Template for the Azure Blob Storage blob name of an aggregated upload.
\n Template may contain placeholders for the following variables:\n \n ${action}: name of the action (required).${node}: name of the EMQX node conducting the upload (required).${datetime.{format}}: date and time when aggregation started, formatted according to the {format} string (required):\n \n ${datetime.rfc3339utc}: RFC3339-formatted date and time in UTC,${datetime.rfc3339}: RFC3339-formatted date and time in local timezone,${datetime.unix}: Unix timestamp.
\n ${datetime_until.{format}}: date and time when aggregation ended, with the same formatting options.${sequence}: sequence number of the aggregated upload within the same time interval (required).
\n All other placeholders are considered invalid. Note that placeholders marked as required will be added as a path suffix to the Azure Blob Storage blob name if they are missing from the template.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ }
+ ],
+ "text" : "aggreg_parameters",
+ "doc" : "Set of parameters for the action in aggregated mode."
+ },
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-mode",
+ "text" : "mode",
+ "doc" : "Enables uploading of events to the Azure Blob Storage service as separate objects.",
+ "type" : "String(\"direct\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-container",
+ "text" : "container",
+ "doc" : "The name of the Azure Blob Storage container name.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-blob",
+ "text" : "blob",
+ "doc" : "The name of the Azure Blob Storage blob name.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-content",
+ "text" : "content",
+ "doc" : "Content of the Azure Blob Storage blob being uploaded. Supports templates.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${.}\""
+ }
+ ],
+ "text" : "direct_parameters",
+ "doc" : "Set of parameters for the upload action. Action supports templates in Azure Blob Storage container name, blob name and blob content."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters",
+ "text" : "parameters",
+ "doc" : "Set of parameters for the action.",
+ "type" : "OneOf(Struct(aggreg_parameters),Struct(direct_parameters))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "azure_blob_storage",
+ "doc" : "Action that takes incoming events and uploads them to the Azure Blob Storage service."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage",
+ "text" : "azure_blob_storage",
+ "doc" : "Azure Blob Storage Action Config",
+ "type" : "Map($name->Struct(azure_blob_storage))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL Template. The template string can contain placeholders for message metadata and payload field. The placeholders are inserted without any checking and special formatting, so it is important to ensure that the inserted values are formatted and escaped correctly.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msgs(msgid, topic, qos, payload) values (${id}, ${topic}, ${qos}, ${payload})\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Action specific configuration."
+ }
+ ],
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-parameters",
+ "text" : "parameters",
+ "doc" : "Action specific configuration.",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "oracle_action",
+ "doc" : "Configuration for Oracle Action"
+ }
+ ],
+ "hash" : "V-actions-S-actions-oracle",
+ "text" : "oracle",
+ "doc" : "Oracle Action Config",
+ "type" : "Map($name->Struct(oracle_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-parameters-S-action_parameters-cql",
+ "text" : "cql",
+ "doc" : "CQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"insert into mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, ${timestamp})\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Action specific configs."
+ }
+ ],
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-parameters",
+ "text" : "parameters",
+ "doc" : "Action specific configs.",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "cassandra_action",
+ "doc" : "Action configs."
+ }
+ ],
+ "hash" : "V-actions-S-actions-cassandra",
+ "text" : "cassandra",
+ "doc" : "Cassandra Action Config",
+ "type" : "Map($name->Struct(cassandra_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-timestamp",
+ "text" : "timestamp",
+ "doc" : "Timestamp. Placeholders in the format of ${var} are supported
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-metric",
+ "text" : "metric",
+ "doc" : "Metric. Placeholders in the format of ${var} are supported
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-tags",
+ "text" : "tags",
+ "doc" : "Tags. Only supports with placeholder to extract tags from a variable or a tags map",
+ "type" : "OneOf(Map,String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-value",
+ "text" : "value",
+ "doc" : "Value. Placeholders in the format of ${var} are supported",
+ "type" : "OneOf(Integer,Float,String)"
+ }
+ ],
+ "text" : "action_parameters_data",
+ "doc" : "OpenTSDB action parameter data"
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data",
+ "text" : "data",
+ "doc" : "OpenTSDB action parameter data",
+ "type" : "Array(Struct(action_parameters_data))",
+ "default" : "[]"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "OpenTSDB action parameters"
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents-S-action_config-parameters",
+ "text" : "parameters",
+ "doc" : "OpenTSDB action parameters",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "action_config",
+ "doc" : "Configuration for an OpenTSDB bridge."
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents",
+ "text" : "opents",
+ "doc" : "OpenTSDB Action Config",
+ "type" : "Map($name->Struct(action_config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-stream",
+ "text" : "stream",
+ "doc" : "HStreamDB Stream Name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-partition_key",
+ "text" : "partition_key",
+ "doc" : "HStreamDB Partition Key. Placeholders supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-grpc_flush_timeout",
+ "text" : "grpc_flush_timeout",
+ "doc" : "Time interval for flushing gRPC calls to the HStreamDB server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-record_template",
+ "text" : "record_template",
+ "doc" : "The HStream Record template to be forwarded to the HStreamDB. Placeholders supported.
\nNOTE: When you use `raw record` template (which means the data is not a valid JSON), you should use `read` or `subscription` in HStream to get the data.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-aggregation_pool_size",
+ "text" : "aggregation_pool_size",
+ "doc" : "The size of the record aggregation pool. A larger aggregation pool size can lead to enhanced parallelization but may also result in reduced efficiency due to smaller batch sizes.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-max_batches",
+ "text" : "max_batches",
+ "doc" : "Maximum number of unconfirmed batches in the flush queue.",
+ "type" : "Integer(1..+inf)",
+ "default" : "500"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-writer_pool_size",
+ "text" : "writer_pool_size",
+ "doc" : "The size of the writer pool. A larger pool may increase parallelization and concurrent write operations, potentially boosting throughput. Trade-offs include greater memory consumption and possible resource contention.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum number of insert data clauses that can be sent in a single request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-batch_interval",
+ "text" : "batch_interval",
+ "doc" : "Maximum interval that is allowed between two successive (batch) request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"500ms\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Action specific configuration."
+ }
+ ],
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters",
+ "text" : "parameters",
+ "doc" : "Action specific configuration.",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "hstreamdb_action",
+ "doc" : "Configuration for HStreamDB action."
+ }
+ ],
+ "hash" : "V-actions-S-actions-hstreamdb",
+ "text" : "hstreamdb",
+ "doc" : "HStreamDB Action Config",
+ "type" : "Map($name->Struct(hstreamdb_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters-payload_template",
+ "text" : "payload_template",
+ "doc" : "The template for formatting the outgoing messages. If undefined, will send all the available context in JSON format.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${.}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters-stream_name",
+ "text" : "stream_name",
+ "doc" : "The Amazon Kinesis Stream to publish messages to.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters-partition_key",
+ "text" : "partition_key",
+ "doc" : "The Amazon Kinesis Partition Key associated to published message. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Action specific configuration."
+ }
+ ],
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters",
+ "text" : "parameters",
+ "doc" : "Action specific configuration.",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..500)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "kinesis_action",
+ "doc" : "Configuration for Kinesis Action"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kinesis",
+ "text" : "kinesis",
+ "doc" : "Kinesis Action Config",
+ "type" : "Map($name->Struct(kinesis_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-mode",
+ "text" : "mode",
+ "doc" : "Enables time-based aggregation of incoming events and uploading them to the Snowflake as a single object. This aggregation is done independently by each node in the cluster.",
+ "type" : "String(\"aggregated\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-type",
+ "text" : "type",
+ "doc" : "Records (events) will be aggregated and uploaded as a CSV file.",
+ "type" : "String(\"csv\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-column_order",
+ "text" : "column_order",
+ "doc" : "Event fields that will be ordered first as columns in the resulting CSV file.
\nRegardless of this setting, resulting CSV will contain all the fields of aggregated events, but all the columns not explicitly mentioned here will be ordered after the ones listed here in the lexicographical order.",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "container_csv",
+ "doc" : "Records (events) will be aggregated and uploaded as a CSV file."
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container",
+ "text" : "container",
+ "doc" : "Settings governing the file format of an upload containing aggregated events.",
+ "type" : "OneOf(Struct(container_csv))",
+ "default" : "{type = csv}"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-time_interval",
+ "text" : "time_interval",
+ "doc" : "Amount of time events will be aggregated in a single file on each node before uploading.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"1h\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-max_records",
+ "text" : "max_records",
+ "doc" : "Number of records (events) allowed per each aggregated file. Each aggregated upload will contain no more than that number of events, but may contain less.
\n If event rate is high enough, there obviously may be more than one aggregated upload during the same time interval. These uploads will have different, but consecutive sequence numbers, which will be a part of Snowflake staged file name.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1000000"
+ }
+ ],
+ "text" : "aggregation",
+ "doc" : "Set of parameters governing the aggregation process."
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation",
+ "text" : "aggregation",
+ "doc" : "Set of parameters governing the aggregation process.",
+ "type" : "Struct(aggregation)"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-private_key",
+ "text" : "private_key",
+ "doc" : "The private key configured for the Pipe User. This supports the input formats below:\n- Plain key: Enter the private key contents in PEM format directly as a string value.\n- File Path: Specify the path to a file that contains the private key. Ensure the path starts with file://. The file path must be the same on all nodes in the cluster.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-private_key_password",
+ "text" : "private_key_password",
+ "doc" : "Password to decrypt the private key. Do not set this value if the private key is not encrypted.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-database",
+ "text" : "database",
+ "doc" : "Name of the Database that contains the Snowflake resources.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-schema",
+ "text" : "schema",
+ "doc" : "Name of the Schema that contains the Snowflake resources.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-stage",
+ "text" : "stage",
+ "doc" : "Name of the Stage that'll be used for loading data files into Snowflake.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pipe",
+ "text" : "pipe",
+ "doc" : "Name of the Pipe that'll be used to ingest data into the table.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pipe_user",
+ "text" : "pipe_user",
+ "doc" : "A username which has a role with permissions over the Pipe to be used. The minimum permissions are `operate` and `monitor`.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pipelining",
+ "text" : "pipelining",
+ "doc" : "A positive integer. Whether to send HTTP requests continuously, when set to 1, it means that after each HTTP request is sent, you need to wait for the server to return and then continue to send the next request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry attempts if there's an error when sending an HTTP request.",
+ "type" : "Integer(0..+inf)",
+ "default" : "3"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy-S-proxy_config",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy-S-proxy_config-host",
+ "text" : "host",
+ "doc" : "Proxy host address to connect to.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy-S-proxy_config-port",
+ "text" : "port",
+ "doc" : "Proxy port to use when connecting.",
+ "type" : "Integer(1..65535)"
+ }
+ ],
+ "text" : "proxy_config",
+ "doc" : "Proxy configuration. Only plain HTTP proxies are currently supported (no HTTPS)."
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy",
+ "text" : "proxy",
+ "doc" : "Proxy configuration. Only plain HTTP proxies are currently supported (no HTTPS).",
+ "type" : "OneOf(String(\"none\"),Struct(proxy_config))",
+ "default" : "none"
+ }
+ ],
+ "text" : "aggreg_parameters",
+ "doc" : "Set of parameters for the action in aggregated mode."
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters",
+ "text" : "parameters",
+ "doc" : "Set of parameters for the action.",
+ "type" : "OneOf(Struct(aggreg_parameters))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "snowflake",
+ "doc" : "Action that takes incoming events and uploads them to the Snowflake."
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake",
+ "text" : "snowflake",
+ "doc" : "Snowflake Action Config",
+ "type" : "Map($name->Struct(snowflake))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters-database",
+ "text" : "database",
+ "doc" : "Database name.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(ts, msgid, mqtt_topic, qos, payload, arrived) values (${ts}, '${id}', '${topic}', ${qos}, '${payload}', ${timestamp})\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters-undefined_vars_as_null",
+ "text" : "undefined_vars_as_null",
+ "doc" : "When writing to databases, treat undefined variables as NULL.\nWhen this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.\nThis option should always be `true` if possible; the default value `false` is only to ensure backward compatibility.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "TDengine action parameters"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters",
+ "text" : "parameters",
+ "doc" : "TDengine action parameters",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "action_config",
+ "doc" : "Configuration for a TDengine bridge."
+ }
+ ],
+ "hash" : "V-actions-S-actions-tdengine",
+ "text" : "tdengine",
+ "doc" : "TDengine Action Config",
+ "type" : "Map($name->Struct(action_config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-parameters-S-action_parameters-write_syntax",
+ "text" : "write_syntax",
+ "doc" : "Conf of InfluxDB line protocol to write data points. It is a text-based format that provides the measurement, tag set, field set, and timestamp of a data point, and placeholder supported.\nSee also [InfluxDB 2.3 Line Protocol](https://docs.influxdata.com/influxdb/v2.3/reference/syntax/line-protocol/) and\n[InfluxDB 1.8 Line Protocol](https://docs.influxdata.com/influxdb/v1.8/write_protocols/line_protocol_tutorial/)
\nTLDR:
\n```\n[,=[,=]] =[,=] []\n```\nPlease note that a placeholder for an integer value must be annotated with a suffix `i`. For example `${payload.int_value}i`.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-parameters-S-action_parameters-precision",
+ "text" : "precision",
+ "doc" : "InfluxDB time precision.",
+ "type" : "Enum(ns,us,ms,s)",
+ "default" : "ms"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Additional parameters specific to this action type"
+ }
+ ],
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-parameters",
+ "text" : "parameters",
+ "doc" : "Additional parameters specific to this action type",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "influxdb_action",
+ "doc" : "Action to interact with a InfluxDB connector"
+ }
+ ],
+ "hash" : "V-actions-S-actions-influxdb",
+ "text" : "influxdb",
+ "doc" : "InfluxDB Action Config",
+ "type" : "Map($name->Struct(influxdb_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-parameters-S-action_parameters-command_template",
+ "text" : "command_template",
+ "doc" : "Redis command template used to export messages. Each list element stands for a command name or its argument.\nFor example, to push payloads in a Redis list by key `msgs`, the elements should be the following:\n`rpush`, `msgs`, `${payload}`.",
+ "type" : "Array(String)"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "The parameters of the action."
+ }
+ ],
+ "hash" : "V-actions-S-actions-redis-S-redis_action-parameters",
+ "text" : "parameters",
+ "doc" : "The parameters of the action.",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "This parameter defines the upper limit of the batch count.\nSetting this value to 1 effectively disables batching, as it indicates that only one item will be processed per batch.\nNote on Redis Cluster Mode:\nIn the context of Redis Cluster Mode, it is important to note that batching is not supported.\nConsequently, the batch_size is always set to 1,\nreflecting the mode inherent limitation in handling batch operations.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "redis_action",
+ "doc" : "Action to interact with a Redis connector."
+ }
+ ],
+ "hash" : "V-actions-S-actions-redis",
+ "text" : "redis",
+ "doc" : "Redis Action Config",
+ "type" : "Map($name->Struct(redis_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-parameters-S-action_parameters-write_syntax",
+ "text" : "write_syntax",
+ "doc" : "Conf of GreptimeDB gRPC protocol to write data points. Write syntax is a text-based format that provides the measurement, tag set, field set, and timestamp of a data point, and placeholder supported, which is the same as InfluxDB line protocol.\nSee also [InfluxDB 2.3 Line Protocol](https://docs.influxdata.com/influxdb/v2.3/reference/syntax/line-protocol/) and\n[GreptimeDB 1.8 Line Protocol](https://docs.influxdata.com/influxdb/v1.8/write_protocols/line_protocol_tutorial/)
\nTLDR:
\n```\n[,=[,=]] =[,=] []\n```\nPlease note that a placeholder for an integer value must be annotated with a suffix `i`. For example `${payload.int_value}i`.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-parameters-S-action_parameters-precision",
+ "text" : "precision",
+ "doc" : "GreptimeDB time precision.",
+ "type" : "Enum(ns,us,ms,s)",
+ "default" : "ms"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Additional parameters specific to this action type"
+ }
+ ],
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-parameters",
+ "text" : "parameters",
+ "doc" : "Additional parameters specific to this action type",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "greptimedb_action",
+ "doc" : "Action to interact with a GreptimeDB connector"
+ }
+ ],
+ "hash" : "V-actions-S-actions-greptimedb",
+ "text" : "greptimedb",
+ "doc" : "GreptimeDB Action Config",
+ "type" : "Map($name->Struct(greptimedb_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-storage_model_type",
+ "text" : "storage_model_type",
+ "doc" : "Storage model type. Can be one of `timeseries` or `order`.",
+ "type" : "Enum(timeseries)",
+ "default" : "timeseries"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-table_name",
+ "text" : "table_name",
+ "doc" : "Table name. It can either be a static value or a placeholder like `${payload.table_name}`.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-measurement",
+ "text" : "measurement",
+ "doc" : "The measurement. It can either be a static value or a placeholder like `${payload.measurement}`.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-tags",
+ "text" : "tags",
+ "doc" : "Tags. The tag key and tag value can either be static strings or a placeholder like `${payload.tag_key}` and `${payload.tag_value}`.",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-fields-S-tablestore_fields",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-fields-S-tablestore_fields-column",
+ "text" : "column",
+ "doc" : "Column name of the field. It can either be a static value or a placeholder like `${payload.column}`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-fields-S-tablestore_fields-value",
+ "text" : "value",
+ "doc" : "Value of the field. It can either be a static value or a placeholder like `${payload.value}`",
+ "type" : "OneOf(Boolean,Number,String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-fields-S-tablestore_fields-isint",
+ "text" : "isint",
+ "doc" : "Whether try to write numeric value as `integer`. Defaults to `false`, means that write integers as floats.\nIt can either be a static value or a placeholder like `${payload.is_int}`.",
+ "type" : "OneOf(Boolean,String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-fields-S-tablestore_fields-isbinary",
+ "text" : "isbinary",
+ "doc" : "Whether try to write binary values as `binary` type. Defaults to `false`, means that write binary values as strings.\nIt can either be a static value or a placeholder like `${payload.is_binary}`.",
+ "type" : "OneOf(Boolean,String)"
+ }
+ ],
+ "text" : "tablestore_fields",
+ "doc" : "Tablestore fields."
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-fields",
+ "text" : "fields",
+ "doc" : "Fields. The field column and value can either be static values or a placeholder like `${payload.column_name}` and `${payload.column_value}`.",
+ "type" : "Array(Struct(tablestore_fields))"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-data_source",
+ "text" : "data_source",
+ "doc" : "The data source. It can either be a static value or a placeholder like `${payload.data_source}`.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-timestamp",
+ "text" : "timestamp",
+ "doc" : "The timestamp in microsecond of the field.\nIt can either be a static value or a placeholder like `${payload.microsecond_timestamp}`.\nIf not provided or set to `NOW`, the millisecond timestamp when EMQX writes to Tablestore will be used.",
+ "type" : "OneOf(Integer,String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-meta_update_model",
+ "text" : "meta_update_model",
+ "doc" : "The update mode for time-series metadata. Can be one of:\n- MUM_NORMAL: Normal mode. When sending messages in this mode, Tablestore will create the timeseries metadata if not exits.\n- MUM_IGNORE: Do not update metadata. When sending messages in this mode, Tablestore will not try to create the timeseries metadata.\nDefaults to MUM_NORMAL",
+ "type" : "Enum(MUM_IGNORE,MUM_NORMAL)",
+ "default" : "MUM_NORMAL"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Additional parameters specific to this action type"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters",
+ "text" : "parameters",
+ "doc" : "Additional parameters specific to this action type",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "tablestore_action",
+ "doc" : "Action to interact with a Tablestore connector"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore",
+ "text" : "tablestore",
+ "doc" : "Tablestore Action Config",
+ "type" : "Map($name->Struct(tablestore_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, FROM_UNIXTIME(${timestamp}/1000))\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-parameters-S-action_parameters-undefined_vars_as_null",
+ "text" : "undefined_vars_as_null",
+ "doc" : "When writing to databases, treat undefined variables as NULL.\nWhen this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.\nThis option should always be `true` if possible; the default value `false` is only to ensure backward compatibility.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Additional parameters specific to this action type"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-parameters",
+ "text" : "parameters",
+ "doc" : "Additional parameters specific to this action type",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "mysql_action",
+ "doc" : "Action to interact with a MySQL connector"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mysql",
+ "text" : "mysql",
+ "doc" : "Action to interact with a MySQL connector",
+ "type" : "Map($name->Struct(mysql_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-is_aligned",
+ "text" : "is_aligned",
+ "doc" : "Whether to align the timeseries",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-device_id",
+ "text" : "device_id",
+ "doc" : "The IoTDB device ID this data should be inserted for.\nIf left empty, the MQTT message payload must contain a `device_id` field,\nor EMQX's rule-engine SQL must produce a `device_id` field.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-timestamp",
+ "text" : "timestamp",
+ "doc" : "Timestamp. Placeholders in format of ${var} is supported, can be:\n\n- now: use the current time in milliseconds\n- now_ms: same as above\n- now_us: use the current time in microseconds\n- now_ns: use the current time in nanoseconds\n- any integer: use the value directly as the timestamp\n- Placeholder: use the value from the payload as the timestamp",
+ "type" : "OneOf(Enum(now,now_ms,now_ns,now_us),String)",
+ "default" : "now"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-measurement",
+ "text" : "measurement",
+ "doc" : "Measurement. Placeholders in format of ${var} is supported
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-data_type",
+ "text" : "data_type",
+ "doc" : "Data Type, can be:\n\n- text\n- boolean\n- int32\n- int64\n- float\n- double",
+ "type" : "Enum(text,boolean,int32,int64,float,double)"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-value",
+ "text" : "value",
+ "doc" : "Value. Placeholders in format of ${var} is supported
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ }
+ ],
+ "text" : "action_parameters_data",
+ "doc" : "IoTDB action parameter data"
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data",
+ "text" : "data",
+ "doc" : "IoTDB action parameter data",
+ "type" : "Array(Struct(action_parameters_data))"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-max_retries",
+ "text" : "max_retries",
+ "doc" : "HTTP request max retry times if failed.",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "IoTDB action parameters"
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters",
+ "text" : "parameters",
+ "doc" : "IoTDB action parameters",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Action resource options"
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "action_config",
+ "doc" : "Configuration for Apache IoTDB bridge."
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb",
+ "text" : "iotdb",
+ "doc" : "IoTDB Action Config",
+ "type" : "Map($name->Struct(action_config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in Azure Event Hubs.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-topic",
+ "text" : "topic",
+ "doc" : "Event Hubs name. Supports templates (e.g.: `t-${payload.t}`).
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-key",
+ "text" : "key",
+ "doc" : "Template for rendering message key. If the template is rendered into a NULL value (i.e. there is no such data field in Rule Engine context) then NULL (but not empty string) is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${.clientid}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-value",
+ "text" : "value",
+ "doc" : "Template to render Azure Event Hubs message value. If the template is rendered into a NULL value (i.e. there is no such data field in Rule Engine context) then Azure Event Hubs' NULL (but not empty string) is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${.}\""
+ }
+ ],
+ "text" : "kafka_message",
+ "doc" : "Template for rendering a message."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message",
+ "text" : "message",
+ "doc" : "Template for rendering a message.",
+ "type" : "Struct(kafka_message)"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_time",
+ "text" : "max_linger_time",
+ "doc" : "Maximum duration for a per-partition producer to wait for messages in order to collect a batch to buffer.\nThe default value `0` means no wait. For non-memory buffer mode, it's advised to configure at least `5ms` for less IOPS.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_bytes",
+ "text" : "max_linger_bytes",
+ "doc" : "Maximum number of bytes for a per-partition producer to wait for messages in order to collect a batch to buffer.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"10MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_batch_bytes",
+ "text" : "max_batch_bytes",
+ "doc" : "Maximum bytes to collect in an Azure Event Hubs message batch.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"896KB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-partition_strategy",
+ "text" : "partition_strategy",
+ "doc" : "Partition strategy is to tell the producer how to dispatch messages to partitions.\n\nrandom: Randomly pick a partition for each message.\nkey_dispatch: Assigns messages to partitions based on a hash of the message key,\nensuring consistent partition for messages with the same key.",
+ "type" : "Enum(random,key_dispatch)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-required_acks",
+ "text" : "required_acks",
+ "doc" : "The acknowledgement criteria for the partition leader. It determines the level of confirmation required from partition replicas before sending an acknowledgement back to the producer.\n\nall_isr: Require all in-sync replicas to acknowledge.\nleader_only: Require only the partition-leader's acknowledgement.\nnone: No need for Kafka to acknowledge at all.",
+ "type" : "Enum(all_isr,leader_only)",
+ "default" : "all_isr"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_headers",
+ "text" : "kafka_headers",
+ "doc" : "Provide a placeholder for message headers
\ne.g. ${pub_props}
\nNote that the value of the placeholder must be either an object:\n{\"foo\": \"bar\"}\nor an array of key-value pairs:\n[{\"key\": \"foo\", \"value\": \"bar\"}]
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_key",
+ "text" : "kafka_ext_header_key",
+ "doc" : "Key of the header. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_value",
+ "text" : "kafka_ext_header_value",
+ "doc" : "Value of the header. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ }
+ ],
+ "text" : "producer_kafka_ext_headers",
+ "doc" : "Provide more key-value pairs for message headers
\nThe key-value pairs here will be combined with the\nvalue of kafka_headers field before sending producing."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers",
+ "text" : "kafka_ext_headers",
+ "doc" : "Please provide more key-value pairs for Azure Event Hubs headers
\nThe key-value pairs here will be combined with the\nvalue of kafka_headers field before sending to Azure Event Hubs.",
+ "type" : "Array(Struct(producer_kafka_ext_headers))"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_header_value_encode_mode",
+ "text" : "kafka_header_value_encode_mode",
+ "doc" : "The encoding mode for headers.\n\n - `none`: Add only strings are added as header values\n - `json`: Encode header values as JSON string",
+ "type" : "Enum(none,json)",
+ "default" : "none"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-partition_count_refresh_interval",
+ "text" : "partition_count_refresh_interval",
+ "doc" : "The time interval for Azure Event Hubs producer to discover increased number of partitions.\nAfter the number of partitions is increased in Azure Event Hubs, EMQX will start taking the\ndiscovered partitions into account when dispatching messages per partition_strategy.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-partitions_limit",
+ "text" : "partitions_limit",
+ "doc" : "Limit the number of partitions to produce data for the given topic.\nThe special value `all_partitions` is to utilize all partitions for the topic.\nSetting this to a value which is greater than the total number of partitions in has no effect.",
+ "type" : "OneOf(String(\"all_partitions\"),Integer(1..+inf))",
+ "default" : "all_partitions"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "The maximum number of message batches that the producer can send to each partition before it must wait for an acknowledgement.\nSetting a higher number can enhance throughput. However, value above 1 may lead to potential message reordering risks.",
+ "type" : "Integer(1..+inf)",
+ "default" : "10"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-mode",
+ "text" : "mode",
+ "doc" : "Message buffer mode.\n\nmemory: Buffer all messages in memory. The messages will be lost in case of EMQX node restart\ndisk: Buffer all messages on disk. The messages on disk are able to survive EMQX node restart.\nhybrid: Buffer message in memory first, when up to certain limit (see segment_bytes config for more information), then start offloading messages to disk, Like memory mode, the messages will be lost in case of EMQX node restart.",
+ "type" : "Enum(memory,disk,hybrid)",
+ "default" : "memory"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-per_partition_limit",
+ "text" : "per_partition_limit",
+ "doc" : "Number of bytes allowed to buffer for each partition. When this limit is exceeded, older messages will be discarded to make room for new messages to be buffered.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-segment_bytes",
+ "text" : "segment_bytes",
+ "doc" : "Applicable when buffer mode is set to disk or hybrid.\nThis setting specifies the size of each buffer file stored on disk.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"10MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-memory_overload_protection",
+ "text" : "memory_overload_protection",
+ "doc" : "Applicable when buffer mode is set to memory\nEMQX will drop old buffered messages under high memory pressure. The high memory threshold is defined in config sysmon.os.sysmem_high_watermark. NOTE: This config only works on Linux.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "producer_buffer",
+ "doc" : "Configure producer message buffer.\n\nTell Kafka producer how to buffer messages when EMQX has more messages to send than Kafka can keep up, or when Kafka is down."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Configure producer message buffer.\n\nTell Azure Event Hubs producer how to buffer messages when EMQX has more messages to send than Azure Event Hubs can keep up, or when Azure Event Hubs is down.",
+ "type" : "Struct(producer_buffer)"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(async,sync)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-sync_query_timeout",
+ "text" : "sync_query_timeout",
+ "doc" : "This parameter defines the timeout limit for synchronous queries. It applies only when the bridge query mode is configured to 'sync'.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "producer_kafka_opts",
+ "doc" : "Azure Event Hubs producer configs."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters",
+ "aliases" : [
+ "kafka"
+ ],
+ "text" : "parameters",
+ "doc" : "Azure Event Hubs producer configs.",
+ "type" : "Struct(producer_kafka_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts",
+ "text" : "resource_opts",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "actions",
+ "doc" : "The configuration for an action."
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer",
+ "text" : "azure_event_hub_producer",
+ "doc" : "Azure Event Hub Actions Config",
+ "type" : "Map($name->Struct(actions))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-time_interval",
+ "text" : "time_interval",
+ "doc" : "Amount of time events will be aggregated in a single file on each node before uploading.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"120s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-max_records",
+ "text" : "max_records",
+ "doc" : "Number of records (events) allowed per each aggregated file. Each aggregated upload will contain no more than that number of events, but may contain less.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100000"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-container-S-container_avro",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-container-S-container_avro-type",
+ "text" : "type",
+ "doc" : "Use Avro for encoding data files.",
+ "type" : "String(\"avro\")"
+ }
+ ],
+ "text" : "container_avro",
+ "doc" : "Use Avro for encoding data files."
+ },
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-container-S-container_parquet",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-container-S-container_parquet-type",
+ "text" : "type",
+ "doc" : "Use Parquet for encoding data files.",
+ "type" : "String(\"parquet\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-container-S-container_parquet-max_row_group_bytes",
+ "text" : "max_row_group_bytes",
+ "doc" : "The size above which row groups are flushed. The actual triggering of row group flushes uses estimates of the buffered data sizes, since the actual output may differ in size from the raw input data size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"128MB\""
+ }
+ ],
+ "text" : "container_parquet",
+ "doc" : "Use Parquet for encoding data files."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-container",
+ "text" : "container",
+ "doc" : "Options for configuring the data file format to be used.",
+ "type" : "OneOf(Struct(container_avro),Struct(container_parquet))",
+ "default" : "{type = avro}"
+ }
+ ],
+ "text" : "aggregation",
+ "doc" : "Set of parameters governing the aggregation process."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation",
+ "text" : "aggregation",
+ "doc" : "Set of parameters governing the aggregation process.",
+ "type" : "Struct(aggregation)"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-namespace",
+ "text" : "namespace",
+ "doc" : "Namespace to be used, with its parts joined by dots. For example: `my.namespace`.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-table",
+ "text" : "table",
+ "doc" : "Table to be used with this action.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-s3-S-s3_upload",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-s3-S-s3_upload-min_part_size",
+ "text" : "min_part_size",
+ "doc" : "The minimum part size for multipart uploads.
\nUploaded data will be accumulated in memory until this size is reached.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"5mb\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-s3-S-s3_upload-max_part_size",
+ "text" : "max_part_size",
+ "doc" : "The maximum part size for multipart uploads.
\nS3 uploader won't try to upload parts larger than this size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"5gb\""
+ }
+ ],
+ "text" : "s3_upload",
+ "doc" : "Set of parameters to control S3 uploads."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-s3",
+ "text" : "s3",
+ "doc" : "Set of parameters to control S3 uploads.",
+ "type" : "Struct(s3_upload)",
+ "default" : "{max_part_size = \"5gb\", min_part_size = \"5mb\"}"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Set of parameters for the action."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters",
+ "text" : "parameters",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "10000"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "s3tables",
+ "doc" : "Action that takes incoming events and appends them to S3Tables."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables",
+ "text" : "s3tables",
+ "doc" : "S3Tables Action Config",
+ "type" : "Map($name->Struct(s3tables))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters-target_topic",
+ "text" : "target_topic",
+ "doc" : "The topic for the forwarded message
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${topic}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters-target_qos",
+ "text" : "target_qos",
+ "doc" : "The QoS for the forwarded message. To preserve the original QoS of the forwarded message, the value can be omitted.",
+ "type" : "Integer(0..2)"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters-template",
+ "text" : "template",
+ "doc" : "Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ }
+ ],
+ "text" : "parameters",
+ "doc" : "Syskeeper action parameters"
+ }
+ ],
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters",
+ "text" : "parameters",
+ "doc" : "Syskeeper action parameters",
+ "type" : "Struct(parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "Whether start the resource right after created.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "Time interval to wait for an auto-started resource to become healthy before responding resource creation requests.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-auto_restart_interval",
+ "text" : "auto_restart_interval",
+ "doc" : "Deprecated since 5.1.0.",
+ "type" : "OneOf(String(\"infinity\"),Duration)"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-enable_queue",
+ "text" : "enable_queue",
+ "doc" : "Deprecated since v5.0.14.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "creation_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(creation_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config",
+ "doc" : "Configuration for a Syskeeper action."
+ }
+ ],
+ "hash" : "V-actions-S-actions-syskeeper_forwarder",
+ "text" : "syskeeper_forwarder",
+ "doc" : "Syskeeper Forwarder Action Config",
+ "type" : "Map($name->Struct(config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message-S-producer_pulsar_message",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message-S-producer_pulsar_message-key",
+ "text" : "key",
+ "doc" : "Template to render Pulsar message key.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${.clientid}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message-S-producer_pulsar_message-value",
+ "text" : "value",
+ "doc" : "Template to render Pulsar message value.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${.}\""
+ }
+ ],
+ "text" : "producer_pulsar_message",
+ "doc" : "Template to render a Pulsar message."
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message",
+ "text" : "message",
+ "doc" : "Template to render a Pulsar message.",
+ "type" : "Struct(producer_pulsar_message)"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-sync_timeout",
+ "text" : "sync_timeout",
+ "doc" : "Maximum wait time for receiving a receipt from Pulsar when publishing synchronously.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "The maximum number of message batches that the producer can send to each partition before it must wait for a receipt.\nSetting a higher number can enhance throughput.",
+ "type" : "Integer(1..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-pulsar_topic",
+ "text" : "pulsar_topic",
+ "doc" : "Pulsar topic name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum number of individual requests to batch in a Pulsar message.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-compression",
+ "text" : "compression",
+ "doc" : "Compression method.",
+ "type" : "Enum(no_compression,snappy,zlib)",
+ "default" : "no_compression"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-send_buffer",
+ "text" : "send_buffer",
+ "doc" : "Fine tune the socket send buffer. The default value is tuned for high throughput.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-retention_period",
+ "text" : "retention_period",
+ "doc" : "The amount of time messages will be buffered while there is no connection to\n the Pulsar broker. Longer times mean that more memory/disk will be used",
+ "type" : "OneOf(String(\"infinity\"),Duration)",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-max_batch_bytes",
+ "text" : "max_batch_bytes",
+ "doc" : "Maximum bytes to collect in a Pulsar message batch. Most of the Pulsar brokers\n default to a limit of 5 MB batch size. EMQX's default value is less than 5 MB in\n order to compensate Pulsar message encoding overheads (especially when each individual\n message is very small). When a single message is over the limit, it is still\n sent (as a single element batch).
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"900KB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-strategy",
+ "text" : "strategy",
+ "doc" : "Partition strategy is to tell the producer how to dispatch messages to Pulsar partitions.\n\nrandom: Randomly pick a partition for each message.\nroundrobin: Pick each available producer in turn for each message.\nkey_dispatch: Hash Pulsar message key of the first message in a batch\n to a partition number.",
+ "type" : "Enum(random,roundrobin,key_dispatch)",
+ "default" : "random"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-mode",
+ "text" : "mode",
+ "doc" : "Message buffer mode.\nmemory: Buffer all messages in memory. The messages will be lost\n in case of EMQX node restart\\ndisk: Buffer all messages on disk.\n The messages on disk are able to survive EMQX node restart.\nhybrid: Buffer message in memory first, when up to certain limit\n (see segment_bytes config for more information), then start offloading\n messages to disk, Like memory mode, the messages will be lost in\n case of EMQX node restart.",
+ "type" : "Enum(memory,disk,hybrid)",
+ "default" : "memory"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-per_partition_limit",
+ "text" : "per_partition_limit",
+ "doc" : "Number of bytes allowed to buffer for each Pulsar partition.\n When this limit is exceeded, old messages will be dropped in a trade for credits\n for new messages to be buffered.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-segment_bytes",
+ "text" : "segment_bytes",
+ "doc" : "Applicable when buffer mode is set to disk or hybrid.\nThis value is to specify the size of each on-disk buffer file.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"100MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-memory_overload_protection",
+ "text" : "memory_overload_protection",
+ "doc" : "Applicable when buffer mode is set to memory\nEMQX will drop old buffered messages under high memory pressure.\nThe high memory threshold is defined in config sysmon.os.sysmem_high_watermark.\n NOTE: This config only works on Linux.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "producer_buffer",
+ "doc" : "Configure producer message buffer.\"\nTell Pulsar producer how to buffer messages when EMQX has more messages to\"\n send than Pulsar can keep up, or when Pulsar is down."
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer",
+ "text" : "buffer",
+ "doc" : "Configure producer message buffer.\"\nTell Pulsar producer how to buffer messages when EMQX has more messages to\"\n send than Pulsar can keep up, or when Pulsar is down.",
+ "type" : "Struct(producer_buffer)"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Action specific configs."
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters",
+ "text" : "parameters",
+ "doc" : "Action specific configs.",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Deprecated since 5.8.1.",
+ "type" : "OneOf(Duration,String(\"infinity\"))"
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "publisher_action",
+ "doc" : "Publish message to Pulsar topic"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar",
+ "text" : "pulsar",
+ "doc" : "Pulsar Action Config",
+ "type" : "Map($name->Struct(publisher_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Configuration Parameters Specific to the PostgreSQL Action"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-parameters",
+ "text" : "parameters",
+ "doc" : "Configuration Parameters Specific to the PostgreSQL Action",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "pgsql_action",
+ "doc" : "Configuration for PostgreSQL Action"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pgsql",
+ "text" : "pgsql",
+ "doc" : "PostgreSQL Action Config",
+ "type" : "Map($name->Struct(pgsql_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in Confluent.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-topic",
+ "text" : "topic",
+ "doc" : "Kafka topic name. Supports templates (e.g.: `t-${payload.t}`).
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-key",
+ "text" : "key",
+ "doc" : "Template for rendering message key. If the template is rendered into a NULL value (i.e. there is no such data field in Rule Engine context) then NULL (but not empty string) is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${.clientid}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-value",
+ "text" : "value",
+ "doc" : "Template to render Confluent message value. If the template is rendered into a NULL value (i.e. there is no such data field in Rule Engine context) then Confluent's NULL (but not empty string) is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${.}\""
+ }
+ ],
+ "text" : "kafka_message",
+ "doc" : "Template for rendering a message."
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message",
+ "text" : "message",
+ "doc" : "Template for rendering a message.",
+ "type" : "Struct(kafka_message)"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_time",
+ "text" : "max_linger_time",
+ "doc" : "Maximum duration for a per-partition producer to wait for messages in order to collect a batch to buffer.\nThe default value `0` means no wait. For non-memory buffer mode, it's advised to configure at least `5ms` for less IOPS.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_bytes",
+ "text" : "max_linger_bytes",
+ "doc" : "Maximum number of bytes for a per-partition producer to wait for messages in order to collect a batch to buffer.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"10MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_batch_bytes",
+ "text" : "max_batch_bytes",
+ "doc" : "Maximum bytes to collect in a Confluent message batch. Most of the Kafka brokers default to a limit of 1 MB batch size. EMQX's default value is less than 1 MB in order to compensate Kafka message encoding overheads (especially when each individual message is very small). When a single message is over the limit, it is still sent (as a single element batch).
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"896KB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-compression",
+ "text" : "compression",
+ "doc" : "Specify the method of compression.",
+ "type" : "Enum(no_compression,snappy,gzip)",
+ "default" : "no_compression"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-partition_strategy",
+ "text" : "partition_strategy",
+ "doc" : "Partition strategy is to tell the producer how to dispatch messages to partitions.\n\nrandom: Randomly pick a partition for each message.\nkey_dispatch: Assigns messages to partitions based on a hash of the message key,\nensuring consistent partition for messages with the same key.",
+ "type" : "Enum(random,key_dispatch)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-required_acks",
+ "text" : "required_acks",
+ "doc" : "The acknowledgement criteria for the partition leader. It determines the level of confirmation required from partition replicas before sending an acknowledgement back to the producer.\n\nall_isr: Require all in-sync replicas to acknowledge.\nleader_only: Require only the partition-leader's acknowledgement.\nnone: No need for Kafka to acknowledge at all.",
+ "type" : "Enum(all_isr,leader_only,none)",
+ "default" : "all_isr"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_headers",
+ "text" : "kafka_headers",
+ "doc" : "Provide a placeholder for message headers
\ne.g. ${pub_props}
\nNote that the value of the placeholder must be either an object:\n{\"foo\": \"bar\"}\nor an array of key-value pairs:\n[{\"key\": \"foo\", \"value\": \"bar\"}]
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_key",
+ "text" : "kafka_ext_header_key",
+ "doc" : "Key of the header. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_value",
+ "text" : "kafka_ext_header_value",
+ "doc" : "Value of the header. Placeholders in format of ${var} are supported.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ }
+ ],
+ "text" : "producer_kafka_ext_headers",
+ "doc" : "Provide more key-value pairs for message headers
\nThe key-value pairs here will be combined with the\nvalue of kafka_headers field before sending producing."
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers",
+ "text" : "kafka_ext_headers",
+ "doc" : "Please provide more key-value pairs for Confluent headers
\nThe key-value pairs here will be combined with the\nvalue of kafka_headers field before sending to Confluent.",
+ "type" : "Array(Struct(producer_kafka_ext_headers))"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_header_value_encode_mode",
+ "text" : "kafka_header_value_encode_mode",
+ "doc" : "The encoding mode for headers.\n\n - `none`: Add only strings are added as header values\n - `json`: Encode header values as JSON string",
+ "type" : "Enum(none,json)",
+ "default" : "none"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-partition_count_refresh_interval",
+ "text" : "partition_count_refresh_interval",
+ "doc" : "The time interval for Confluent producer to discover increased number of partitions.\nAfter the number of partitions is increased in Confluent, EMQX will start taking the\ndiscovered partitions into account when dispatching messages per partition_strategy.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-partitions_limit",
+ "text" : "partitions_limit",
+ "doc" : "Limit the number of partitions to produce data for the given topic.\nThe special value `all_partitions` is to utilize all partitions for the topic.\nSetting this to a value which is greater than the total number of partitions in has no effect.",
+ "type" : "OneOf(String(\"all_partitions\"),Integer(1..+inf))",
+ "default" : "all_partitions"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "The maximum number of message batches that the producer can send to each partition before it must wait for an acknowledgement.\nSetting a higher number can enhance throughput. However, value above 1 may lead to potential message reordering risks.",
+ "type" : "Integer(1..+inf)",
+ "default" : "10"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-mode",
+ "text" : "mode",
+ "doc" : "Message buffer mode.\n\nmemory: Buffer all messages in memory. The messages will be lost in case of EMQX node restart\ndisk: Buffer all messages on disk. The messages on disk are able to survive EMQX node restart.\nhybrid: Buffer message in memory first, when up to certain limit (see segment_bytes config for more information), then start offloading messages to disk, Like memory mode, the messages will be lost in case of EMQX node restart.",
+ "type" : "Enum(memory,disk,hybrid)",
+ "default" : "memory"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-per_partition_limit",
+ "text" : "per_partition_limit",
+ "doc" : "Number of bytes allowed to buffer for each partition. When this limit is exceeded, older messages will be discarded to make room for new messages to be buffered.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-segment_bytes",
+ "text" : "segment_bytes",
+ "doc" : "Applicable when buffer mode is set to disk or hybrid.\nThis setting specifies the size of each buffer file stored on disk.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"10MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-memory_overload_protection",
+ "text" : "memory_overload_protection",
+ "doc" : "Applicable when buffer mode is set to memory\nEMQX will drop old buffered messages under high memory pressure. The high memory threshold is defined in config sysmon.os.sysmem_high_watermark. NOTE: This config only works on Linux.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "producer_buffer",
+ "doc" : "Configure producer message buffer.\n\nTell Kafka producer how to buffer messages when EMQX has more messages to send than Kafka can keep up, or when Kafka is down."
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Configure producer message buffer.\n\nTell Confluent producer how to buffer messages when EMQX has more messages to send than Confluent can keep up, or when Confluent is down.",
+ "type" : "Struct(producer_buffer)"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(async,sync)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-sync_query_timeout",
+ "text" : "sync_query_timeout",
+ "doc" : "This parameter defines the timeout limit for synchronous queries. It applies only when the action query mode is configured to 'sync'.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "producer_kafka_opts",
+ "doc" : "Confluent producer configs."
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters",
+ "aliases" : [
+ "kafka"
+ ],
+ "text" : "parameters",
+ "doc" : "Confluent producer configs.",
+ "type" : "Struct(producer_kafka_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-resource_opts",
+ "text" : "resource_opts",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "actions",
+ "doc" : "The configuration for an action."
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer",
+ "text" : "confluent_producer",
+ "doc" : "Confluent Actions Config",
+ "type" : "Map($name->Struct(actions))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-template",
+ "text" : "template",
+ "doc" : "Template, the default value is empty. When this value is empty the whole message will be stored in the RocketMQ.
\n The template can be any valid string with placeholders, example:
\n - ${id}, ${username}, ${clientid}, ${timestamp}
\n - {\"id\" : ${id}, \"username\" : ${username}}
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-strategy",
+ "text" : "strategy",
+ "doc" : "Producer key dispatch strategy, the default is `roundrobin`, also supports placeholders, such as: `clientid`, `messageid`, `username`.",
+ "type" : "OneOf(String(\"roundrobin\"),String)",
+ "default" : "roundrobin"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-topic",
+ "text" : "topic",
+ "doc" : "RocketMQ Topic
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "TopicTest"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-sync_timeout",
+ "text" : "sync_timeout",
+ "doc" : "Timeout of RocketMQ driver synchronous call.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "RocketMQ Topic Route Refresh Interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-send_buffer",
+ "text" : "send_buffer",
+ "doc" : "The socket send buffer size of the RocketMQ driver client.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1024KB\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Action specific configuration."
+ }
+ ],
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters",
+ "text" : "parameters",
+ "doc" : "Action specific configuration.",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "rocketmq_action",
+ "doc" : "Configuration for RocketMQ Action"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rocketmq",
+ "text" : "rocketmq",
+ "doc" : "RocketMQ Action Config",
+ "type" : "Map($name->Struct(rocketmq_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-parameters-S-action_parameters-write_mode",
+ "text" : "write_mode",
+ "doc" : "Whether to write logs synchronously or asynchronously to disk.",
+ "type" : "Enum(sync,async)",
+ "default" : "sync"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-parameters-S-action_parameters-template",
+ "text" : "template",
+ "doc" : "Content of the JSON object to be written. Supports templates.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${.}\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Set of parameters for the action."
+ }
+ ],
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-parameters",
+ "text" : "parameters",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "disk_log",
+ "doc" : "Action that takes incoming events and appends them to local rotating log files in JSON lines format."
+ }
+ ],
+ "hash" : "V-actions-S-actions-disk_log",
+ "text" : "disk_log",
+ "doc" : "Disk Log Action Config",
+ "type" : "Map($name->Struct(disk_log))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL Template
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload) values ( ${id}, ${topic}, ${qos}, ${payload} )\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-parameters-S-action_parameters-undefined_vars_as_null",
+ "text" : "undefined_vars_as_null",
+ "doc" : "When writing to databases, treat undefined variables as NULL.\nWhen this option is enabled, if undefined variables (like ${var}) are used in templates, they will be replaced with \"NULL\" instead of the string \"undefined\". If this option is not enabled (default), the string \"undefined\" might be inserted.\nThis option should always be `true` if possible; the default value `false` is only to ensure backward compatibility.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Action specific configuration."
+ }
+ ],
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-parameters",
+ "text" : "parameters",
+ "doc" : "Action specific configuration.",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "sqlserver_action",
+ "doc" : "Configuration for Microsoft SOL Server action."
+ }
+ ],
+ "hash" : "V-actions-S-actions-sqlserver",
+ "text" : "sqlserver",
+ "doc" : "Configuration for Microsoft SOL Server action.",
+ "type" : "Map($name->Struct(sqlserver_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-mode",
+ "text" : "mode",
+ "doc" : "Enables time-based aggregation of incoming events and uploading them to the S3 service as a single object.",
+ "type" : "String(\"aggregated\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-container_csv",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-container_csv-type",
+ "text" : "type",
+ "doc" : "Records (events) will be aggregated and uploaded as a CSV file.",
+ "type" : "String(\"csv\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-container_csv-column_order",
+ "text" : "column_order",
+ "doc" : "Event fields that will be ordered first as columns in the resulting CSV file.
\nRegardless of this setting, resulting CSV will contain all the fields of aggregated events, but all the columns not explicitly mentioned here will be ordered after the ones listed here in the lexicographical order.",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "container_csv",
+ "doc" : "Records (events) will be aggregated and uploaded as a CSV file."
+ },
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-container_json_lines",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-container_json_lines-type",
+ "text" : "type",
+ "doc" : "Records (events) will be aggregated and uploaded as a [JSON Lines](https://jsonlines.org/) file.",
+ "type" : "String(\"json_lines\")"
+ }
+ ],
+ "text" : "container_json_lines",
+ "doc" : "Records (events) will be aggregated and uploaded as a [JSON Lines](https://jsonlines.org/) file."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container",
+ "text" : "container",
+ "doc" : "Settings governing the file format of an upload containing aggregated events.",
+ "type" : "OneOf(Struct(container_csv),Struct(container_json_lines))",
+ "default" : "{type = csv}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation-S-s3_aggregation",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation-S-s3_aggregation-time_interval",
+ "text" : "time_interval",
+ "doc" : "Amount of time events will be aggregated in a single object before uploading.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"30m\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation-S-s3_aggregation-max_records",
+ "text" : "max_records",
+ "doc" : "Number of records (events) allowed per each aggregated object. Each aggregated upload will contain no more than that number of events, but may contain less.
\nIf event rate is high enough, there obviously may be more than one aggregated upload during the same time interval. These uploads will have different, but consecutive sequence numbers, which will be a part of S3 object key.",
+ "type" : "Integer(1..+inf)",
+ "default" : "\"100000\""
+ }
+ ],
+ "text" : "s3_aggregation",
+ "doc" : "Set of parameters governing the aggregation process."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation",
+ "text" : "aggregation",
+ "doc" : "Set of parameters governing the aggregation process.",
+ "type" : "Struct(s3_aggregation)"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-bucket",
+ "text" : "bucket",
+ "doc" : "The name of the S3 bucket.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-key",
+ "text" : "key",
+ "doc" : "Template for the S3 object key of an aggregated upload.
\nTemplate may contain placeholders for the following variables:\n\n${action}: name of the action (required).${node}: name of the EMQX node conducting the upload (required).${datetime.{format}}: date and time when aggregation started, formatted according to the {format} string (required):\n \n ${datetime.rfc3339utc}: RFC3339-formatted date and time in UTC,${datetime.rfc3339}: RFC3339-formatted date and time in local timezone,${datetime.unix}: Unix timestamp.
\n${datetime_until.{format}}: date and time when aggregation ended, with the same formatting options.${sequence}: sequence number of the aggregated upload within the same time interval (required).
\nAll other placeholders are considered invalid. Note that placeholders marked as required will be added as a path suffix to the S3 object key if they are missing from the template.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-acl",
+ "text" : "acl",
+ "doc" : "The ACL to use for the uploaded objects.",
+ "type" : "Enum(private,public_read,public_read_write,authenticated_read,bucket_owner_read,bucket_owner_full_control)"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-headers",
+ "text" : "headers",
+ "doc" : "HTTP headers to include in the S3 object upload request.
\nUseful to specify content type, content encoding, etc. of the S3 object.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-min_part_size",
+ "text" : "min_part_size",
+ "doc" : "The minimum part size for multipart uploads.
\nUploaded data will be accumulated in memory until this size is reached.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"5mb\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-max_part_size",
+ "text" : "max_part_size",
+ "doc" : "The maximum part size for multipart uploads.
\nS3 uploader won't try to upload parts larger than this size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"5gb\""
+ }
+ ],
+ "text" : "s3_aggregated_upload_parameters",
+ "doc" : "Set of parameters for the aggregated upload action."
+ },
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-bucket",
+ "text" : "bucket",
+ "doc" : "The name of the S3 bucket.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-key",
+ "text" : "key",
+ "doc" : "Key of the S3 object.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-acl",
+ "text" : "acl",
+ "doc" : "The ACL to use for the uploaded objects.",
+ "type" : "Enum(private,public_read,public_read_write,authenticated_read,bucket_owner_read,bucket_owner_full_control)"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-headers",
+ "text" : "headers",
+ "doc" : "HTTP headers to include in the S3 object upload request.
\nUseful to specify content type, content encoding, etc. of the S3 object.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-mode",
+ "text" : "mode",
+ "doc" : "Enables uploading of events to the S3 service as separate objects.",
+ "type" : "String(\"direct\")",
+ "default" : "direct"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-content",
+ "text" : "content",
+ "doc" : "Content of the S3 object being uploaded. Supports templates.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${.}\""
+ }
+ ],
+ "text" : "s3_direct_upload_parameters",
+ "doc" : "Set of parameters for the upload action. Action supports templates in S3 bucket name, object key and object content."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters",
+ "text" : "parameters",
+ "doc" : "Action that takes incoming events and uploads them to the S3 API compatible service.",
+ "type" : "OneOf(Struct(s3_aggregated_upload_parameters),Struct(s3_direct_upload_parameters))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "s3_upload_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(s3_upload_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "s3",
+ "doc" : "Action that takes incoming events and uploads them to the S3 API compatible service."
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3",
+ "text" : "s3",
+ "doc" : "S3 Upload Action Config",
+ "type" : "Map($name->Struct(s3))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT topic or topic filter as data source (action input). If rule action is used as data source, this config should be left empty, otherwise messages will be duplicated in the remote system.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template-S-key_value_pair",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template-S-key_value_pair-key",
+ "text" : "key",
+ "doc" : "Key
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template-S-key_value_pair-value",
+ "text" : "value",
+ "doc" : "Value
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ }
+ ],
+ "text" : "key_value_pair",
+ "doc" : "Key-value pair."
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template",
+ "text" : "attributes_template",
+ "doc" : "The template for formatting the outgoing message attributes. Undefined values will be rendered as empty string values. Empty keys are removed from the attribute map.",
+ "type" : "Array(Struct(key_value_pair))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-ordering_key_template",
+ "text" : "ordering_key_template",
+ "doc" : "The template for formatting the outgoing message ordering key. Undefined values will be rendered as empty string values. This value will not be added to the message if it's empty.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-payload_template",
+ "text" : "payload_template",
+ "doc" : "The template for formatting the outgoing messages. If undefined, will send all the available context in JSON format.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-pubsub_topic",
+ "text" : "pubsub_topic",
+ "doc" : "The GCP PubSub topic to publish messages to.",
+ "type" : "String"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "Action specific configs."
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters",
+ "text" : "parameters",
+ "doc" : "Action configs.",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "Fallback Action type.",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "Fallback Action name.",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "A fallback Action that will be triggered if a query to this action fails. The same message context that triggered the primary action will be sent unmodified to the fallbacks."
+ },
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "Fallback kind.",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "The target topic of message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "The qos of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${qos}. If variable ${qos} is not found from the selected result of the rule,\n0 is used.",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "The 'retain' flag of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${retain}. If variable ${retain} is not found from the selected result\nof the rule, false is used.",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "The payload of the message to be re-published.\nTemplate with variables is allowed, see description of the 'republish_args'.\nDefaults to ${payload}. If variable ${payload} is not found from the selected result\nof the rule, then the string \"undefined\" is used.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "An MQTT property that can be set while republishing.",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used."
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "From which variable should the MQTT Publish Properties of the message be taken.\nPlaceholders like ${.payload.content_type} may be used.",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "From which variable should the MQTT message's User-Property pairs be taken from.\nThe value must be a map.\nYou may configure it to ${pub_props.'User-Property'} or\nuse SELECT *,pub_props.'User-Property' as user_properties\nto forward the original user properties to the republished message.\nYou may also call map_put function like\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\nto inject user properties.\nNOTE: MQTT spec allows duplicated user property names, but EMQX Rule-Engine does not.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "Enable direct dispatch to subscribers without initiating a new message publish event.\nWhen set to `true`, this prevents the recursive processing of a message by the same action\nand is used when the output message does not require further processing.\n\nHowever, enabling this feature has several limitations:\n\n- The output message from this action is not retained.\n- It does not trigger other rules that operate based on the output topic of this action.\n- It does not activate rules that select from the `$events/message_publish`.\n- It does not trigger plugins that use the `'message.publish'` hook.\n- Topic metrics are not collected for the output message of this action.\n- Message schema validation is not applied (feature of EMQX Enterprise).\n- Message transformation processes are not applied (feature of EMQX Enterprise).",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "The arguments of the built-in 'republish' action. One can use variables in the args.\nThe variables are selected by the rule. For example, if the rule SQL is defined as following:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\nThen there are 3 variables available: clientid, qos and\npayload. And if we've set the args to:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\nWhen the rule is triggered by an MQTT message with payload = `hello`, qos = 1,\nclientid = `Steve`, the rule will republish a new MQTT message to topic `t/Steve`,\npayload = `msg: hello`, and `qos = 1`."
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "Republish fallback action. Works the same way as the Republish rule action from Rule Engine."
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "List of fallback actions that will be triggered if a query to this action fails.",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "The number of buffer workers. Only applicable for egress type bridges.\nFor bridges only have ingress direction data flow, it can be set to 0 otherwise must be greater than 0.",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "Query mode. Optional 'sync/async', default 'async'.",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "Query inflight window. When query_mode is set to async, this config has to be set to 1 if messages from the same MQTT client have to be strictly ordered.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "Maximum batch count. If equal to 1, there's effectively no batching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "Maximum waiting interval when accumulating a batch at a low message rates for more efficient resource usage.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "Maximum number of bytes to buffer for each buffer worker.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "producer_action",
+ "doc" : "Action configs."
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer",
+ "text" : "gcp_pubsub_producer",
+ "doc" : "GCP PubSub Producer Action Config",
+ "type" : "Map($name->Struct(producer_action))"
+ }
+ ],
+ "text" : "actions",
+ "doc" : "Configuration for actions."
+ }
+ ],
+ "hash" : "V-actions",
+ "text" : "actions",
+ "type" : "Struct(actions)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-rabbitmq-S-subscriber_source",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters-queue",
+ "text" : "queue",
+ "doc" : "The queue name of the RabbitMQ broker.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters-wait_for_publish_confirmations",
+ "text" : "wait_for_publish_confirmations",
+ "doc" : "A boolean value that indicates whether to wait for RabbitMQ to confirm message publication when using publisher confirms.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters-no_ack",
+ "text" : "no_ack",
+ "doc" : "Whether to use no_ack mode when consuming messages from the RabbitMQ broker.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "source_parameters",
+ "doc" : "The source config defines how this bridge receive messages from the remote RabbitMQ broker"
+ }
+ ],
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters",
+ "text" : "parameters",
+ "doc" : "The source config defines how this bridge receive messages from the remote RabbitMQ broker",
+ "type" : "Struct(source_parameters)"
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts-S-source_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts-S-source_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts-S-source_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts-S-source_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ }
+ ],
+ "text" : "source_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(source_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "subscriber_source",
+ "doc" : "Source configs."
+ }
+ ],
+ "hash" : "V-sources-S-sources-rabbitmq",
+ "text" : "rabbitmq",
+ "doc" : "MQTT Subscriber Source Config",
+ "type" : "Map($name->Struct(subscriber_source))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-no_local",
+ "text" : "no_local",
+ "doc" : "Whether to set the no-local flag when subscribing to the remote topic. If set to true, and you use the same connector to publish messages to a topic you also subscribe to, this prevents the server from forwarding your own published messages back to you. Only takes effect when using MQTT protocol version 5. Note that if you use a pool of workers larger than 1 you will still receive duplicated messages back.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-topic",
+ "text" : "topic",
+ "doc" : "Receive messages from which topic of the remote broker",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-qos",
+ "text" : "qos",
+ "doc" : "The QoS level to be used when subscribing to the remote broker",
+ "type" : "Integer(0..2)",
+ "default" : "1"
+ }
+ ],
+ "text" : "ingress_parameters",
+ "doc" : "Source specific configs."
+ }
+ ],
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters",
+ "text" : "parameters",
+ "type" : "Struct(ingress_parameters)"
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ }
+ ],
+ "text" : "source_resource_opts",
+ "doc" : "Creation options."
+ }
+ ],
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(source_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "mqtt_subscriber_source",
+ "doc" : "Source configs."
+ }
+ ],
+ "hash" : "V-sources-S-sources-mqtt",
+ "text" : "mqtt",
+ "doc" : "MQTT Subscriber Source Config",
+ "type" : "Map($name->Struct(mqtt_subscriber_source))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-gcp_pubsub_consumer-S-consumer_source",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters-S-source_parameters",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters-S-source_parameters-topic",
+ "text" : "topic",
+ "doc" : "The GCP PubSub topic to publish messages to.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters-S-source_parameters-pull_max_messages",
+ "text" : "pull_max_messages",
+ "doc" : "The maximum number of messages to retrieve from GCP PubSub in a single pull request. The actual number may be less than the specified value.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ }
+ ],
+ "text" : "source_parameters",
+ "doc" : "Source specific configs."
+ }
+ ],
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters",
+ "text" : "parameters",
+ "doc" : "Source configs.",
+ "type" : "Struct(source_parameters)"
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Starting from the moment when the request enters the buffer, if the request remains in the buffer for the specified time or is sent but does not receive a response or acknowledgement in time, the request is considered expired.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ }
+ ],
+ "text" : "source_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(source_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "consumer_source",
+ "doc" : "Source configs."
+ }
+ ],
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer",
+ "text" : "gcp_pubsub_consumer",
+ "doc" : "GCP PubSub Consumer Source Config",
+ "type" : "Map($name->Struct(consumer_source))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-kafka_consumer-S-consumer_source",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-topic",
+ "text" : "topic",
+ "doc" : "Kafka topic to consume from.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-group_id",
+ "text" : "group_id",
+ "doc" : "Consumer group identifier to be used for this source. If omitted, one based off the source name will be automatically generated.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-max_wait_time",
+ "text" : "max_wait_time",
+ "doc" : "Maximum amount of time that is waited for the Kafka broker to send a fetch response.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"1s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-max_batch_bytes",
+ "text" : "max_batch_bytes",
+ "doc" : "Set how many bytes to pull from Kafka in each fetch request.\nMessages are fetched in batches by the consumer, and if the first record batch in the first non-empty\npartition of the fetch is larger than this value, the record batch will still be returned to ensure\nthat the consumer can make progress. As such, this is not an absolute maximum. Set `1` for minimal latency.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"896KB\""
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-offset_reset_policy",
+ "text" : "offset_reset_policy",
+ "doc" : "Defines from which offset a consumer should start fetching when there is no commit history or when the commit history becomes invalid.",
+ "type" : "Enum(latest,earliest)",
+ "default" : "latest"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-offset_commit_interval_seconds",
+ "text" : "offset_commit_interval_seconds",
+ "doc" : "Defines the time interval between two offset commit requests sent for each consumer group.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-key_encoding_mode",
+ "text" : "key_encoding_mode",
+ "doc" : "Defines how the key from the Kafka message is encoded before being forwarded via MQTT.\nnone Uses the key from the Kafka message unchanged. Note: in this case, the key must be a valid UTF-8 string.\nbase64 Uses base-64 encoding on the received key.",
+ "type" : "Enum(none,base64)",
+ "default" : "none"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-value_encoding_mode",
+ "text" : "value_encoding_mode",
+ "doc" : "Defines how the value from the Kafka message is encoded before being forwarded via MQTT.\nnone Uses the value from the Kafka message unchanged. Note: in this case, the value must be a valid UTF-8 string.\nbase64 Uses base-64 encoding on the received value.",
+ "type" : "Enum(none,base64)",
+ "default" : "none"
+ }
+ ],
+ "text" : "source_parameters",
+ "doc" : "Source specific configs."
+ }
+ ],
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters",
+ "text" : "parameters",
+ "doc" : "Source configs.",
+ "type" : "Struct(source_parameters)"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-connector",
+ "text" : "connector",
+ "doc" : "Name of the connector specified by the action, used for external resource selection.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-tags",
+ "text" : "tags",
+ "doc" : "Tags to annotate this config entry.",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-description",
+ "text" : "description",
+ "doc" : "Descriptive text.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts-S-source_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "Health check interval.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "A uniform random delay to be added to health check interval, so that Actions and Sources from the same Connector start their health checks at different instants.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "Health check timeout. If a health check call takes more than this time to return a result, the resource is deemed disconnected.",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ }
+ ],
+ "text" : "source_resource_opts",
+ "doc" : "Resource options."
+ }
+ ],
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "Resource options.",
+ "type" : "Struct(source_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "consumer_source",
+ "doc" : "Source configs."
+ }
+ ],
+ "hash" : "V-sources-S-sources-kafka_consumer",
+ "text" : "kafka_consumer",
+ "doc" : "Kafka Consumer Source Config",
+ "type" : "Map($name->Struct(consumer_source))"
+ }
+ ],
+ "text" : "sources",
+ "doc" : "Configuration for sources."
+ }
+ ],
+ "hash" : "V-sources",
+ "text" : "sources",
+ "type" : "Struct(sources)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-retainer-S-retainer",
+ "fields" : [
+ {
+ "hash" : "V-retainer-S-retainer-msg_expiry_interval",
+ "text" : "msg_expiry_interval",
+ "doc" : "Expired retained messages will not be delivered again, and a setting of 0 means that retained messages will never expire.\n\nHowever, if the `Message-Expiry-Interval` property is specified in the MQTT message, the value of that property prevails.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0s\""
+ },
+ {
+ "hash" : "V-retainer-S-retainer-msg_expiry_interval_override",
+ "text" : "msg_expiry_interval_override",
+ "doc" : "If set, this value will take precedence over any `Message-Expiry-Interval` property specified in retained MQTT messages, allowing messages to expire earlier if necessary. This override only applies to the garbage collection process: it does not affect the expiry time of messages being written nor that of already written messages while iterating over them. Therefore, messages that are candidate for garbage collection when overridden may still be visible when subscribing to retained topics.",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-retainer-S-retainer-allow_never_expire",
+ "text" : "allow_never_expire",
+ "doc" : "If true, retained messages set to never expire (i.e., whose `Message-Expiry-Interval = 0`) are not affected by the expiry time override. This configuration only takes effect when `msg_expiry_interval_override` is set.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-retainer-S-retainer-msg_clear_interval",
+ "text" : "msg_clear_interval",
+ "doc" : "The time interval for checking and clearing expired retained messages. This can prevent expired retained messages from being stored for a long time.\n\nIf `msg_clear_interval` is set to 0, that is, expired retained messages are not actively checked regularly, EMQX will only check and delete expired retained messages when preparing for delivery.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"0s\""
+ },
+ {
+ "hash" : "V-retainer-S-retainer-max_payload_size",
+ "text" : "max_payload_size",
+ "doc" : "The maximum size of retained messages allowed to be stored. EMQX will refuse to store retained messages larger than this size and output an Error log with the keyword 'retain_failed_for_payload_size_exceeded_limit'.\n\n0 means unlimited retained message size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-retainer-S-retainer-stop_publish_clear_msg",
+ "text" : "stop_publish_clear_msg",
+ "doc" : "When the retained flag of the `PUBLISH` message is set and Payload is empty,\nwhether to continue to publish the message.\nSee:\nhttp://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718038",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-retainer-S-retainer-delivery_rate",
+ "aliases" : [
+ "deliver_rate"
+ ],
+ "text" : "delivery_rate",
+ "doc" : "The maximum rate of delivering retained messages",
+ "type" : "String",
+ "default" : "\"1000/s\""
+ },
+ {
+ "hash" : "V-retainer-S-retainer-max_publish_rate",
+ "text" : "max_publish_rate",
+ "doc" : "The maximum rate of publishing retained messages. Messages that are published over the limit are delivered but not stored as retained.",
+ "type" : "String",
+ "default" : "\"1000/s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-retainer-S-retainer-backend-S-mnesia_config",
+ "fields" : [
+ {
+ "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-type",
+ "text" : "type",
+ "doc" : "Backend type.",
+ "type" : "String(\"built_in_database\")",
+ "default" : "built_in_database"
+ },
+ {
+ "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-storage_type",
+ "text" : "storage_type",
+ "doc" : "Specifies whether the messages are stored in RAM or persisted on disc.",
+ "type" : "Enum(ram,disc)",
+ "default" : "ram"
+ },
+ {
+ "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-max_retained_messages",
+ "text" : "max_retained_messages",
+ "doc" : "Maximum number of retained messages. 0 means no limit.",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-index_specs",
+ "text" : "index_specs",
+ "doc" : "Retainer index specifications: list of arrays of positive ascending integers. Each array specifies an index. Numbers in an index specification are 1-based word positions in topics. Words from specified positions will be used for indexing.
For example, it is good to have [2, 4] index to optimize +/X/+/Y/... topic wildcard subscriptions.",
+ "type" : "Array(Integer)",
+ "default" : "[[1, 2, 3], [1, 3], [2, 3], [3]]"
+ }
+ ],
+ "text" : "mnesia_config",
+ "doc" : "Configuration of the internal database storing retained messages."
+ }
+ ],
+ "hash" : "V-retainer-S-retainer-backend",
+ "text" : "backend",
+ "doc" : "Settings for the database storing the retained messages.",
+ "type" : "Struct(mnesia_config)"
+ }
+ ],
+ "text" : "retainer",
+ "doc" : "Configuration related to handling `PUBLISH` packets with a `retain` flag set to 1."
+ }
+ ],
+ "hash" : "V-retainer",
+ "text" : "retainer",
+ "type" : "Struct(retainer)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-telemetry-S-telemetry",
+ "fields" : [
+ {
+ "hash" : "V-telemetry-S-telemetry-enable",
+ "text" : "enable",
+ "doc" : "Set to `false` disable telemetry data report",
+ "type" : "Boolean"
+ }
+ ],
+ "text" : "telemetry",
+ "doc" : "Whether to enable telemetry to allow EMQX to collect relevant usage information\nand share it with EMQ for the purpose of enhancing your product experience,\nand in no case will EMQX collect personal information about you,\nsuch as your MAC address, IP address, content of messages sent.\n\nSee https://docs.emqx.com/en/emqx/latest/telemetry/telemetry.html for more details."
+ }
+ ],
+ "hash" : "V-telemetry",
+ "text" : "telemetry",
+ "type" : "Struct(telemetry)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-delayed-S-delayed",
+ "fields" : [
+ {
+ "hash" : "V-delayed-S-delayed-max_delayed_messages",
+ "text" : "max_delayed_messages",
+ "doc" : "Maximum number of delayed messages (0 is no limit).",
+ "type" : "Integer",
+ "default" : "0"
+ }
+ ],
+ "text" : "delayed",
+ "doc" : "Settings for the delayed module."
+ }
+ ],
+ "hash" : "V-delayed",
+ "text" : "delayed",
+ "type" : "Struct(delayed)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-plugins-S-plugins",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-plugins-S-plugins-states-S-state",
+ "fields" : [
+ {
+ "hash" : "V-plugins-S-plugins-states-S-state-name_vsn",
+ "text" : "name_vsn",
+ "doc" : "The `{name}-{version}` of the plugin.
\nIt should match the plugin application name-version as plugin release package name
\nFor example: `my_plugin-0.1.0`.",
+ "type" : "String"
+ }
+ ],
+ "text" : "state",
+ "doc" : "A per-plugin config to describe the desired state of the plugin."
+ }
+ ],
+ "hash" : "V-plugins-S-plugins-states",
+ "text" : "states",
+ "doc" : "An array of plugins in the desired states.
\nThe plugins are started in the defined order",
+ "type" : "Array(Struct(state))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-plugins-S-plugins-install_dir",
+ "text" : "install_dir",
+ "doc" : "The installation directory for the external plugins.\nThe plugin beam files and configuration files should reside in\nthe subdirectory named as emqx_foo_bar-0.1.0.\n
\nNOTE: For security reasons, this directory should **NOT** be writable\nby anyone except emqx (or any user which runs EMQX).",
+ "type" : "String",
+ "default" : "plugins"
+ },
+ {
+ "hash" : "V-plugins-S-plugins-check_interval",
+ "text" : "check_interval",
+ "doc" : "Deprecated since 5.0.24.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "plugins",
+ "doc" : "Manage EMQX plugins.
\nPlugins can be pre-built as a part of EMQX package,\nor installed as a standalone package in a location specified by\ninstall_dir config key
\nThe standalone-installed plugins are referred to as 'external' plugins."
+ }
+ ],
+ "hash" : "V-plugins",
+ "text" : "plugins",
+ "type" : "Struct(plugins)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-listeners-S-listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-http-S-http",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-bind",
+ "text" : "bind",
+ "doc" : "Bind the listener to a specified address and port number, for example `127.0.0.1:18083`.\nIf configured with just the port number (e.g. `18083`) it's equivalent to binding to all addresses `0.0.0.0`.\nThe listener is disabled if `bind` is `0`.",
+ "type" : "String",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-num_acceptors",
+ "text" : "num_acceptors",
+ "doc" : "Socket acceptor pool size for TCP protocols. Default is the number of schedulers online",
+ "type" : "Integer",
+ "default" : "4"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "Integer",
+ "default" : "512"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-backlog",
+ "text" : "backlog",
+ "doc" : "Defines the maximum length that the queue of pending connections can grow to.",
+ "type" : "Integer",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "Send timeout for the socket.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-inet6",
+ "text" : "inet6",
+ "doc" : "Enable IPv6 support, default is false, which means IPv4 only.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-ipv6_v6only",
+ "text" : "ipv6_v6only",
+ "doc" : "Disable IPv4-to-IPv6 mapping for the listener.\nThe configuration is only valid when the inet6 is true.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-proxy_header",
+ "text" : "proxy_header",
+ "doc" : "Enable support for `HAProxy` header. Be aware once enabled regular HTTP requests can't be handled anymore.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "http",
+ "doc" : "Configuration for the dashboard listener (plaintext)."
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http",
+ "text" : "http",
+ "doc" : "Settings for the HTTP listener.",
+ "type" : "Struct(http)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-https-S-https",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-bind",
+ "text" : "bind",
+ "doc" : "Bind the listener to a specified address and port number, for example `127.0.0.1:18083`.\nIf configured with just the port number (e.g. `18083`) it's equivalent to binding to all addresses `0.0.0.0`.\nThe listener is disabled if `bind` is `0`.",
+ "type" : "String",
+ "default" : "0"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ssl_options",
+ "doc" : "SSL/TLS options for the dashboard listener."
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL/TLS options for the dashboard listener.",
+ "type" : "Struct(ssl_options)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-num_acceptors",
+ "text" : "num_acceptors",
+ "doc" : "Socket acceptor pool size for TCP protocols. Default is the number of schedulers online",
+ "type" : "Integer",
+ "default" : "4"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "Integer",
+ "default" : "512"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-backlog",
+ "text" : "backlog",
+ "doc" : "Defines the maximum length that the queue of pending connections can grow to.",
+ "type" : "Integer",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "Send timeout for the socket.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-inet6",
+ "text" : "inet6",
+ "doc" : "Enable IPv6 support, default is false, which means IPv4 only.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ipv6_v6only",
+ "text" : "ipv6_v6only",
+ "doc" : "Disable IPv4-to-IPv6 mapping for the listener.\nThe configuration is only valid when the inet6 is true.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-proxy_header",
+ "text" : "proxy_header",
+ "doc" : "Enable support for `HAProxy` header. Be aware once enabled regular HTTP requests can't be handled anymore.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "https",
+ "doc" : "Configuration for the dashboard listener (TLS)."
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https",
+ "text" : "https",
+ "type" : "Struct(https)"
+ }
+ ],
+ "text" : "listeners",
+ "doc" : "Configuration for the dashboard listener."
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-listeners",
+ "text" : "listeners",
+ "doc" : "HTTP(s) listeners are identified by their protocol type and are\nused to serve dashboard UI and restful HTTP API.\nListeners must have a unique combination of port number and IP address.\nFor example, an HTTP listener can listen on all configured IP addresses\non a given port for a machine by specifying the IP address 0.0.0.0.\nAlternatively, the HTTP listener can specify a unique IP address for each listener,\nbut use the same port.",
+ "type" : "Struct(listeners)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-default_password",
+ "text" : "default_password",
+ "doc" : "The password used to initialize a database record for `admin` user.\nNOTE: Changing the default password after it has been initialized (boot up for the fist time) has no effect.\nOnce initialized, the default password `public` must be changed from dashboard or CLI as soon as possible.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret",
+ "default" : "public"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-hwmark_expire_time",
+ "text" : "hwmark_expire_time",
+ "doc" : "Specifies the expiration interval for high watermark metrics, such as the session history high watermark (`sessions_hist_hwmark`).\nA high watermark remains valid for the configured duration.\nWhen it expires, the system scans the recorded values up to now and updates the high watermark to the highest observed value.\nNote: it must be no more than 7 days (`7d`)
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"7d\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-token_expired_time",
+ "text" : "token_expired_time",
+ "doc" : "JWT token expiration time. Default is 60 minutes
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"60m\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-password_expired_time",
+ "text" : "password_expired_time",
+ "doc" : "The expiration time for the password of users. The default value `0` means the password will never expire.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-cors",
+ "text" : "cors",
+ "doc" : "Support Cross-Origin Resource Sharing (CORS).\nAllows a server to indicate any origins (domain, scheme, or port) other than\nits own from which a browser should permit loading resources.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-swagger_support",
+ "text" : "swagger_support",
+ "doc" : "Enable or disable support for swagger API documentation.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-default_mfa-S-mfa_settings",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-default_mfa-S-mfa_settings-mechanism",
+ "text" : "mechanism",
+ "doc" : "Multifactor authentication mechanism.",
+ "type" : "Enum(totp)"
+ }
+ ],
+ "text" : "mfa_settings",
+ "doc" : "Multifactor authentication settings."
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-default_mfa",
+ "text" : "default_mfa",
+ "doc" : "Default Multifactor authentication settings for Dashboard.\nWhen set as `none`, MFA can be enabled per user from the dashboard.\nIf set as `{mechanism = totp}`, the user will be initialized with\na random TOTP secret when logging in for the first time.",
+ "type" : "OneOf(String(\"none\"),Struct(mfa_settings))",
+ "default" : "none"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-sso-S-sso",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-enable",
+ "text" : "enable",
+ "doc" : "Whether to enable this backend.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "Enum(ldap)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-query_timeout",
+ "text" : "query_timeout",
+ "doc" : "Timeout for the LDAP query.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-server",
+ "text" : "server",
+ "doc" : "The IPv4 or IPv6 address or the hostname to connect to.
\nA host entry has the following form: `Host[:Port]`.
\nThe LDAP default port 389 is used if `[:Port]` is not specified.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-pool_size",
+ "text" : "pool_size",
+ "doc" : "Size of the connection pool towards the bridge target service.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-username",
+ "text" : "username",
+ "doc" : "The username associated with the bridge in the external database used for authentication or identification purposes.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-password",
+ "text" : "password",
+ "doc" : "The password associated with the bridge, used for authentication with the external database.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "Sets the maximum time in milliseconds that is used for each individual request.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl",
+ "doc" : "SSL connection settings."
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-base_dn",
+ "text" : "base_dn",
+ "doc" : "The name of the base object entry (or possibly the root) relative to\nwhich the Search is to be performed.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-filter",
+ "text" : "filter",
+ "doc" : "The filter for matching users in LDAP is by default `(&(objectClass=person)(uid=${username}))`. For Active Directory, it should be set to `(&(objectClass=user)(sAMAccountName=${username}))` by default. Please refer to [LDAP Filters](https://ldap.com/ldap-filters/) for more details.",
+ "type" : "String",
+ "default" : "\"(& (objectClass=person) (uid=${username}))\""
+ }
+ ],
+ "text" : "ldap",
+ "doc" : "LDAP (Lightweight Directory Access Protocol) is a protocol for accessing and managing directory information services over a network. It can be used as a Single Sign-On (SSO) provider to authenticate users by binding to the LDAP server with their credentials."
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap",
+ "text" : "ldap",
+ "type" : "Struct(ldap)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-enable",
+ "text" : "enable",
+ "doc" : "Whether to enable this backend.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "Enum(oidc)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-issuer",
+ "text" : "issuer",
+ "doc" : "The URL of the OIDC issuer.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-clientid",
+ "text" : "clientid",
+ "doc" : "The clientId for this backend.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-secret",
+ "text" : "secret",
+ "doc" : "The client secret.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-scopes",
+ "text" : "scopes",
+ "doc" : "The scopes, its default value is `[\"openid\"]`.",
+ "type" : "Array(String)",
+ "default" : "[openid]"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-name_var",
+ "text" : "name_var",
+ "doc" : "A template to map OIDC user information to a Dashboard name, its default value is `${sub}`.",
+ "type" : "String",
+ "default" : "\"${sub}\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-dashboard_addr",
+ "text" : "dashboard_addr",
+ "doc" : "The address of the EMQX Dashboard.",
+ "type" : "String",
+ "default" : "\"http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-session_expiry",
+ "text" : "session_expiry",
+ "doc" : "The valid time span for an OIDC `state`, the default is `30s`, if the code response returned by the authorization server exceeds this time span, it will be treated as invalid.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-require_pkce",
+ "text" : "require_pkce",
+ "doc" : "Whether to require PKCE when getting the token.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-preferred_auth_methods",
+ "text" : "preferred_auth_methods",
+ "doc" : "Set the valid authentication methods and their priority.",
+ "type" : "Array(Enum(private_key_jwt,client_secret_jwt,client_secret_post,client_secret_basic,none))",
+ "default" : "[client_secret_post, client_secret_basic, none]"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-provider",
+ "text" : "provider",
+ "doc" : "The OIDC provider.",
+ "type" : "Enum(okta,generic)",
+ "default" : "generic"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-fallback_methods",
+ "text" : "fallback_methods",
+ "doc" : "Some providers do not provide all the method items in the provider configuration, set this value as a fallback for those items.",
+ "type" : "Array(String)",
+ "default" : "[RS256]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks-S-client_file_jwks",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks-S-client_file_jwks-type",
+ "text" : "type",
+ "doc" : "The JWKS source type.",
+ "type" : "Enum(file)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks-S-client_file_jwks-file",
+ "text" : "file",
+ "doc" : "The content of the JWKS.",
+ "type" : "String"
+ }
+ ],
+ "text" : "client_file_jwks",
+ "doc" : "Set JWKS from file."
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks",
+ "text" : "client_jwks",
+ "doc" : "Set JWK or JWKS here to enable the `private_key_jwt` authorization or the `DPoP` extension.",
+ "type" : "OneOf(String(\"none\"),Struct(client_file_jwks))",
+ "default" : "none"
+ }
+ ],
+ "text" : "oidc",
+ "doc" : "OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 protocol. It allows clients to verify the identity of end-users based on the authentication performed by an authorization server."
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc",
+ "text" : "oidc",
+ "type" : "Struct(oidc)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-sso-S-sso-saml-S-saml",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-enable",
+ "text" : "enable",
+ "doc" : "Whether to enable this backend.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-backend",
+ "text" : "backend",
+ "doc" : "Backend type.",
+ "type" : "Enum(saml)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-dashboard_addr",
+ "text" : "dashboard_addr",
+ "doc" : "The address of the EMQX Dashboard.",
+ "type" : "String",
+ "default" : "\"https://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-idp_metadata_url",
+ "text" : "idp_metadata_url",
+ "doc" : "The URL of the IdP metadata.",
+ "type" : "String",
+ "default" : "\"https://idp.example.com\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-sp_sign_request",
+ "text" : "sp_sign_request",
+ "doc" : "Whether to sign the SAML request.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-sp_public_key",
+ "text" : "sp_public_key",
+ "doc" : "The public key of the SP.",
+ "type" : "String",
+ "default" : "\"Pub Key\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-sp_private_key",
+ "text" : "sp_private_key",
+ "doc" : "The private key of the SP.",
+ "type" : "String"
+ }
+ ],
+ "text" : "saml",
+ "doc" : "saml"
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml",
+ "text" : "saml",
+ "type" : "Struct(saml)"
+ }
+ ],
+ "text" : "sso",
+ "doc" : "Dashboard Single Sign-On"
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-sso",
+ "text" : "sso",
+ "type" : "Struct(sso)"
+ }
+ ],
+ "text" : "dashboard",
+ "doc" : "Configuration for EMQX dashboard."
+ }
+ ],
+ "hash" : "V-dashboard",
+ "text" : "dashboard",
+ "type" : "Struct(dashboard)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-heartbeat",
+ "text" : "heartbeat",
+ "doc" : "The gateway server required minimum heartbeat interval.\nWhen connection mode is enabled, this parameter is used to set the minimum heartbeat interval for the connection to be alive
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-connection_required",
+ "text" : "connection_required",
+ "doc" : "Enable or disable connection mode.\nConnection mode is a feature of non-standard protocols. When connection mode is enabled, it is necessary to maintain the creation, authentication and alive of connection resources",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-notify_type",
+ "text" : "notify_type",
+ "doc" : "The Notification Message will be delivered to the CoAP client if a new message received on an observed topic.\nThe type of delivered coap message can be set to:
\n - non: Non-confirmable;
\n - con: Confirmable;
\n - qos: Mapping from QoS type of received message, QoS0 -> non, QoS1,2 -> con",
+ "type" : "Enum(non,con,qos)",
+ "default" : "qos"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-subscribe_qos",
+ "text" : "subscribe_qos",
+ "doc" : "The Default QoS Level indicator for subscribe request.\nThis option specifies the QoS level for the CoAP Client when establishing a subscription membership, if the subscribe request is not carried `qos` option. The indicator can be set to:
\n - qos0, qos1, qos2: Fixed default QoS level
\n - coap: Dynamic QoS level by the message type of subscribe request
\n * qos0: If the subscribe request is non-confirmable
\n * qos1: If the subscribe request is confirmable",
+ "type" : "Enum(qos0,qos1,qos2,coap)",
+ "default" : "coap"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-publish_qos",
+ "text" : "publish_qos",
+ "doc" : "The Default QoS Level indicator for publish request.\nThis option specifies the QoS level for the CoAP Client when publishing a message to EMQX PUB/SUB system, if the publish request is not carried `qos` option. The indicator can be set to:
\n - qos0, qos1, qos2: Fixed default QoS level
\n - coap: Dynamic QoS level by the message type of publish request
\n * qos0: If the publish request is non-confirmable
\n * qos1: If the publish request is confirmable",
+ "type" : "Enum(qos0,qos1,qos2,coap)",
+ "default" : "coap"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "The content of the request.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "The content to reply.",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check",
+ "text" : "health_check",
+ "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "Allow local reuse of port numbers.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "udp_listener",
+ "doc" : "Settings for UDP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp",
+ "text" : "udp",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(udp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "The content of the request.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "The content to reply.",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check",
+ "text" : "health_check",
+ "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "Allow local reuse of port numbers.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"dtlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "URL for the OCSP responder to check the server certificate against.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "Whether to enable CRL verification for this listener.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "dtls_opts",
+ "doc" : "Settings for DTLS protocol."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options",
+ "text" : "dtls_options",
+ "doc" : "DTLS socket options",
+ "type" : "Struct(dtls_opts)"
+ }
+ ],
+ "text" : "dtls_listener",
+ "doc" : "Settings for DTLS listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls",
+ "text" : "dtls",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(dtls_listener))"
+ }
+ ],
+ "text" : "udp_listeners",
+ "doc" : "Settings for the UDP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners",
+ "text" : "listeners",
+ "type" : "Struct(udp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "Whether to enable client process statistic",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "Template for overriding username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "Template for overriding password.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "Template for overriding clientid.",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override.",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "coap",
+ "doc" : "The CoAP protocol gateway provides EMQX with the access capability of the CoAP protocol.\nIt allows publishing, subscribing, and receiving messages to EMQX in accordance\nwith a certain defined CoAP message format."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap",
+ "text" : "coap",
+ "type" : "Struct(coap)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-bind",
+ "text" : "bind",
+ "doc" : "Listening address and port for the gRPC server.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ssl_server_opts",
+ "doc" : "SSL configuration for the server."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL configuration for the gRPC server.",
+ "type" : "Struct(ssl_server_opts)"
+ }
+ ],
+ "text" : "exproto_grpc_server",
+ "doc" : "Settings for the exproto gRPC server."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server",
+ "text" : "server",
+ "doc" : "Configurations for starting the ConnectionAdapter service",
+ "type" : "Struct(exproto_grpc_server)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-address",
+ "text" : "address",
+ "doc" : "gRPC server address.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-service_name",
+ "text" : "service_name",
+ "doc" : "The service name to handle the connection events.\nIn the initial version, we expected to use streams to improve the efficiency\nof requests in `ConnectionHandler`. But unfortunately, events between different\nstreams are out of order. It causes the `OnSocketCreated` event to may arrive\nlater than `OnReceivedBytes`.\nSo we added the `ConnectionUnaryHandler` service since v5.0.25 and forced\nthe use of Unary in it to avoid ordering problems.",
+ "type" : "OneOf(String(\"ConnectionHandler\"),String(\"ConnectionUnaryHandler\"))",
+ "default" : "ConnectionUnaryHandler"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL configuration for the gRPC client.",
+ "type" : "Struct(ssl_client_opts)"
+ }
+ ],
+ "text" : "exproto_grpc_handler",
+ "doc" : "Settings for the exproto gRPC connection handler."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler",
+ "text" : "handler",
+ "doc" : "Configurations for request to ConnectionHandler service",
+ "type" : "Struct(exproto_grpc_handler)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "tcp_listener",
+ "doc" : "Settings for TCP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp",
+ "text" : "tcp",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(tcp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "URL for the OCSP responder to check the server certificate against.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "Whether to enable CRL verification for this listener.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "listener_ssl_opts",
+ "doc" : "Socket options for SSL connections."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL Socket options.",
+ "type" : "Struct(listener_ssl_opts)"
+ }
+ ],
+ "text" : "ssl_listener",
+ "doc" : "Settings for SSL listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl",
+ "text" : "ssl",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(ssl_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "The content of the request.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "The content to reply.",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check",
+ "text" : "health_check",
+ "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "Allow local reuse of port numbers.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "udp_listener",
+ "doc" : "Settings for UDP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp",
+ "text" : "udp",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(udp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "The content of the request.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "The content to reply.",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check",
+ "text" : "health_check",
+ "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "Allow local reuse of port numbers.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"dtlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "URL for the OCSP responder to check the server certificate against.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "Whether to enable CRL verification for this listener.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "dtls_opts",
+ "doc" : "Settings for DTLS protocol."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options",
+ "text" : "dtls_options",
+ "doc" : "DTLS socket options",
+ "type" : "Struct(dtls_opts)"
+ }
+ ],
+ "text" : "dtls_listener",
+ "doc" : "Settings for DTLS listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls",
+ "text" : "dtls",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(dtls_listener))"
+ }
+ ],
+ "text" : "tcp_udp_listeners",
+ "doc" : "Settings for TCP and UDP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners",
+ "text" : "listeners",
+ "type" : "Struct(tcp_udp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "Whether to enable client process statistic",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "Template for overriding username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "Template for overriding password.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "Template for overriding clientid.",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override.",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "exproto",
+ "doc" : "Settings for EMQX extension protocol (exproto)."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto",
+ "text" : "exproto",
+ "type" : "Struct(exproto)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String",
+ "default" : "\"gbt32960/${clientid}/\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Re-send time interval
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"8s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-max_retry_times",
+ "text" : "max_retry_times",
+ "doc" : "Re-send max times",
+ "type" : "Integer(0..+inf)",
+ "default" : "3"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-message_queue_len",
+ "text" : "message_queue_len",
+ "doc" : "Max message queue length",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "tcp_listener",
+ "doc" : "Settings for TCP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp",
+ "text" : "tcp",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(tcp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "URL for the OCSP responder to check the server certificate against.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "Whether to enable CRL verification for this listener.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "listener_ssl_opts",
+ "doc" : "Socket options for SSL connections."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL Socket options.",
+ "type" : "Struct(listener_ssl_opts)"
+ }
+ ],
+ "text" : "ssl_listener",
+ "doc" : "Settings for SSL listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl",
+ "text" : "ssl",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(ssl_listener))"
+ }
+ ],
+ "text" : "tcp_listeners",
+ "doc" : "Settings for the TCP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners",
+ "text" : "listeners",
+ "type" : "Struct(tcp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "Whether to enable client process statistic",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "Template for overriding username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "Template for overriding password.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "Template for overriding clientid.",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override.",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "gbt32960",
+ "doc" : "The GBT-32960 gateway"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960",
+ "text" : "gbt32960",
+ "type" : "Struct(gbt32960)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-frame-S-jt808_frame",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-frame-S-jt808_frame-max_length",
+ "text" : "max_length",
+ "doc" : "The maximum length of the JT/T 808 frame.",
+ "type" : "Integer(0..+inf)",
+ "default" : "8192"
+ }
+ ],
+ "text" : "jt808_frame",
+ "doc" : "Limits for the JT/T 808 frames."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-frame",
+ "text" : "frame",
+ "type" : "Struct(jt808_frame)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true-allow_anonymous",
+ "text" : "allow_anonymous",
+ "doc" : "Allow anonymous access to the JT/T 808 Gateway.",
+ "type" : "OneOf(String(\"true\"))"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true-registry",
+ "text" : "registry",
+ "doc" : "The JT/T 808 device registry central URL.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true-authentication",
+ "text" : "authentication",
+ "doc" : "The JT/T 808 device authentication central URL.",
+ "type" : "String"
+ }
+ ],
+ "text" : "anonymous_true",
+ "doc" : "Allow anonymous access to the JT/T 808 Gateway."
+ },
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false-allow_anonymous",
+ "text" : "allow_anonymous",
+ "doc" : "Allow anonymous access to the JT/T 808 Gateway.",
+ "type" : "OneOf(String(\"false\"))"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false-registry",
+ "text" : "registry",
+ "doc" : "The JT/T 808 device registry central URL.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false-authentication",
+ "text" : "authentication",
+ "doc" : "The JT/T 808 device authentication central URL.",
+ "type" : "String"
+ }
+ ],
+ "text" : "anonymous_false",
+ "doc" : "Allow anonymous access to the JT/T 808 Gateway."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth",
+ "text" : "auth",
+ "doc" : "Authentication settings of the JT/T 808 Gateway.",
+ "type" : "OneOf(Struct(anonymous_true),Struct(anonymous_false))"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-up_topic",
+ "text" : "up_topic",
+ "doc" : "The topic of the JT/T 808 protocol upstream message.",
+ "type" : "String",
+ "default" : "\"jt808/${clientid}/${phone}/up\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-dn_topic",
+ "text" : "dn_topic",
+ "doc" : "The topic of the JT/T 808 protocol downstream message.",
+ "type" : "String",
+ "default" : "\"jt808/${clientid}/${phone}/dn\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-ignore_unsupported_frames",
+ "text" : "ignore_unsupported_frames",
+ "doc" : "Whether to ignore unsupported frames.
\n- true, unsupported frames will be logged and ignored.
\n- false, the gateway will disconnect the client when receiving an unsupported frame.
\nThe default value is true.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "jt808_proto",
+ "doc" : "The JT/T 808 protocol options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto",
+ "text" : "proto",
+ "type" : "Struct(jt808_proto)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String",
+ "default" : "\"jt808/${clientid}/\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Re-send time interval
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"8s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-max_retry_times",
+ "text" : "max_retry_times",
+ "doc" : "Re-send max times",
+ "type" : "Integer(0..+inf)",
+ "default" : "3"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-message_queue_len",
+ "text" : "message_queue_len",
+ "doc" : "Max message queue length",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "tcp_listener",
+ "doc" : "Settings for TCP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp",
+ "text" : "tcp",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(tcp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "URL for the OCSP responder to check the server certificate against.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "Whether to enable CRL verification for this listener.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "listener_ssl_opts",
+ "doc" : "Socket options for SSL connections."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL Socket options.",
+ "type" : "Struct(listener_ssl_opts)"
+ }
+ ],
+ "text" : "ssl_listener",
+ "doc" : "Settings for SSL listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl",
+ "text" : "ssl",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(ssl_listener))"
+ }
+ ],
+ "text" : "tcp_listeners",
+ "doc" : "Settings for the TCP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners",
+ "text" : "listeners",
+ "type" : "Struct(tcp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "Whether to enable client process statistic",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "Template for overriding username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "Template for overriding password.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "Template for overriding clientid.",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override.",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "jt808",
+ "doc" : "The JT/T 808 protocol gateway provides EMQX with the ability to access JT/T 808 protocol devices."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808",
+ "text" : "jt808",
+ "type" : "Struct(jt808)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-xml_dir",
+ "text" : "xml_dir",
+ "doc" : "The Directory for LwM2M Resource definition.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-lifetime_min",
+ "text" : "lifetime_min",
+ "doc" : "Minimum value of lifetime allowed to be set by the LwM2M client.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-lifetime_max",
+ "text" : "lifetime_max",
+ "doc" : "Maximum value of lifetime allowed to be set by the LwM2M client.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"86400s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-qmode_time_window",
+ "text" : "qmode_time_window",
+ "doc" : "The value of the time window during which the network link is considered valid by the LwM2M Gateway in QMode mode.\nFor example, after receiving an update message from a client, any messages within this time window are sent directly to the LwM2M client, and all messages beyond this time window are temporarily stored in memory.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"22s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-auto_observe",
+ "text" : "auto_observe",
+ "doc" : "Automatically observe the object list of REGISTER packet.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-update_msg_publish_condition",
+ "text" : "update_msg_publish_condition",
+ "doc" : "Policy for publishing UPDATE event message.
\n - always: send update events as long as the UPDATE request is received.
\n - contains_object_list: send update events only if the UPDATE request carries any Object List",
+ "type" : "Enum(always,contains_object_list)",
+ "default" : "contains_object_list"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator-topic",
+ "text" : "topic",
+ "doc" : "Topic Name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator-qos",
+ "text" : "qos",
+ "doc" : "QoS Level",
+ "type" : "Integer(0..2)",
+ "default" : "0"
+ }
+ ],
+ "text" : "translator",
+ "doc" : "MQTT topic that corresponds to a particular type of event."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command",
+ "text" : "command",
+ "doc" : "The topic for receiving downstream commands.\nFor each new LwM2M client that succeeds in going online, the gateway creates a subscription relationship to receive downstream commands and send it to the LwM2M client",
+ "type" : "Struct(translator)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator-topic",
+ "text" : "topic",
+ "doc" : "Topic Name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator-qos",
+ "text" : "qos",
+ "doc" : "QoS Level",
+ "type" : "Integer(0..2)",
+ "default" : "0"
+ }
+ ],
+ "text" : "translator",
+ "doc" : "MQTT topic that corresponds to a particular type of event."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response",
+ "text" : "response",
+ "doc" : "The topic for gateway to publish the acknowledge events from LwM2M client",
+ "type" : "Struct(translator)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator-topic",
+ "text" : "topic",
+ "doc" : "Topic Name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator-qos",
+ "text" : "qos",
+ "doc" : "QoS Level",
+ "type" : "Integer(0..2)",
+ "default" : "0"
+ }
+ ],
+ "text" : "translator",
+ "doc" : "MQTT topic that corresponds to a particular type of event."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify",
+ "text" : "notify",
+ "doc" : "The topic for gateway to publish the notify events from LwM2M client.\nAfter succeed observe a resource of LwM2M client, Gateway will send the notify events via this topic, if the client reports any resource changes",
+ "type" : "Struct(translator)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator-topic",
+ "text" : "topic",
+ "doc" : "Topic Name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator-qos",
+ "text" : "qos",
+ "doc" : "QoS Level",
+ "type" : "Integer(0..2)",
+ "default" : "0"
+ }
+ ],
+ "text" : "translator",
+ "doc" : "MQTT topic that corresponds to a particular type of event."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register",
+ "text" : "register",
+ "doc" : "The topic for gateway to publish the register events from LwM2M client.",
+ "type" : "Struct(translator)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator-topic",
+ "text" : "topic",
+ "doc" : "Topic Name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator-qos",
+ "text" : "qos",
+ "doc" : "QoS Level",
+ "type" : "Integer(0..2)",
+ "default" : "0"
+ }
+ ],
+ "text" : "translator",
+ "doc" : "MQTT topic that corresponds to a particular type of event."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update",
+ "text" : "update",
+ "doc" : "The topic for gateway to publish the update events from LwM2M client",
+ "type" : "Struct(translator)"
+ }
+ ],
+ "text" : "lwm2m_translators",
+ "doc" : "MQTT topics that correspond to LwM2M events."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators",
+ "text" : "translators",
+ "doc" : "Topic configuration for LwM2M's gateway publishing and subscription.",
+ "type" : "Struct(lwm2m_translators)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String",
+ "default" : "\"lwm2m/${endpoint_name}/\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "The content of the request.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "The content to reply.",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check",
+ "text" : "health_check",
+ "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "Allow local reuse of port numbers.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "udp_listener",
+ "doc" : "Settings for UDP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp",
+ "text" : "udp",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(udp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "The content of the request.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "The content to reply.",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check",
+ "text" : "health_check",
+ "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "Allow local reuse of port numbers.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"dtlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "URL for the OCSP responder to check the server certificate against.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "Whether to enable CRL verification for this listener.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "dtls_opts",
+ "doc" : "Settings for DTLS protocol."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options",
+ "text" : "dtls_options",
+ "doc" : "DTLS socket options",
+ "type" : "Struct(dtls_opts)"
+ }
+ ],
+ "text" : "dtls_listener",
+ "doc" : "Settings for DTLS listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls",
+ "text" : "dtls",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(dtls_listener))"
+ }
+ ],
+ "text" : "udp_listeners",
+ "doc" : "Settings for the UDP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners",
+ "text" : "listeners",
+ "type" : "Struct(udp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "Whether to enable client process statistic",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "Template for overriding username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "Template for overriding password.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "Template for overriding clientid.",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override.",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "lwm2m",
+ "doc" : "The LwM2M protocol gateway."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m",
+ "text" : "lwm2m",
+ "type" : "Struct(lwm2m)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-gateway_id",
+ "text" : "gateway_id",
+ "doc" : "MQTT-SN Gateway ID.\nWhen the broadcast option is enabled, the gateway will broadcast ADVERTISE message with this value",
+ "type" : "Integer",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-broadcast",
+ "text" : "broadcast",
+ "doc" : "Whether to periodically broadcast ADVERTISE messages",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-enable_qos3",
+ "text" : "enable_qos3",
+ "doc" : "Allows connectionless clients to publish messages with a Qos of -1.\nThis feature is defined for very simple client implementations which do not support any other features except this one. There is no connection setup nor tear down, no registration nor subscription. The client just sends its 'PUBLISH' messages to a GW",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-subs_resume",
+ "text" : "subs_resume",
+ "doc" : "Whether to initiate all subscribed topic name registration messages to the client after the Session has been taken over by a new channel",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined-id",
+ "text" : "id",
+ "doc" : "Topic ID. Range: 1-65535",
+ "type" : "Integer(1..1024)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined-topic",
+ "text" : "topic",
+ "doc" : "Topic Name",
+ "type" : "String"
+ }
+ ],
+ "text" : "mqttsn_predefined",
+ "doc" : "The pre-defined topic name corresponding to the pre-defined topic\nID of N.\n\nNote: the pre-defined topic ID of 0 is reserved."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined",
+ "text" : "predefined",
+ "doc" : "The pre-defined topic IDs and topic names.\nA 'pre-defined' topic ID is a topic ID whose mapping to a topic name is known in advance by both the client's application and the gateway",
+ "type" : "Array(Struct(mqttsn_predefined))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "The content of the request.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "The content to reply.",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check",
+ "text" : "health_check",
+ "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "Allow local reuse of port numbers.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "udp_listener",
+ "doc" : "Settings for UDP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp",
+ "text" : "udp",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(udp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "The content of the request.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "The content to reply.",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check",
+ "text" : "health_check",
+ "doc" : "Some Cloud platform use a `request-reply` mechanism to check whether a UDP port is healthy, here can configure this pair.",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for the socket.\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Size of the kernel-space receive buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Size of the kernel-space send buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Size of the user-space buffer for the socket.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "Allow local reuse of port numbers.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"dtlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "URL for the OCSP responder to check the server certificate against.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "Whether to enable CRL verification for this listener.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "dtls_opts",
+ "doc" : "Settings for DTLS protocol."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options",
+ "text" : "dtls_options",
+ "doc" : "DTLS socket options",
+ "type" : "Struct(dtls_opts)"
+ }
+ ],
+ "text" : "dtls_listener",
+ "doc" : "Settings for DTLS listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls",
+ "text" : "dtls",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(dtls_listener))"
+ }
+ ],
+ "text" : "udp_listeners",
+ "doc" : "Settings for the UDP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners",
+ "text" : "listeners",
+ "type" : "Struct(udp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "Whether to enable client process statistic",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "Template for overriding username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "Template for overriding password.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "Template for overriding clientid.",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override.",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "mqttsn",
+ "doc" : "The MQTT-SN (MQTT for Sensor Networks) protocol gateway."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn",
+ "text" : "mqttsn",
+ "type" : "Struct(mqttsn)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String",
+ "default" : "\"ocpp/\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-default_heartbeat_interval",
+ "text" : "default_heartbeat_interval",
+ "doc" : "The default Heartbeat time interval
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-heartbeat_checking_times_backoff",
+ "text" : "heartbeat_checking_times_backoff",
+ "doc" : "The backoff for heartbeat checking times",
+ "type" : "Integer",
+ "default" : "1"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-topic",
+ "text" : "topic",
+ "doc" : "The topic for Upload stream Call Request messages.",
+ "type" : "String",
+ "default" : "\"cp/${cid}\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-topic_override_mapping",
+ "text" : "topic_override_mapping",
+ "doc" : "Upload stream topic override mapping by Message Name.",
+ "type" : "Map($name->String)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-reply_topic",
+ "text" : "reply_topic",
+ "doc" : "The topic for Upload stream Reply messages.",
+ "type" : "String",
+ "default" : "\"cp/${cid}/Reply\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-error_topic",
+ "text" : "error_topic",
+ "doc" : "The topic for Upload stream error topic.",
+ "type" : "String",
+ "default" : "\"cp/${cid}/Reply\""
+ }
+ ],
+ "text" : "upstream",
+ "doc" : "Upload stream topic to notify third-party system what's messages/events reported by Charge Point. Available placeholders:\n- cid: Charge Point ID\n- clientid: Equal to Charge Point ID\n- action: Message Name in OCPP"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream",
+ "text" : "upstream",
+ "type" : "Struct(upstream)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-dnstream-S-dnstream",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-dnstream-S-dnstream-topic",
+ "text" : "topic",
+ "doc" : "Download stream topic to receive request/control messages from third-party system.\nThis value is a wildcard topic name that subscribed by every connected Charge Point.",
+ "type" : "String",
+ "default" : "\"cs/${cid}\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-dnstream-S-dnstream-max_mqueue_len",
+ "text" : "max_mqueue_len",
+ "doc" : "The maximum message queue length for download stream message delivery.",
+ "type" : "Integer",
+ "default" : "100"
+ }
+ ],
+ "text" : "dnstream",
+ "doc" : "Download stream topic to forward the system message to device. Available placeholders:\n- cid: Charge Point ID\n- clientid: Equal to Charge Point ID\n- action: Message Name in OCPP"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-dnstream",
+ "text" : "dnstream",
+ "type" : "Struct(dnstream)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-message_format_checking",
+ "text" : "message_format_checking",
+ "doc" : "Whether to enable message format legality checking.\nEMQX checks the message format of the upload stream and download stream against the\nformat defined in json-schema.\nWhen the check fails, emqx will reply with a corresponding answer message.\n\nThe checking strategy can be one of the following values:\n- all: check all messages\n- upstream_only: check upload stream messages only\n- dnstream_only: check download stream messages only\n- disable: don't check any messages",
+ "type" : "OneOf(String(\"all\"),String(\"upstream_only\"),String(\"dnstream_only\"),String(\"disable\"))",
+ "default" : "disable"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-json_schema_dir",
+ "text" : "json_schema_dir",
+ "doc" : "JSON Schema directory for OCPP message definitions.\nDefault: ${application}/priv/schemas",
+ "type" : "String",
+ "default" : "\"${application_priv}/schemas\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-json_schema_id_prefix",
+ "text" : "json_schema_id_prefix",
+ "doc" : "The ID prefix for the OCPP message schemas.",
+ "type" : "String",
+ "default" : "\"urn:OCPP:1.6:2019:12:\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-path",
+ "text" : "path",
+ "doc" : "WebSocket's MQTT protocol path. So the address of EMQX Broker's WebSocket is:\nws://{ip}:{port}/mqtt",
+ "type" : "String",
+ "default" : "\"/ocpp\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-piggyback",
+ "text" : "piggyback",
+ "doc" : "Whether a WebSocket message is allowed to contain multiple MQTT packets.",
+ "type" : "Enum(single,multiple)",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-compress",
+ "text" : "compress",
+ "doc" : "If true, compress WebSocket messages using zlib.
\nThe configuration items under deflate_opts belong to the compression-related parameter configuration.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The timeout for waiting for the WebSocket upgrade request. After the timeout, the connection will be closed.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"7200s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-max_frame_size",
+ "text" : "max_frame_size",
+ "doc" : "The maximum length of a single MQTT packet.",
+ "type" : "OneOf(String(\"infinity\"),Integer)",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-fail_if_no_subprotocol",
+ "text" : "fail_if_no_subprotocol",
+ "doc" : "If true, the server will return an error when\n the client does not carry the Sec-WebSocket-Protocol field.\n
Note: WeChat applet needs to disable this verification.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-supported_subprotocols",
+ "text" : "supported_subprotocols",
+ "doc" : "Comma-separated list of supported subprotocols.",
+ "type" : "String",
+ "default" : "\"ocpp1.6, ocpp2.0\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-check_origin_enable",
+ "text" : "check_origin_enable",
+ "doc" : "If true, origin HTTP header will be\n validated against the list of allowed origins configured in check_origins\n parameter.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-allow_origin_absence",
+ "text" : "allow_origin_absence",
+ "doc" : "If false and check_origin_enable is\n true, the server will reject requests that don't have origin\n HTTP header.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-check_origins",
+ "text" : "check_origins",
+ "doc" : "List of allowed origins.
See check_origin_enable.",
+ "type" : "String",
+ "default" : "\"http://localhost:18083, http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-proxy_address_header",
+ "text" : "proxy_address_header",
+ "doc" : "HTTP header used to pass information about the client IP address.\nRelevant when the EMQX cluster is deployed behind a load-balancer.",
+ "type" : "String",
+ "default" : "\"x-forwarded-for\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-proxy_port_header",
+ "text" : "proxy_port_header",
+ "doc" : "HTTP header used to pass information about the client port. Relevant when the EMQX cluster is deployed behind a load-balancer.",
+ "type" : "String",
+ "default" : "\"x-forwarded-port\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-level",
+ "text" : "level",
+ "doc" : "Compression level.",
+ "type" : "Enum(none,default,best_compression,best_speed)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-mem_level",
+ "text" : "mem_level",
+ "doc" : "Specifies the size of the compression state.
\nLower values decrease memory usage per connection.",
+ "type" : "Integer(1..9)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-strategy",
+ "text" : "strategy",
+ "doc" : "Specifies the compression strategy.",
+ "type" : "Enum(default,filtered,huffman_only,rle)",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_context_takeover",
+ "text" : "server_context_takeover",
+ "doc" : "Takeover means the compression state is retained between server messages.",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_context_takeover",
+ "text" : "client_context_takeover",
+ "doc" : "Takeover means the compression state is retained between client messages.",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_max_window_bits",
+ "text" : "server_max_window_bits",
+ "doc" : "Specifies the size of the compression context for the server.",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_max_window_bits",
+ "text" : "client_max_window_bits",
+ "doc" : "Specifies the size of the compression context for the client.",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ }
+ ],
+ "text" : "deflate_opts",
+ "doc" : "Compression options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts",
+ "text" : "deflate_opts",
+ "type" : "Struct(deflate_opts)"
+ }
+ ],
+ "text" : "websocket",
+ "doc" : "Websocket options"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket",
+ "text" : "websocket",
+ "type" : "Struct(websocket)"
+ }
+ ],
+ "text" : "ws_listener",
+ "doc" : "Websocket listener"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws",
+ "text" : "ws",
+ "doc" : "Websocket listener.",
+ "type" : "Map($name->Struct(ws_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "listener_wss_opts",
+ "doc" : "Socket options for WebSocket/SSL connections."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL Socket options.",
+ "type" : "Struct(listener_wss_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-path",
+ "text" : "path",
+ "doc" : "WebSocket's MQTT protocol path. So the address of EMQX Broker's WebSocket is:\nws://{ip}:{port}/mqtt",
+ "type" : "String",
+ "default" : "\"/ocpp\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-piggyback",
+ "text" : "piggyback",
+ "doc" : "Whether a WebSocket message is allowed to contain multiple MQTT packets.",
+ "type" : "Enum(single,multiple)",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-compress",
+ "text" : "compress",
+ "doc" : "If true, compress WebSocket messages using zlib.
\nThe configuration items under deflate_opts belong to the compression-related parameter configuration.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The timeout for waiting for the WebSocket upgrade request. After the timeout, the connection will be closed.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"7200s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-max_frame_size",
+ "text" : "max_frame_size",
+ "doc" : "The maximum length of a single MQTT packet.",
+ "type" : "OneOf(String(\"infinity\"),Integer)",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-fail_if_no_subprotocol",
+ "text" : "fail_if_no_subprotocol",
+ "doc" : "If true, the server will return an error when\n the client does not carry the Sec-WebSocket-Protocol field.\n
Note: WeChat applet needs to disable this verification.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-supported_subprotocols",
+ "text" : "supported_subprotocols",
+ "doc" : "Comma-separated list of supported subprotocols.",
+ "type" : "String",
+ "default" : "\"ocpp1.6, ocpp2.0\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-check_origin_enable",
+ "text" : "check_origin_enable",
+ "doc" : "If true, origin HTTP header will be\n validated against the list of allowed origins configured in check_origins\n parameter.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-allow_origin_absence",
+ "text" : "allow_origin_absence",
+ "doc" : "If false and check_origin_enable is\n true, the server will reject requests that don't have origin\n HTTP header.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-check_origins",
+ "text" : "check_origins",
+ "doc" : "List of allowed origins.
See check_origin_enable.",
+ "type" : "String",
+ "default" : "\"http://localhost:18083, http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-proxy_address_header",
+ "text" : "proxy_address_header",
+ "doc" : "HTTP header used to pass information about the client IP address.\nRelevant when the EMQX cluster is deployed behind a load-balancer.",
+ "type" : "String",
+ "default" : "\"x-forwarded-for\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-proxy_port_header",
+ "text" : "proxy_port_header",
+ "doc" : "HTTP header used to pass information about the client port. Relevant when the EMQX cluster is deployed behind a load-balancer.",
+ "type" : "String",
+ "default" : "\"x-forwarded-port\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-level",
+ "text" : "level",
+ "doc" : "Compression level.",
+ "type" : "Enum(none,default,best_compression,best_speed)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-mem_level",
+ "text" : "mem_level",
+ "doc" : "Specifies the size of the compression state.
\nLower values decrease memory usage per connection.",
+ "type" : "Integer(1..9)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-strategy",
+ "text" : "strategy",
+ "doc" : "Specifies the compression strategy.",
+ "type" : "Enum(default,filtered,huffman_only,rle)",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_context_takeover",
+ "text" : "server_context_takeover",
+ "doc" : "Takeover means the compression state is retained between server messages.",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_context_takeover",
+ "text" : "client_context_takeover",
+ "doc" : "Takeover means the compression state is retained between client messages.",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_max_window_bits",
+ "text" : "server_max_window_bits",
+ "doc" : "Specifies the size of the compression context for the server.",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_max_window_bits",
+ "text" : "client_max_window_bits",
+ "doc" : "Specifies the size of the compression context for the client.",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ }
+ ],
+ "text" : "deflate_opts",
+ "doc" : "Compression options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts",
+ "text" : "deflate_opts",
+ "type" : "Struct(deflate_opts)"
+ }
+ ],
+ "text" : "websocket",
+ "doc" : "Websocket options"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket",
+ "text" : "websocket",
+ "type" : "Struct(websocket)"
+ }
+ ],
+ "text" : "wss_listener",
+ "doc" : "Websocket over TLS listener"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss",
+ "text" : "wss",
+ "doc" : "Websocket over TLS listener.",
+ "type" : "Map($name->Struct(wss_listener))"
+ }
+ ],
+ "text" : "ws_listeners",
+ "doc" : "Websocket listeners"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners",
+ "text" : "listeners",
+ "type" : "Struct(ws_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "Whether to enable client process statistic",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "Template for overriding username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "Template for overriding password.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "Template for overriding clientid.",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override.",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "ocpp",
+ "doc" : "The OCPP gateway"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp",
+ "text" : "ocpp",
+ "type" : "Struct(ocpp)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_headers",
+ "text" : "max_headers",
+ "doc" : "The maximum number of Header",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_headers_length",
+ "text" : "max_headers_length",
+ "doc" : "The maximum string length of the Header Value",
+ "type" : "Integer(0..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_body_length",
+ "text" : "max_body_length",
+ "doc" : "Maximum number of bytes of Body allowed per Stomp packet",
+ "type" : "Integer",
+ "default" : "65536"
+ }
+ ],
+ "text" : "stomp_frame",
+ "doc" : "Size limits for the STOMP frames."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame",
+ "text" : "frame",
+ "type" : "Struct(stomp_frame)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "tcp_listener",
+ "doc" : "Settings for TCP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp",
+ "text" : "tcp",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(tcp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "URL for the OCSP responder to check the server certificate against.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "Whether to enable CRL verification for this listener.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "listener_ssl_opts",
+ "doc" : "Socket options for SSL connections."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL Socket options.",
+ "type" : "Struct(listener_ssl_opts)"
+ }
+ ],
+ "text" : "ssl_listener",
+ "doc" : "Settings for SSL listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl",
+ "text" : "ssl",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(ssl_listener))"
+ }
+ ],
+ "text" : "tcp_listeners",
+ "doc" : "Settings for the TCP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners",
+ "text" : "listeners",
+ "type" : "Struct(tcp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "Whether to enable client process statistic",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "Template for overriding username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "Template for overriding password.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "Template for overriding clientid.",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override.",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "stomp",
+ "doc" : "The STOMP protocol gateway provides EMQX with the ability to access STOMP\n(Simple (or Streaming) Text Orientated Messaging Protocol) protocol."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp",
+ "text" : "stomp",
+ "type" : "Struct(stomp)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-server_id",
+ "text" : "server_id",
+ "doc" : "Server ID.",
+ "type" : "String",
+ "default" : "emqx_nats_gateway"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-server_name",
+ "text" : "server_name",
+ "doc" : "Server Name.",
+ "type" : "String",
+ "default" : "emqx_nats_gateway"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-default_heartbeat_interval",
+ "text" : "default_heartbeat_interval",
+ "doc" : "Default heartbeat interval for server-to-client PING messages. Default: 30.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-heartbeat_wait_timeout",
+ "text" : "heartbeat_wait_timeout",
+ "doc" : "Heartbeat timeout threshold. The server will mark a client as offline\nif no heartbeat response is received within this period. Default: 5s.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-protocol-S-protocol",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-protocol-S-protocol-max_payload_size",
+ "text" : "max_payload_size",
+ "doc" : "The maximum number of bytes of Payload allowed per NATS PUB/HPUB message.",
+ "type" : "Integer(0..+inf)",
+ "default" : "1048576"
+ }
+ ],
+ "text" : "protocol",
+ "doc" : "A group of settings for NATS Server protocol."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-protocol",
+ "text" : "protocol",
+ "type" : "Struct(protocol)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-path",
+ "text" : "path",
+ "doc" : "WebSocket's MQTT protocol path. So the address of EMQX Broker's WebSocket is:\nws://{ip}:{port}/mqtt",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-piggyback",
+ "text" : "piggyback",
+ "doc" : "Whether a WebSocket message is allowed to contain multiple MQTT packets.",
+ "type" : "Enum(single,multiple)",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-compress",
+ "text" : "compress",
+ "doc" : "If true, compress WebSocket messages using zlib.
\nThe configuration items under deflate_opts belong to the compression-related parameter configuration.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The timeout for waiting for the WebSocket upgrade request. After the timeout, the connection will be closed.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"7200s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-max_frame_size",
+ "text" : "max_frame_size",
+ "doc" : "The maximum length of a single MQTT packet.",
+ "type" : "OneOf(String(\"infinity\"),Integer)",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-fail_if_no_subprotocol",
+ "text" : "fail_if_no_subprotocol",
+ "doc" : "If true, the server will return an error when\n the client does not carry the Sec-WebSocket-Protocol field.\n
Note: WeChat applet needs to disable this verification.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-supported_subprotocols",
+ "text" : "supported_subprotocols",
+ "doc" : "Comma-separated list of supported subprotocols.",
+ "type" : "String",
+ "default" : "\"NATS/1.0, NATS\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-check_origin_enable",
+ "text" : "check_origin_enable",
+ "doc" : "If true, origin HTTP header will be\n validated against the list of allowed origins configured in check_origins\n parameter.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-allow_origin_absence",
+ "text" : "allow_origin_absence",
+ "doc" : "If false and check_origin_enable is\n true, the server will reject requests that don't have origin\n HTTP header.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-check_origins",
+ "text" : "check_origins",
+ "doc" : "List of allowed origins.
See check_origin_enable.",
+ "type" : "String",
+ "default" : "\"http://localhost:18083, http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-proxy_address_header",
+ "text" : "proxy_address_header",
+ "doc" : "HTTP header used to pass information about the client IP address.\nRelevant when the EMQX cluster is deployed behind a load-balancer.",
+ "type" : "String",
+ "default" : "\"x-forwarded-for\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-proxy_port_header",
+ "text" : "proxy_port_header",
+ "doc" : "HTTP header used to pass information about the client port. Relevant when the EMQX cluster is deployed behind a load-balancer.",
+ "type" : "String",
+ "default" : "\"x-forwarded-port\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-level",
+ "text" : "level",
+ "doc" : "Compression level.",
+ "type" : "Enum(none,default,best_compression,best_speed)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-mem_level",
+ "text" : "mem_level",
+ "doc" : "Specifies the size of the compression state.
\nLower values decrease memory usage per connection.",
+ "type" : "Integer(1..9)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-strategy",
+ "text" : "strategy",
+ "doc" : "Specifies the compression strategy.",
+ "type" : "Enum(default,filtered,huffman_only,rle)",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_context_takeover",
+ "text" : "server_context_takeover",
+ "doc" : "Takeover means the compression state is retained between server messages.",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_context_takeover",
+ "text" : "client_context_takeover",
+ "doc" : "Takeover means the compression state is retained between client messages.",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_max_window_bits",
+ "text" : "server_max_window_bits",
+ "doc" : "Specifies the size of the compression context for the server.",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_max_window_bits",
+ "text" : "client_max_window_bits",
+ "doc" : "Specifies the size of the compression context for the client.",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ }
+ ],
+ "text" : "deflate_opts",
+ "doc" : "Compression options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts",
+ "text" : "deflate_opts",
+ "type" : "Struct(deflate_opts)"
+ }
+ ],
+ "text" : "websocket",
+ "doc" : "Websocket Options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket",
+ "text" : "websocket",
+ "type" : "Struct(websocket)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "ws_listener",
+ "doc" : "Websocket Listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws",
+ "text" : "ws",
+ "doc" : "Websocket Listener.",
+ "type" : "Map($name->Struct(ws_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-path",
+ "text" : "path",
+ "doc" : "WebSocket's MQTT protocol path. So the address of EMQX Broker's WebSocket is:\nws://{ip}:{port}/mqtt",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-piggyback",
+ "text" : "piggyback",
+ "doc" : "Whether a WebSocket message is allowed to contain multiple MQTT packets.",
+ "type" : "Enum(single,multiple)",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-compress",
+ "text" : "compress",
+ "doc" : "If true, compress WebSocket messages using zlib.
\nThe configuration items under deflate_opts belong to the compression-related parameter configuration.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The timeout for waiting for the WebSocket upgrade request. After the timeout, the connection will be closed.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"7200s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-max_frame_size",
+ "text" : "max_frame_size",
+ "doc" : "The maximum length of a single MQTT packet.",
+ "type" : "OneOf(String(\"infinity\"),Integer)",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-fail_if_no_subprotocol",
+ "text" : "fail_if_no_subprotocol",
+ "doc" : "If true, the server will return an error when\n the client does not carry the Sec-WebSocket-Protocol field.\n
Note: WeChat applet needs to disable this verification.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-supported_subprotocols",
+ "text" : "supported_subprotocols",
+ "doc" : "Comma-separated list of supported subprotocols.",
+ "type" : "String",
+ "default" : "\"NATS/1.0, NATS\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-check_origin_enable",
+ "text" : "check_origin_enable",
+ "doc" : "If true, origin HTTP header will be\n validated against the list of allowed origins configured in check_origins\n parameter.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-allow_origin_absence",
+ "text" : "allow_origin_absence",
+ "doc" : "If false and check_origin_enable is\n true, the server will reject requests that don't have origin\n HTTP header.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-check_origins",
+ "text" : "check_origins",
+ "doc" : "List of allowed origins.
See check_origin_enable.",
+ "type" : "String",
+ "default" : "\"http://localhost:18083, http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-proxy_address_header",
+ "text" : "proxy_address_header",
+ "doc" : "HTTP header used to pass information about the client IP address.\nRelevant when the EMQX cluster is deployed behind a load-balancer.",
+ "type" : "String",
+ "default" : "\"x-forwarded-for\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-proxy_port_header",
+ "text" : "proxy_port_header",
+ "doc" : "HTTP header used to pass information about the client port. Relevant when the EMQX cluster is deployed behind a load-balancer.",
+ "type" : "String",
+ "default" : "\"x-forwarded-port\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-level",
+ "text" : "level",
+ "doc" : "Compression level.",
+ "type" : "Enum(none,default,best_compression,best_speed)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-mem_level",
+ "text" : "mem_level",
+ "doc" : "Specifies the size of the compression state.
\nLower values decrease memory usage per connection.",
+ "type" : "Integer(1..9)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-strategy",
+ "text" : "strategy",
+ "doc" : "Specifies the compression strategy.",
+ "type" : "Enum(default,filtered,huffman_only,rle)",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_context_takeover",
+ "text" : "server_context_takeover",
+ "doc" : "Takeover means the compression state is retained between server messages.",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_context_takeover",
+ "text" : "client_context_takeover",
+ "doc" : "Takeover means the compression state is retained between client messages.",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_max_window_bits",
+ "text" : "server_max_window_bits",
+ "doc" : "Specifies the size of the compression context for the server.",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_max_window_bits",
+ "text" : "client_max_window_bits",
+ "doc" : "Specifies the size of the compression context for the client.",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ }
+ ],
+ "text" : "deflate_opts",
+ "doc" : "Compression options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts",
+ "text" : "deflate_opts",
+ "type" : "Struct(deflate_opts)"
+ }
+ ],
+ "text" : "websocket",
+ "doc" : "Websocket Options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket",
+ "text" : "websocket",
+ "type" : "Struct(websocket)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "listener_wss_opts",
+ "doc" : "Socket options for WebSocket/SSL connections."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL Socket options.",
+ "type" : "Struct(listener_wss_opts)"
+ }
+ ],
+ "text" : "wss_listener",
+ "doc" : "Websocket over TLS Listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss",
+ "text" : "wss",
+ "doc" : "Websocket over TLS Listener.",
+ "type" : "Map($name->Struct(wss_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "tcp_listener",
+ "doc" : "Settings for TCP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp",
+ "text" : "tcp",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(tcp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Size of the acceptor pool.",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "Specify the {active, N} option for this Socket.
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog defines the maximum length that the queue of\npending connections can grow to.",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "The maximum time a process is suspended for sending data to a busy socket. After the timeout, the TCP connection and the process will be closed.\n\nThe process is unsuspended only when the socket is unbusy, that is, the data accumulated in the Erlang internal buffer drops from the high watermark (specified by `high_watermark`) to the low watermark (default 4 KB).\n\nTherefore, `(high_watermark - 4 KB) / send_timeout` must be a suitable message outflow speed, otherwise the suspended process will never be able to recover before the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "Close the connection if send timeout.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "The TCP receive buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The TCP send buffer (OS kernel) for the connections.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "The size of the user-space buffer used by the driver.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "When EMQX tries to send more data than the OS has allocated for the socket's send buffer, the remaining data will be temporarily stored in Erlang's internal buffer and then sent in the background.\n\nIf the amount of data queued in the internal buffer exceeds `high_watermark`, the corresponding socket will be marked as busy.\n\nThe process sending data to this busy socket will be suspended until the socket is no longer busy, or the suspension time exceeds `send_timeout`.\n\nThe socket will only be unbusy when the data in the internal buffer is below the low watermark.\n\nWhile the process is suspended, the message queue of the process may accumulate, see `max_mailbox_len` for details.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "The `TCP_NODELAY` flag for the connections.\nWhen set to `true`, data is sent immediately, regardless of size.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "When enabled, `SO_LINGER` flag is set as `(onoff=1, linger=0)`, which means the TCP socket is to be closed immediately by sending a TCP-RST packet,\ndiscarding any unsent data and skipping the graceful close steps, including CLOSE_WAIT, FIN_WAIT, and TIME_WAIT.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "The SO_REUSEADDR flag for the connections.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enable TCP keepalive for MQTT connections over TCP or SSL.\nUse three comma-separated numbers to configure (in seconds): 'Idle,Interval,Probes'\n - Idle: The number of seconds a connection needs to be idle before the server begins to send out keep-alive probes (Linux default 7200).\n - Interval: The number of seconds between TCP keep-alive probes (Linux default 75).\n - Probes: The maximum number of TCP keep-alive probes to send before giving up and killing the connection if no response is obtained from the other end (Linux default 9).\nFor example \"240,30,5\" means: EMQX should start sending TCP keepalive probes after the connection is in idle for 240 seconds, and the probes are sent every 30 seconds until a response is received from the MQTT client, if it misses 5 consecutive responses, EMQX should close the connection.\nDefault: 'none', Set to 'none' to use OS default keepalive settings (still active, not disabled).",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "Setting the TCP socket options.",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "If a reverse proxy is deployed for EMQX, and the PROXY protocol is enabled at the proxy to pass the client's real IP,\nthis option needs to be turned on so that EMQX can extract the client's real IP from the PROXY protocol header.\nEMQX will automatically detect the version of the PROXY protocol and support V1 and V2.\n\nFor a detailed description of the PROXY protocol, please refer to: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "Timeout for proxy protocol.\nEMQX will close the TCP connection if proxy protocol packet is not received within the timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-bind",
+ "text" : "bind",
+ "doc" : "The IP address and port that the listener will bind.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "The maximum number of concurrent connections allowed by the listener.",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "Maximum connections per second.",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "Set true (default) to enable client authentication on this listener.\nWhen set to false clients will be allowed to connect without authentication.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "When publishing or subscribing, prefix all topics with a mountpoint string.\nThe prefixed string will be removed from the topic name when the message is delivered to the subscriber.\nThe mountpoint is a way that users can use to implement isolation of message routing between different listeners.\nFor example if a client A subscribes to `t` with `listeners.tcp.\\.mountpoint` set to `some_tenant`,\nthen the client actually subscribes to the topic `some_tenant/t`.\nSimilarly, if another client B (connected to the same listener as the client A) sends a message to topic `t`,\nthe message is routed to all the clients subscribed `some_tenant/t`,\nso client A will receive the message, with topic name `t`. Set to `\"\"` to disable the feature.\nSupported placeholders in mountpoint string:
\n - ${clientid}: clientid
\n - ${username}: username
\n - ${endpoint_name}: endpoint name",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "An access rule list consisting of string rules to restrict or allow access from some addresses.\nThe rules that appear earlier in the list are matched first.\nThe format is `allow | deny | | all`.\n\nFor example:\n\n`[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]`",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "Path to a file containing PEM-encoded Diffie-Hellman parameters\nto be used by the server if a cipher suite using Diffie-Hellman\nkey exchange is negotiated. If not specified, default parameters\nare used.
\nNOTE: The dhfile option is not supported by TLS 1.3.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "This option is only effective if `verify` is set to `verify_peer`.\n\nIf set to `true`, EMQX will reject the connection if the client fails to provide a certificate.\n\nIf set to `false`, EMQX will accept clients which don't present a certificate.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "An important security setting. If this setting is enabled, the server will prioritize the cipher suites it prefers most from the list of cipher suites supported by the client, thus ignoring the client's preferences.\n\nThe server's cipher suites are specified by `ciphers`, with preference decreasing from left to right.\n\nIt is often better to use the server's preferences, as it is more likely that the server will be configured correctly.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "In protocols that support client-initiated renegotiation,\nthe cost of resources of such an operation is higher for the server than the client.\nThis can act as a vector for denial of service attacks.\nThe SSL application already takes measures to counter-act such attempts,\nbut client-initiated renegotiation can be strictly disabled by setting this option to false.\nThe default value is true. Note that disabling renegotiation can result in\nlong-lived connections becoming unusable due to limits on\nthe number of messages the underlying cipher suite can encipher.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "Maximum time duration allowed for the handshake to complete
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "Memory usage tuning. If enabled, will immediately perform a garbage collection after the TLS/SSL handshake.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "Whether to enable Online Certificate Status Protocol (OCSP) stapling for the listener. If set to true, requires defining the OCSP responder URL and issuer PEM path.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "URL for the OCSP responder to check the server certificate against.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "PEM-encoded certificate of the OCSP issuer for the server certificate.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "The period to refresh the OCSP response for the server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "The timeout for the HTTP request when checking OCSP responses.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "Whether to enable CRL verification for this listener.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "listener_ssl_opts",
+ "doc" : "Socket options for SSL connections."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL Socket options.",
+ "type" : "Struct(listener_ssl_opts)"
+ }
+ ],
+ "text" : "ssl_listener",
+ "doc" : "Settings for SSL listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl",
+ "text" : "ssl",
+ "doc" : "A map from listener names to listener settings.",
+ "type" : "Map($name->Struct(ssl_listener))"
+ }
+ ],
+ "text" : "tcp_ws_listeners",
+ "doc" : "The gateway's Websocket listener adopts the same structure as the MQTT Websocket listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners",
+ "text" : "listeners",
+ "type" : "Struct(tcp_ws_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "Whether to enable client process statistic",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "The idle time of the client connection process. It has two purposes:\n 1. A newly created client process that does not receive any client requests after that time will be closed directly.\n 2. A running client process that does not receive any client requests after this time will go into hibernation to save resources.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "Template for overriding username.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "Template for overriding password.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "Template for overriding clientid.",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override.",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "nats",
+ "doc" : "The NATS gateway provides EMQX with the ability to accept connections from NATS clients."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats",
+ "text" : "nats",
+ "type" : "Struct(nats)"
+ }
+ ],
+ "text" : "gateway",
+ "doc" : "EMQX Gateway configuration root."
+ }
+ ],
+ "hash" : "V-gateway",
+ "text" : "gateway",
+ "type" : "Struct(gateway)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-prometheus-S-recommend_setting",
+ "fields" : [
+ {
+ "hash" : "V-prometheus-S-recommend_setting-enable_basic_auth",
+ "text" : "enable_basic_auth",
+ "doc" : "Enable or disable basic authentication for prometheus scrape api, not for Push Gateway",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-prometheus-S-recommend_setting-push_gateway-S-push_gateway",
+ "fields" : [
+ {
+ "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-enable",
+ "text" : "enable",
+ "doc" : "Enable or disable Pushgateway",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-method",
+ "text" : "method",
+ "doc" : "The HTTP Method of pushing metrics to Pushgateway. Available options:
\n - put: All metrics with the grouping key specified in the URL are replaced by the metrics pushed with PUT.
\n - post: POST works exactly like the PUT method but only metrics with the same name as the newly pushed metrics are replaced.
\nThe default value is put.",
+ "type" : "Enum(put,post)",
+ "default" : "put"
+ },
+ {
+ "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-url",
+ "text" : "url",
+ "doc" : "URL of Pushgateway server. Pushgateway is optional, should not be configured if prometheus is to scrape EMQX.",
+ "type" : "String",
+ "default" : "\"http://127.0.0.1:9091\""
+ },
+ {
+ "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-interval",
+ "text" : "interval",
+ "doc" : "Data reporting interval
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-headers",
+ "text" : "headers",
+ "doc" : "An HTTP Headers when pushing to Push Gateway.
\nFor example, { Authorization = \"some-authz-tokens\"}",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-prometheus-S-recommend_setting-push_gateway-S-push_gateway-job_name",
+ "text" : "job_name",
+ "doc" : "Job Name that is pushed to the Push Gateway. Available variables:
\n- ${cluster_name}: Name of EMQX cluster.
\n- ${name}: Name of EMQX node.
\n- ${host}: Host name of EMQX node.
\nFor example, when the EMQX node name is emqx@127.0.0.1 then the name\nvariable takes value emqx and the host variable takes value 127.0.0.1.\nDefault value is: ${name}/instance/${name}~${host}",
+ "type" : "String",
+ "default" : "\"${name}/instance/${name}~${host}\""
+ }
+ ],
+ "text" : "push_gateway",
+ "doc" : "Push Gateway is optional, should not be configured if prometheus is to scrape EMQX."
+ }
+ ],
+ "hash" : "V-prometheus-S-recommend_setting-push_gateway",
+ "text" : "push_gateway",
+ "doc" : "Push Gateway is optional, should not be configured if prometheus is to scrape EMQX.",
+ "type" : "Struct(push_gateway)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-prometheus-S-recommend_setting-collectors-S-collectors",
+ "fields" : [
+ {
+ "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_dist",
+ "text" : "vm_dist",
+ "doc" : "Enable or disable VM distribution collector,\ncollects information about the sockets and processes involved in the Erlang distribution mechanism.",
+ "type" : "Enum(disabled,enabled)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-mnesia",
+ "text" : "mnesia",
+ "doc" : "Collects Mnesia metrics mainly using mnesia:system_info/1 ",
+ "type" : "Enum(enabled,disabled)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_statistics",
+ "text" : "vm_statistics",
+ "doc" : "Enable or disable VM statistics collector.",
+ "type" : "Enum(enabled,disabled)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_system_info",
+ "text" : "vm_system_info",
+ "doc" : "Enable or disable VM system info collector.",
+ "type" : "Enum(enabled,disabled)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_memory",
+ "text" : "vm_memory",
+ "doc" : "Collects information about memory dynamically allocated by the Erlang emulator using\n erlang:memory/0 .",
+ "type" : "Enum(enabled,disabled)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-prometheus-S-recommend_setting-collectors-S-collectors-vm_msacc",
+ "text" : "vm_msacc",
+ "doc" : "Enable or disable VM microstate accounting metrics collector.",
+ "type" : "Enum(enabled,disabled)",
+ "default" : "disabled"
+ }
+ ],
+ "text" : "collectors",
+ "doc" : "The internal advanced metrics of the virtual machine are initially disabled\nand are usually only enabled during performance testing.\nEnabling them will increase the CPU load."
+ }
+ ],
+ "hash" : "V-prometheus-S-recommend_setting-collectors",
+ "text" : "collectors",
+ "doc" : "The internal advanced metrics of the virtual machine are initially disabled\nand are usually only enabled during performance testing.\nEnabling them will increase the CPU load.",
+ "type" : "Struct(collectors)"
+ },
+ {
+ "hash" : "V-prometheus-S-recommend_setting-latency_buckets",
+ "text" : "latency_buckets",
+ "doc" : "Comma separated duration values for latency histogram buckets.",
+ "type" : "String",
+ "default" : "\"10ms, 100ms, 1s, 5s, 30s\""
+ }
+ ],
+ "text" : "recommend_setting",
+ "doc" : "Recommended setting"
+ },
+ {
+ "hash" : "T-prometheus-S-legacy_deprecated_setting",
+ "fields" : [
+ {
+ "hash" : "V-prometheus-S-legacy_deprecated_setting-push_gateway_server",
+ "text" : "push_gateway_server",
+ "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.url` instead",
+ "type" : "String",
+ "default" : "\"http://127.0.0.1:9091\""
+ },
+ {
+ "hash" : "V-prometheus-S-legacy_deprecated_setting-interval",
+ "text" : "interval",
+ "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.interval` instead
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-prometheus-S-legacy_deprecated_setting-headers",
+ "text" : "headers",
+ "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.headers` instead",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-prometheus-S-legacy_deprecated_setting-job_name",
+ "text" : "job_name",
+ "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.job_name` instead",
+ "type" : "String",
+ "default" : "\"${name}/instance/${name}~${host}\""
+ },
+ {
+ "hash" : "V-prometheus-S-legacy_deprecated_setting-enable",
+ "text" : "enable",
+ "doc" : "Deprecated since 5.4.0, use `prometheus.push_gateway.url` instead",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_dist_collector",
+ "text" : "vm_dist_collector",
+ "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.vm_dist` instead",
+ "type" : "Enum(disabled,enabled)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-prometheus-S-legacy_deprecated_setting-mnesia_collector",
+ "text" : "mnesia_collector",
+ "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.mnesia` instead",
+ "type" : "Enum(enabled,disabled)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_statistics_collector",
+ "text" : "vm_statistics_collector",
+ "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.vm_statistics` instead",
+ "type" : "Enum(enabled,disabled)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_system_info_collector",
+ "text" : "vm_system_info_collector",
+ "doc" : "Deprecated, use `prometheus.collectors.vm_system_info` instead",
+ "type" : "Enum(enabled,disabled)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_memory_collector",
+ "text" : "vm_memory_collector",
+ "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.vm_memory` instead",
+ "type" : "Enum(enabled,disabled)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-prometheus-S-legacy_deprecated_setting-vm_msacc_collector",
+ "text" : "vm_msacc_collector",
+ "doc" : "Deprecated since 5.4.0, use `prometheus.collectors.vm_msacc` instead",
+ "type" : "Enum(enabled,disabled)",
+ "default" : "disabled"
+ }
+ ],
+ "text" : "legacy_deprecated_setting",
+ "doc" : "Deprecated since 5.4.0"
+ }
+ ],
+ "hash" : "V-prometheus",
+ "text" : "prometheus",
+ "type" : "OneOf(Struct(recommend_setting),Struct(legacy_deprecated_setting))",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-exhook-S-exhook",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-exhook-S-exhook-servers-S-server",
+ "fields" : [
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-name",
+ "text" : "name",
+ "doc" : "Name of the exhook server",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-url",
+ "text" : "url",
+ "doc" : "URL of the gRPC server",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "The timeout of request gRPC server
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-failed_action",
+ "text" : "failed_action",
+ "doc" : "The value that is returned when the request to the gRPC server fails for any reason",
+ "type" : "Enum(deny,ignore)",
+ "default" : "deny"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf",
+ "fields" : [
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl-S-ssl_conf-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_conf",
+ "doc" : "SSL client configuration."
+ }
+ ],
+ "hash" : "V-exhook-S-exhook-servers-S-server-ssl",
+ "text" : "ssl",
+ "type" : "Struct(ssl_conf)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-exhook-S-exhook-servers-S-server-socket_options-S-socket_options",
+ "fields" : [
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-keepalive",
+ "text" : "keepalive",
+ "doc" : "Enables/disables periodic transmission on a connected socket when no other data is exchanged.\nIf the other end does not respond, the connection is considered broken and an error message is sent to the controlling process.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-nodelay",
+ "text" : "nodelay",
+ "doc" : "If true, option TCP_NODELAY is turned on for the socket,\nwhich means that also small amounts of data are sent immediately",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-recbuf",
+ "text" : "recbuf",
+ "doc" : "The minimum size of receive buffer to use for the socket
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-socket_options-S-socket_options-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "The minimum size of send buffer to use for the socket
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize"
+ }
+ ],
+ "text" : "socket_options",
+ "doc" : "Connection socket options"
+ }
+ ],
+ "hash" : "V-exhook-S-exhook-servers-S-server-socket_options",
+ "text" : "socket_options",
+ "type" : "Struct(socket_options)",
+ "default" : "{keepalive = true, nodelay = true}"
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Whether to automatically reconnect (initialize) the gRPC server.\nWhen gRPC is not available, Exhook tries to request the gRPC service at that interval and reinitialize the list of mounted hooks.",
+ "type" : "OneOf(String(\"false\"),Duration)",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-exhook-S-exhook-servers-S-server-pool_size",
+ "text" : "pool_size",
+ "doc" : "The process pool size for gRPC client",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ }
+ ],
+ "text" : "server",
+ "doc" : "gRPC server configuration."
+ }
+ ],
+ "hash" : "V-exhook-S-exhook-servers",
+ "text" : "servers",
+ "doc" : "List of exhook servers",
+ "type" : "Array(Struct(server))",
+ "default" : "[]"
+ }
+ ],
+ "text" : "exhook",
+ "doc" : "External hook (exhook) configuration."
+ }
+ ],
+ "hash" : "V-exhook",
+ "text" : "exhook",
+ "type" : "Struct(exhook)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-psk_authentication-S-psk_authentication",
+ "fields" : [
+ {
+ "hash" : "V-psk_authentication-S-psk_authentication-enable",
+ "text" : "enable",
+ "doc" : "Whether to enable TLS PSK support",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-psk_authentication-S-psk_authentication-init_file",
+ "text" : "init_file",
+ "doc" : "If init_file is specified, EMQX will import PSKs from the file into the built-in database at startup for use by the runtime.\nThe file has to be structured line-by-line, each line must be in the format of PSKIdentity:SharedSecret.\nFor example: mydevice1:c2VjcmV0",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-psk_authentication-S-psk_authentication-separator",
+ "text" : "separator",
+ "doc" : "The separator between PSKIdentity and SharedSecret in the PSK file",
+ "type" : "String",
+ "default" : "\":\""
+ },
+ {
+ "hash" : "V-psk_authentication-S-psk_authentication-chunk_size",
+ "text" : "chunk_size",
+ "doc" : "The size of each chunk used to import to the built-in database from PSK file",
+ "type" : "Integer",
+ "default" : "50"
+ }
+ ],
+ "text" : "psk_authentication",
+ "doc" : "PSK stands for 'Pre-Shared Keys'.\nThis config to enable TLS-PSK authentication.\n\nImportant! Make sure the SSL listener with only tlsv1.2 enabled, and also PSK cipher suites\nconfigured, such as RSA-PSK-AES256-GCM-SHA384.\n\nSee listener SSL options config for more details.\n\nThe IDs and secrets can be provided from a file which is configurable by the init_file field."
+ }
+ ],
+ "hash" : "V-psk_authentication",
+ "text" : "psk_authentication",
+ "type" : "Struct(psk_authentication)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-slow_subs-S-slow_subs",
+ "fields" : [
+ {
+ "hash" : "V-slow_subs-S-slow_subs-enable",
+ "text" : "enable",
+ "doc" : "Enable Slow Subscriptions",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-slow_subs-S-slow_subs-threshold",
+ "text" : "threshold",
+ "doc" : "The Client ID and topic of the consumer whose message latency is greater than this threshold will be recorded in the slow subscription list.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"500ms\""
+ },
+ {
+ "hash" : "V-slow_subs-S-slow_subs-expire_interval",
+ "text" : "expire_interval",
+ "doc" : "The expiration time of the slow subscription record, if the record is not updated within the expiration time, then the record will be deleted.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"300s\""
+ },
+ {
+ "hash" : "V-slow_subs-S-slow_subs-top_k_num",
+ "text" : "top_k_num",
+ "doc" : "The maximum number of slow-subscription records, up to a maximum of 1000.",
+ "type" : "Integer(1..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-slow_subs-S-slow_subs-stats_type",
+ "text" : "stats_type",
+ "doc" : "Message latency calculation method:\n\n- `whole`: The time from when the message arrives at the EMQX (the EMQX gets the message from the receive-buffer) until the message completes delivery.\n- `internal`: The time from when the message arrives at the EMQX (the EMQX gets the message from the receive-buffer) to when the message begins to be delivered (the EMQX attempts to write the message to the send-buffer).\n- `response`: The time from the start of message delivery to the completion.\n\nNote: The completion delivery time refers to the time when QoS 1 and 2 messages complete the MQTT message response process, i.e., the time when QoS 1 message receives the PUBACK packet and QoS 2 message receives the PUBCOMP packet.\nSince there is no response packet for QoS 0 message, the completion delivery time of the QoS 0 message will be replaced by the time when the message starts to be delivered. Therefore, when using the `response` method to calculate the latency, the latency of a QoS 0 message will always be equal to 0.",
+ "type" : "Enum(whole,internal,response)",
+ "default" : "whole"
+ }
+ ],
+ "text" : "slow_subs",
+ "doc" : "Configuration for `slow_subs` feature."
+ }
+ ],
+ "hash" : "V-slow_subs",
+ "text" : "slow_subs",
+ "type" : "Struct(slow_subs)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-opentelemetry-S-opentelemetry",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-opentelemetry-S-opentelemetry-metrics-S-otel_metrics",
+ "fields" : [
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-metrics-S-otel_metrics-enable",
+ "text" : "enable",
+ "doc" : "Enable or disable Open Telemetry signal.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-metrics-S-otel_metrics-interval",
+ "aliases" : [
+ "scheduled_delay"
+ ],
+ "text" : "interval",
+ "doc" : "The delay interval between two consecutive exports of Open Telemetry signals.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ }
+ ],
+ "text" : "otel_metrics",
+ "doc" : "Open Telemetry Metrics configuration."
+ }
+ ],
+ "hash" : "V-opentelemetry-S-opentelemetry-metrics",
+ "text" : "metrics",
+ "doc" : "Open Telemetry Metrics configuration.",
+ "type" : "Struct(otel_metrics)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-opentelemetry-S-opentelemetry-logs-S-otel_logs",
+ "fields" : [
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-level",
+ "text" : "level",
+ "doc" : "The log level of the Open Telemetry log handler.",
+ "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)",
+ "default" : "warning"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-enable",
+ "text" : "enable",
+ "doc" : "Enable or disable Open Telemetry signal.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-logs-S-otel_logs-scheduled_delay",
+ "text" : "scheduled_delay",
+ "doc" : "The delay interval between two consecutive exports of Open Telemetry signals.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"1s\""
+ }
+ ],
+ "text" : "otel_logs",
+ "doc" : "Open Telemetry Logs configuration. If enabled, EMQX installs a log handler that formats events according to Open Telemetry log data model and\nexports them to the configured Open Telemetry collector or backend."
+ }
+ ],
+ "hash" : "V-opentelemetry-S-opentelemetry-logs",
+ "text" : "logs",
+ "doc" : "Open Telemetry Logs configuration. If enabled, EMQX installs a log handler that formats events according to Open Telemetry log data model and\nexports them to the configured Open Telemetry collector or backend.",
+ "type" : "Struct(otel_logs)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-opentelemetry-S-opentelemetry-traces-S-otel_traces",
+ "fields" : [
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-enable",
+ "text" : "enable",
+ "doc" : "Enable or disable Open Telemetry signal.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-max_queue_size",
+ "text" : "max_queue_size",
+ "doc" : "The maximum queue size. After the size is reached Open Telemetry signals are dropped.",
+ "type" : "Integer(1..+inf)",
+ "default" : "2048"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-scheduled_delay",
+ "text" : "scheduled_delay",
+ "doc" : "The delay interval between two consecutive exports of Open Telemetry signals.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter",
+ "fields" : [
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-trace_mode",
+ "text" : "trace_mode",
+ "doc" : "OpenTelemetry tracing mode.\n- `legacy`: follow the old tracing method, only trace message publishing and delivery.\n Span names will be compatible to versions before 5.9.\n- `e2e`: end-to-end tracing mode. All client behaviors will be traced:\n - connect and disconnect\n - subscribe and unsubscribe\n - messaging events such as `PUBLISH`, `PUBACK`, `PUBREL` etc.\n When enabled (for each type of events), there will be a background tracing for all clients at the configured sample ratio.\n From the dashboard, one can also add additional trace whitelist on top of the background tracing at full volume for a list of clients or topics.\n See dashboard or API documents for more details.\n More control and sampling options can be provided in `e2e_tracing_options`",
+ "type" : "Enum(legacy,e2e)",
+ "default" : "legacy"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-trace_all",
+ "text" : "trace_all",
+ "doc" : "If enabled, all published messages are traced, a new trace ID is generated if it can't be extracted from the message.\nOtherwise, only messages published with trace context are traced.\nDisabled by default.\nNote: this config only takes effect when `trace_mode` is set to `legacy`.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-e2e_tracing_options-S-e2e_tracing_options",
+ "fields" : [
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-e2e_tracing_options-S-e2e_tracing_options-cluster_identifier",
+ "text" : "cluster_identifier",
+ "doc" : "An attribute value added into Span's Attributes. The attribute key will be `cluster.id`\nTypically, set a simple and easily recognizable name or use the cluster name to identify different EMQX clusters.",
+ "type" : "String",
+ "default" : "emqxcl"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-e2e_tracing_options-S-e2e_tracing_options-msg_trace_level",
+ "text" : "msg_trace_level",
+ "doc" : "Trace level for all message exchanges during the message publishing process.\n- `0`: Basic events during message publish will be recorded as Spans.\n Including 'client.publish', 'client.authz', 'message.route', 'message.forward', 'message.handle_forward', 'broker.publish'.\n- `1`: In addition to basic events.\n The events 'broker.puback', 'client.puback', 'broker.pubrec', 'client.pubrec' will be recorded as Spans.\n That is, the first response packet in the QoS1 or QoS2 message interaction.\n- `2`: In addition to level 1.\n The events 'broker.pubrel', 'client.pubrel', 'broker.pubcomp', 'client.pubcomp' will be recorded as Spans.",
+ "type" : "Integer(0..2)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-e2e_tracing_options-S-e2e_tracing_options-clientid_match_rules_max",
+ "text" : "clientid_match_rules_max",
+ "doc" : "Maximum length of the whitelist for clientid matching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "30"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-e2e_tracing_options-S-e2e_tracing_options-topic_match_rules_max",
+ "text" : "topic_match_rules_max",
+ "doc" : "Maximum length of the whitelist based for topic matching.",
+ "type" : "Integer(1..+inf)",
+ "default" : "30"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-e2e_tracing_options-S-e2e_tracing_options-sample_ratio",
+ "text" : "sample_ratio",
+ "doc" : "Background tracing sample ratio for the listed event types.",
+ "type" : "String",
+ "default" : "\"10%\""
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-e2e_tracing_options-S-e2e_tracing_options-client_connect_disconnect",
+ "text" : "client_connect_disconnect",
+ "doc" : "Enable/Disable background tracing for all clients' connect/disconnect events at the configured sample ratio.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-e2e_tracing_options-S-e2e_tracing_options-client_subscribe_unsubscribe",
+ "text" : "client_subscribe_unsubscribe",
+ "doc" : "Enable/Disable background tracing for all clients' subscribe/unsubscribe at the configured sample ratio.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-e2e_tracing_options-S-e2e_tracing_options-client_messaging",
+ "text" : "client_messaging",
+ "doc" : "Enable/Disable background messaging events for all clients at the configured sample ratio and trace-level.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-e2e_tracing_options-S-e2e_tracing_options-trace_rule_engine",
+ "text" : "trace_rule_engine",
+ "doc" : "Enable/Disable background tracing of rule engine execution for all clients at the configured sample ratio.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-e2e_tracing_options-S-e2e_tracing_options-follow_traceparent",
+ "text" : "follow_traceparent",
+ "doc" : "Enable/Disable, Whether to follow the traceparent passed in by the client through User-Property.",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "e2e_tracing_options",
+ "doc" : "End-to-end tracing options"
+ }
+ ],
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter-S-trace_filter-e2e_tracing_options",
+ "text" : "e2e_tracing_options",
+ "doc" : "End-to-end tracing options",
+ "type" : "Struct(e2e_tracing_options)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "trace_filter",
+ "doc" : "Open Telemetry Trace Filter configuration"
+ }
+ ],
+ "hash" : "V-opentelemetry-S-opentelemetry-traces-S-otel_traces-filter",
+ "text" : "filter",
+ "doc" : "Open Telemetry Trace Filter configuration",
+ "type" : "Struct(trace_filter)"
+ }
+ ],
+ "text" : "otel_traces",
+ "doc" : "Open Telemetry Traces configuration."
+ }
+ ],
+ "hash" : "V-opentelemetry-S-opentelemetry-traces",
+ "text" : "traces",
+ "doc" : "Open Telemetry Traces configuration.",
+ "type" : "Struct(otel_traces)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-opentelemetry-S-opentelemetry-exporter-S-otel_exporter",
+ "fields" : [
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-endpoint",
+ "text" : "endpoint",
+ "doc" : "The target URL to which the exporter is going to send Open Telemetry signal data.",
+ "type" : "String",
+ "default" : "\"http://localhost:4317\""
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-headers",
+ "text" : "headers",
+ "doc" : "HTTP headers to be sent with the OpenTelemetry signal data.\nThe headers are a map with header names as keys.",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter-S-otel_exporter-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL configuration for the Open Telemetry exporter",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "otel_exporter",
+ "doc" : "Open Telemetry Exporter"
+ }
+ ],
+ "hash" : "V-opentelemetry-S-opentelemetry-exporter",
+ "text" : "exporter",
+ "doc" : "Open Telemetry Exporter",
+ "type" : "Struct(otel_exporter)"
+ }
+ ],
+ "text" : "opentelemetry",
+ "doc" : "Open Telemetry Toolkit configuration"
+ }
+ ],
+ "hash" : "V-opentelemetry",
+ "text" : "opentelemetry",
+ "type" : "Struct(opentelemetry)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-api_key-S-api_key",
+ "fields" : [
+ {
+ "hash" : "V-api_key-S-api_key-bootstrap_file",
+ "text" : "bootstrap_file",
+ "doc" : "The bootstrap file provides API keys for EMQX.\nEMQX will load these keys on startup to authorize API requests.\nIt contains colon-separated values in the format: `api_key:api_secret:role`.\nEach line specifies an API key and its associated secret, and the role of this key.\nThe 'role' part should be the pre-defined access scope group name,\nfor example, `administrator` or `viewer`.\nThe 'role' is introduced in 5.4, to be backward compatible, if it is missing, the key is implicitly granted `administrator` role.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "api_key",
+ "doc" : "API Key, can be used to request API other than the management API key and the Dashboard user management API"
+ }
+ ],
+ "hash" : "V-api_key",
+ "text" : "api_key",
+ "type" : "Struct(api_key)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-license-S-key_license",
+ "fields" : [
+ {
+ "hash" : "V-license-S-key_license-key",
+ "text" : "key",
+ "doc" : "This configuration parameter is designated for the license key and supports below input formats:\n\n- Direct Key: Enter the secret key directly as a string value.\n- File Path: Specify the path to a file that contains the secret key. Ensure the path starts with `file://`.\n- \"default\": Use string value `default` to apply the default single-node community license.\n- \"evaluation\": Use string value `evaluation` to apply the 25-connection limit evaluation license.\n\nNote: An invalid license key or an incorrect file path may prevent EMQX from starting successfully.\nIf a file path is used, EMQX attempts to reload the license key from the file every 2 minutes.\nAny failure in reloading the license file will be recorded as an error level log message,\nand EMQX continues to apply the license loaded previously.",
+ "type" : "OneOf(String(\"default\"),String(\"evaluation\"),String)",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-license-S-key_license-connection_low_watermark",
+ "text" : "connection_low_watermark",
+ "doc" : "Low watermark limit below which license connection quota usage alarms are deactivated",
+ "type" : "String",
+ "default" : "\"75%\""
+ },
+ {
+ "hash" : "V-license-S-key_license-connection_high_watermark",
+ "text" : "connection_high_watermark",
+ "doc" : "High watermark limit above which license connection quota usage alarms are activated",
+ "type" : "String",
+ "default" : "\"80%\""
+ }
+ ],
+ "text" : "key_license",
+ "doc" : "License provisioned as a string."
+ }
+ ],
+ "hash" : "V-license",
+ "text" : "license",
+ "doc" : "Defines the EMQX Enterprise license.\n\nEMQX is initially provided with a default single-node community license.\nThe default license is not permitted for commercial use.\n\nApply for an official license here: https://www.emqx.com/apply-licenses/emqx?version=5",
+ "type" : "Struct(key_license)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-schema_registry-S-schema_registry",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-schema_registry-S-schema_registry-external-S-confluent_schema_registry",
+ "fields" : [
+ {
+ "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-type",
+ "text" : "type",
+ "doc" : "External Schema Registry Type",
+ "type" : "String(\"confluent\")",
+ "default" : "confluent"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-url",
+ "text" : "url",
+ "doc" : "URL endpoint for external registry.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-schema_registry-S-schema_registry-external-S-confluent_schema_registry-auth-S-confluent_schema_registry_auth_basic",
+ "fields" : [
+ {
+ "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-auth-S-confluent_schema_registry_auth_basic-username",
+ "text" : "username",
+ "doc" : "Username for basic authentication method.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-auth-S-confluent_schema_registry_auth_basic-password",
+ "text" : "password",
+ "doc" : "Password for basic authentication method.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "confluent_schema_registry_auth_basic",
+ "doc" : "Authentication options for accessing external registry."
+ }
+ ],
+ "hash" : "V-schema_registry-S-schema_registry-external-S-confluent_schema_registry-auth",
+ "text" : "auth",
+ "doc" : "Authentication options for accessing external registry.",
+ "type" : "OneOf(String(\"none\"),Struct(confluent_schema_registry_auth_basic))",
+ "default" : "none"
+ }
+ ],
+ "text" : "confluent_schema_registry",
+ "doc" : "Confluent External Schema Registry configuration."
+ }
+ ],
+ "hash" : "V-schema_registry-S-schema_registry-external",
+ "text" : "external",
+ "doc" : "Confluent External Schema Registry configuration.",
+ "type" : "Map($name->OneOf(Struct(confluent_schema_registry)))",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-schema_registry-S-schema_registry-schemas-S-avro",
+ "fields" : [
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-avro-type",
+ "text" : "type",
+ "doc" : "Must be `avro` for Avro schema.",
+ "type" : "String(\"avro\")"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-avro-source",
+ "text" : "source",
+ "doc" : "Source text for the schema.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-avro-description",
+ "text" : "description",
+ "doc" : "A description for this schema.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "avro",
+ "doc" : "[Apache Avro](https://avro.apache.org/) serialization format."
+ },
+ {
+ "hash" : "T-schema_registry-S-schema_registry-schemas-S-protobuf",
+ "fields" : [
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-protobuf-type",
+ "text" : "type",
+ "doc" : "Must be `protobuf` for protobuf schema.",
+ "type" : "String(\"protobuf\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-schema_registry-S-schema_registry-schemas-S-protobuf-source-S-protobuf_bundle_source",
+ "fields" : [
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-protobuf-source-S-protobuf_bundle_source-type",
+ "text" : "type",
+ "doc" : "Protobuf bundle file (`.tar.gz`) containing one or more Protobuf files.",
+ "type" : "String(\"bundle\")"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-protobuf-source-S-protobuf_bundle_source-root_proto_path",
+ "text" : "root_proto_path",
+ "doc" : "Name of the root Protobuf file for this schema. Must reside at the root of the bundle (i.e., not nested in any directory).",
+ "type" : "String"
+ }
+ ],
+ "text" : "protobuf_bundle_source",
+ "doc" : "Protobuf bundle file (`.tar.gz`) containing one or more Protobuf files."
+ }
+ ],
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-protobuf-source",
+ "text" : "source",
+ "doc" : "Source text for the schema.",
+ "type" : "OneOf(String,Struct(protobuf_bundle_source))"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-protobuf-description",
+ "text" : "description",
+ "doc" : "A description for this schema.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "protobuf",
+ "doc" : "[Protocol Buffers](https://protobuf.dev/) serialization format."
+ },
+ {
+ "hash" : "T-schema_registry-S-schema_registry-schemas-S-json",
+ "fields" : [
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-json-type",
+ "text" : "type",
+ "doc" : "Must be `json` for JSON schema.",
+ "type" : "String(\"json\")"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-json-source",
+ "text" : "source",
+ "doc" : "Source text for the schema.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-json-description",
+ "text" : "description",
+ "doc" : "A description for this schema.",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "json",
+ "doc" : "Supports JSON Schema\n[Draft 03](http://tools.ietf.org/html/draft-zyp-json-schema-03)\n[Draft 04](http://tools.ietf.org/html/draft-zyp-json-schema-04) and\n[Draft 06](https://datatracker.ietf.org/doc/html/draft-wright-json-schema-00)."
+ },
+ {
+ "hash" : "T-schema_registry-S-schema_registry-schemas-S-external_http",
+ "fields" : [
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-type",
+ "text" : "type",
+ "doc" : "Must be `external_http` for External HTTP.",
+ "type" : "String(\"external_http\")"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-description",
+ "text" : "description",
+ "doc" : "A description for this schema.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params",
+ "fields" : [
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-url",
+ "text" : "url",
+ "doc" : "External HTTP schema server URL.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-headers",
+ "text" : "headers",
+ "doc" : "Headers to be sent to external HTTP schema server.",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-max_retries",
+ "text" : "max_retries",
+ "doc" : "HTTP request max retry times if failed.",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-external_params",
+ "text" : "external_params",
+ "doc" : "A string that will be sent in every request body to external HTTP schema server.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-pool_type",
+ "text" : "pool_type",
+ "doc" : "The type of the pool. Can be one of `random`, `hash`.",
+ "type" : "Enum(random,hash)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "The maximum number of HTTP requests that can be sent before an HTTP response is received.\n\nSetting this to 1 is equivalent to turning off HTTP pipelining, and the EMQX must receive a response to the previous HTTP request before sending the next HTTP request.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "Maximum amount of time without any activity that the HTTP driver will wait before attempting to reconnect.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters-S-external_http_params-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "external_http_params",
+ "doc" : "Configure External HTTP schema server parameters."
+ }
+ ],
+ "hash" : "V-schema_registry-S-schema_registry-schemas-S-external_http-parameters",
+ "text" : "parameters",
+ "doc" : "Configure External HTTP schema server parameters.",
+ "type" : "Struct(external_http_params)"
+ }
+ ],
+ "text" : "external_http",
+ "doc" : "External HTTP server."
+ }
+ ],
+ "hash" : "V-schema_registry-S-schema_registry-schemas",
+ "text" : "schemas",
+ "doc" : "Registered schemas.",
+ "type" : "Map($name->OneOf(Struct(avro),Struct(protobuf),Struct(json),Struct(external_http)))",
+ "default" : "{}"
+ }
+ ],
+ "text" : "schema_registry",
+ "doc" : "Schema registry configurations."
+ }
+ ],
+ "hash" : "V-schema_registry",
+ "text" : "schema_registry",
+ "type" : "Struct(schema_registry)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-file_transfer-S-file_transfer",
+ "fields" : [
+ {
+ "hash" : "V-file_transfer-S-file_transfer-enable",
+ "text" : "enable",
+ "doc" : "Enable the File Transfer feature.
\nEnabling File Transfer implies reserving special MQTT topics in order to serve the protocol.
\nThis toggle also affects the availability of the File Transfer REST API and\nstorage-dependent background activities (e.g. garbage collection).",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-init_timeout",
+ "text" : "init_timeout",
+ "doc" : "Timeout for EMQX to initialize the file transfer.
\nAfter reaching the timeout (e.g. due to system is overloaded), the PUBACK message for `init` will contain error code (0x80).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-store_segment_timeout",
+ "text" : "store_segment_timeout",
+ "doc" : "Timeout for storing a file segment.
\nAfter reaching the timeout (e.g. due to system overloaded), the PUBACK message will contain error code (0x80).
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-assemble_timeout",
+ "text" : "assemble_timeout",
+ "doc" : "Timeout for assembling and exporting file segments into a final file.
\nAfter reaching the timeout (e.g. due to system is overloaded), the PUBACK message for `fin` will contain error code (0x80)
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments",
+ "fields" : [
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-root",
+ "text" : "root",
+ "doc" : "File system path to keep uploaded fragments and temporary data.",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc-S-local_storage_segments_gc",
+ "fields" : [
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc-S-local_storage_segments_gc-interval",
+ "text" : "interval",
+ "doc" : "Interval of periodic garbage collection.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"1h\""
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc-S-local_storage_segments_gc-maximum_segments_ttl",
+ "text" : "maximum_segments_ttl",
+ "doc" : "Maximum TTL of a segment kept in the local file system.
\nThis is a hard limit: no segment will outlive this TTL, even if some file transfer specifies a\nTTL more than that.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"24h\""
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc-S-local_storage_segments_gc-minimum_segments_ttl",
+ "text" : "minimum_segments_ttl",
+ "doc" : "Minimum TTL of a segment kept in the local file system.
\nThis is a hard limit: no segment will be garbage collected before reaching this TTL,\neven if some file transfer specifies a TTL less than that.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"5m\""
+ }
+ ],
+ "text" : "local_storage_segments_gc",
+ "doc" : "Garbage collection settings for the File transfer local segments storage"
+ }
+ ],
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments-S-local_storage_segments-gc",
+ "text" : "gc",
+ "doc" : "Garbage collection settings for the intermediate and temporary files in the local file system.",
+ "type" : "Struct(local_storage_segments_gc)"
+ }
+ ],
+ "text" : "local_storage_segments",
+ "doc" : "File transfer local segments storage settings"
+ }
+ ],
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-segments",
+ "text" : "segments",
+ "doc" : "Settings for local segments storage, which include uploaded transfer fragments and temporary data.",
+ "type" : "Struct(local_storage_segments)",
+ "default" : "{gc {}}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-local-S-local_storage_exporter",
+ "fields" : [
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-local-S-local_storage_exporter-root",
+ "text" : "root",
+ "doc" : "Directory where the uploaded files are kept.",
+ "type" : "String"
+ }
+ ],
+ "text" : "local_storage_exporter",
+ "doc" : "Local Exporter settings for the File transfer local storage backend"
+ }
+ ],
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-local",
+ "text" : "local",
+ "doc" : "Exporter to the local file system.",
+ "type" : "Struct(local_storage_exporter)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter",
+ "fields" : [
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-access_key_id",
+ "text" : "access_key_id",
+ "doc" : "The access key ID of the S3 bucket.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-secret_access_key",
+ "text" : "secret_access_key",
+ "doc" : "The secret access key of the S3 bucket.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-host",
+ "text" : "host",
+ "doc" : "The host of the S3 endpoint.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-port",
+ "text" : "port",
+ "doc" : "The port of the S3 endpoint.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-access_method",
+ "text" : "access_method",
+ "doc" : "Method to be used to access the bucket through HTTP API.",
+ "type" : "Enum(path,vhost)",
+ "default" : "path"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options",
+ "fields" : [
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ipv6_probe",
+ "text" : "ipv6_probe",
+ "doc" : "Whether to probe for IPv6 support.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "The timeout when connecting to the HTTP server.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-pool_size",
+ "text" : "pool_size",
+ "doc" : "The pool size.",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "Deprecated since 5.8.2.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "Trusted PEM format CA certificates bundle file.
\nThe certificates in this file are used to verify the TLS peer's certificates.\nAppend new certificates to the file if new CAs are to be trusted.\nThere is no need to restart EMQX to have the updated file loaded, because\nthe system regularly checks if file has been updated (and reload).
\nNOTE: invalidating (deleting) a certificate from the file will not affect\nalready established connections.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM format certificates chain file.
\nThe certificates in this file should be in reversed order of the certificate\nissue chain. That is, the host's certificate should be placed in the beginning\nof the file, followed by the immediate issuer certificate and so on.\nAlthough the root CA certificate is optional, it should be placed at the end of\nthe file if it is to be added.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM format private key file.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "Enable or disable peer verification.",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "Enable TLS session reuse.
\nHas no effect when TLS version is configured (or negotiated) to 1.3",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path.\nSo, if depth is 0 the PEER must be signed by the trusted ROOT-CA directly;
\nif 1 the path can be PEER, Intermediate-CA, ROOT-CA;
\nif 2 the path can be PEER, Intermediate-CA1, Intermediate-CA2, ROOT-CA.",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "String containing the user's password. Only used if the private key file is password-protected.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "All TLS/DTLS versions to be supported.
\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config.
\nIn case PSK cipher suites are intended, make sure to configure\n['tlsv1.2', 'tlsv1.1'] here.",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "This config holds TLS cipher suite names separated by comma,\nor as an array of strings. e.g.\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\" or\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"].\n
\nCiphers (and their ordering) define the way in which the\nclient and server encrypts information over the network connection.\nSelecting a good cipher suite is critical for the\napplication's data security, confidentiality and performance.\n\nThe names should be in OpenSSL string format (not RFC format).\nAll default values and examples provided by EMQX config\ndocumentation are all in OpenSSL format.
\n\nNOTE: Certain cipher suites are only compatible with\nspecific TLS versions ('tlsv1.1', 'tlsv1.2' or 'tlsv1.3')\nincompatible cipher suites will be silently dropped.\nFor instance, if only 'tlsv1.3' is given in the versions,\nconfiguring cipher suites for other versions will have no effect.\n
\n\nNOTE: PSK ciphers are suppressed by 'tlsv1.3' version config
\nIf PSK cipher suites are intended, 'tlsv1.3' should be disabled from versions.
\nPSK cipher suites: \"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "Whether to reject TLS renegotiation attempts that are not compliant with [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt).\n\nBy default, `secure_renegotiate` is set to `true`, which forces secure renegotiation.\nIf set to `false`, secure renegotiation will still be used, but will fall back to insecure renegotiation if the peer does not support [RFC 5746](http://www.ietf.org/rfc/rfc5746.txt), which increases the risk of a MitM attack.\n\nHas no effect when TLS version is configured (or negotiated) to 1.3.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "The minimum level of logging allowed for SSL output.\n\nThe default is `notice`, set to a lower `debug` level for more detailed logging that can be used to investigate SSL handshake issues.",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "Specifies the amount of time that an SSL process will hibernate after being idle, thus reducing its memory footprint.\n\nThe hibernating process will be woken up when a new message arrives.\nHibernating and waking up too often can cause CPU utilization to increase, as they both perform garbage collection on the process.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "Enable or disable peer verification with partial_chain.\nWhen local verifies a peer certificate during the x509 path validation\nprocess, it constructs a certificate chain that starts with the peer\ncertificate and ends with a trust anchor.\nBy default, if it is set to `false`, the trust anchor is the\nRoot CA, and the certificate chain must be complete.\nHowever, if the setting is set to `true` or `cacert_from_cacertfile`,\nthe last certificate in `cacertfile` will be used as the trust anchor\ncertificate (intermediate CA). This creates a partial chain\nin the path validation.\nAlternatively, if it is configured with `two_cacerts_from_cacertfile`,\none of the last two certificates in `cacertfile` will be used as the\ntrust anchor certificate, forming a partial chain. This option is\nparticularly useful for intermediate CA certificate rotation.\nHowever, please note that it incurs some additional overhead, so it\nshould only be used for certificate rotation purposes.",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "Verify extended key usage in peer's certificate\nFor additional peer certificate validation, the value defined here must present in the\n'Extended Key Usage' of peer certificate defined in\n[rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12).\n\nAllowed values are\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- raw OID, for example: \"OID:1.3.6.1.5.5.7.3.2\" means `id-pk 2` which is equivalent to `clientAuth`\n\nComma-separated string is also supported for validating more than one key usages.\n\nFor example, `\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "Enable TLS.",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "Configures the middle box compatibility mode for a TLS-1.3 connection.\n\nA significant number of middle boxes misbehave when a TLS-1.3 connection is negotiated. Implementations can increase the chance of making connections through those middle boxes by adapting the TLS-1.3 handshake to resemble that of a TLS-1.2 handshake.",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "Specify the host name to be used in TLS Server Name Indication extension.
\nFor instance, when connecting to \"server.example.net\", the genuine server\nwhich accepts the connection and performs TLS handshake may differ from the\nhost the TLS client initially connects to, e.g. when connecting to an IP address\nor when the host has multiple resolvable DNS records
\nIf not specified, it will default to the host name string which is used\nto establish the connection, unless it is IP address used.
\nThe host name is then also used in the host name verification of the peer\ncertificate.
The special value 'disable' prevents the Server Name\nIndication extension from being sent and disables the hostname\nverification check.",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-ssl",
+ "text" : "ssl",
+ "doc" : "SSL connection settings.",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = true}"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-headers",
+ "text" : "headers",
+ "doc" : "List of HTTP headers.",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-max_retries",
+ "text" : "max_retries",
+ "doc" : "Max retry times if error on sending request.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options-S-transport_options-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP request timeout.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "transport_options",
+ "doc" : "Options for the HTTP transport layer used by the S3 client"
+ }
+ ],
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-transport_options",
+ "text" : "transport_options",
+ "doc" : "Options for the HTTP transport layer used by the S3 client.",
+ "type" : "Struct(transport_options)"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-min_part_size",
+ "text" : "min_part_size",
+ "doc" : "The minimum part size for multipart uploads.
\nUploaded data will be accumulated in memory until this size is reached.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"5mb\""
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-max_part_size",
+ "text" : "max_part_size",
+ "doc" : "The maximum part size for multipart uploads.
\nS3 uploader won't try to upload parts larger than this size.
A string that represents a number of bytes, for example: 10B, 640kb, 4MB, 1GB. Units are binary standardized, i.e., 1MB equals 1024KB. units are not case sensitive, i.e., 1kb equals 1KB.",
+ "type" : "Bytesize",
+ "default" : "\"5gb\""
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-url_expire_time",
+ "text" : "url_expire_time",
+ "doc" : "The time in seconds for which the signed URLs to the S3 objects are valid.
A string that represents a time duration, for example: 10s, 2.5m, 1h30m, 1W2D, or 2345ms, which is the smallest unit. Each configuration item has its own minimum precision. The part of the setting value that exceeds the precision will be ignored.\n\nFor example, if a configuration item of type Duration(s) is set to 1200ms, the final effective value will be 1s instead of 1.2s.\n\n`Duration` is equivalent to `Duration(ms)`. The unit part is case-insensitive.",
+ "type" : "Duration(s)",
+ "default" : "\"1h\""
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-bucket",
+ "text" : "bucket",
+ "doc" : "The name of the S3 bucket.
A string for `${.path.to.var}` style value interpolation,\nwhere the leading dot is optional, and `${.}` represents all values as an object.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3-S-s3_exporter-acl",
+ "text" : "acl",
+ "doc" : "The ACL to use for the uploaded objects.",
+ "type" : "Enum(private,public_read,public_read_write,authenticated_read,bucket_owner_read,bucket_owner_full_control)"
+ }
+ ],
+ "text" : "s3_exporter",
+ "doc" : "S3 Exporter settings for the File transfer local storage backend"
+ }
+ ],
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter-S-local_storage_exporter_backend-s3",
+ "text" : "s3",
+ "doc" : "Exporter to the S3 API compatible object storage.",
+ "type" : "Struct(s3_exporter)"
+ }
+ ],
+ "text" : "local_storage_exporter_backend",
+ "doc" : "Exporter for the local file system storage backend"
+ }
+ ],
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local-S-local_storage-exporter",
+ "text" : "exporter",
+ "doc" : "Exporter for the local file system storage backend.
\nExporter defines where and how fully transferred and assembled files are stored.",
+ "type" : "Struct(local_storage_exporter_backend)",
+ "default" : "{local {}}"
+ }
+ ],
+ "text" : "local_storage",
+ "doc" : "File transfer local storage settings"
+ }
+ ],
+ "hash" : "V-file_transfer-S-file_transfer-storage-S-storage_backend-local",
+ "text" : "local",
+ "doc" : "Local file system backend to store uploaded fragments and temporary data.",
+ "type" : "Struct(local_storage)"
+ }
+ ],
+ "text" : "storage_backend",
+ "doc" : "Storage backend settings for file transfer"
+ }
+ ],
+ "hash" : "V-file_transfer-S-file_transfer-storage",
+ "text" : "storage",
+ "doc" : "Storage settings for file transfer.",
+ "type" : "Struct(storage_backend)",
+ "default" : "{local {}}"
+ }
+ ],
+ "text" : "file_transfer",
+ "doc" : "File transfer settings"
+ }
+ ],
+ "hash" : "V-file_transfer",
+ "text" : "file_transfer",
+ "type" : "Struct(file_transfer)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_queues-S-durable_queues",
+ "fields" : [
+ {
+ "hash" : "V-durable_queues-S-durable_queues-enable",
+ "text" : "enable",
+ "doc" : "Enable the shared subscription feature.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "durable_queues",
+ "doc" : "Settings for durable queues"
+ }
+ ],
+ "hash" : "V-durable_queues",
+ "text" : "durable_queues",
+ "type" : "Struct(durable_queues)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-multi_tenancy-S-config",
+ "fields" : [
+ {
+ "hash" : "V-multi_tenancy-S-config-default_max_sessions",
+ "text" : "default_max_sessions",
+ "doc" : "The default number of live sessions allowed for each namespace.\nAccess will be denied for new clients if limit is reached.\nOnline config changes do not affect running sessions.",
+ "type" : "Integer(1..+inf)",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-multi_tenancy-S-config-allow_only_managed_namespaces",
+ "text" : "allow_only_managed_namespaces",
+ "doc" : "If enabled, clients that belong to a non-managed namespace will be\ndenied connection. Clients that can't have their namespace resolved\nwill also be denied connection.",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "config",
+ "doc" : "Multi-tenancy configuration"
+ }
+ ],
+ "hash" : "V-multi_tenancy",
+ "text" : "multi_tenancy",
+ "type" : "Struct(config)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-ai-S-ai",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-ai-S-ai-providers-S-provider",
+ "fields" : [
+ {
+ "hash" : "V-ai-S-ai-providers-S-provider-name",
+ "text" : "name",
+ "doc" : "Name of the provider.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-ai-S-ai-providers-S-provider-type",
+ "text" : "type",
+ "doc" : "Type of AI provider: OpenAI or Anthropic.",
+ "type" : "Enum(openai,anthropic)",
+ "default" : "openai"
+ },
+ {
+ "hash" : "V-ai-S-ai-providers-S-provider-api_key",
+ "text" : "api_key",
+ "doc" : "API key for the AI provider.
A string holding some sensitive information, such as a password. When secret starts with file://, the rest of the string is interpreted as a path to a file containing the secret itself: whole content of the file except any trailing whitespace characters is considered a secret value. Note: when clustered, all EMQX nodes should have the same file present before using file:// secrets.",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-ai-S-ai-providers-S-provider-base_url",
+ "text" : "base_url",
+ "doc" : "Base URL for the AI provider API endpoint.",
+ "type" : "String",
+ "default" : "\"https://api.openai.com/v1\""
+ }
+ ],
+ "text" : "provider",
+ "doc" : "AI provider."
+ }
+ ],
+ "hash" : "V-ai-S-ai-providers",
+ "text" : "providers",
+ "doc" : "List of AI provider providers.",
+ "type" : "Array(Struct(provider))",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-ai-S-ai-completion_profiles-S-anthropic_completion_profile",
+ "fields" : [
+ {
+ "hash" : "V-ai-S-ai-completion_profiles-S-anthropic_completion_profile-name",
+ "text" : "name",
+ "doc" : "Name of the completion profile.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-ai-S-ai-completion_profiles-S-anthropic_completion_profile-type",
+ "text" : "type",
+ "doc" : "Type of AI provider: OpenAI or Anthropic.",
+ "type" : "String(\"anthropic\")",
+ "default" : "anthropic"
+ },
+ {
+ "hash" : "V-ai-S-ai-completion_profiles-S-anthropic_completion_profile-provider_name",
+ "text" : "provider_name",
+ "doc" : "Name of the provider.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-ai-S-ai-completion_profiles-S-anthropic_completion_profile-anthropic_version",
+ "text" : "anthropic_version",
+ "doc" : "Version of the Anthropic API to use.",
+ "type" : "Enum(2023-06-01)",
+ "default" : "\"2023-06-01\""
+ },
+ {
+ "hash" : "V-ai-S-ai-completion_profiles-S-anthropic_completion_profile-system_prompt",
+ "text" : "system_prompt",
+ "doc" : "System prompt for the AI completion.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-ai-S-ai-completion_profiles-S-anthropic_completion_profile-model",
+ "text" : "model",
+ "doc" : "Model to use for the AI completion.",
+ "type" : "String",
+ "default" : "\"claude-3-5-sonnet-20240620\""
+ },
+ {
+ "hash" : "V-ai-S-ai-completion_profiles-S-anthropic_completion_profile-max_tokens",
+ "text" : "max_tokens",
+ "doc" : "Maximum number of tokens to generate.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ }
+ ],
+ "text" : "anthropic_completion_profile",
+ "doc" : "AI completion profile for Anthropic."
+ },
+ {
+ "hash" : "T-ai-S-ai-completion_profiles-S-openai_completion_profile",
+ "fields" : [
+ {
+ "hash" : "V-ai-S-ai-completion_profiles-S-openai_completion_profile-name",
+ "text" : "name",
+ "doc" : "Name of the completion profile.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-ai-S-ai-completion_profiles-S-openai_completion_profile-type",
+ "text" : "type",
+ "doc" : "Type of AI provider: OpenAI or Anthropic.",
+ "type" : "String(\"openai\")",
+ "default" : "openai"
+ },
+ {
+ "hash" : "V-ai-S-ai-completion_profiles-S-openai_completion_profile-provider_name",
+ "text" : "provider_name",
+ "doc" : "Name of the provider.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-ai-S-ai-completion_profiles-S-openai_completion_profile-system_prompt",
+ "text" : "system_prompt",
+ "doc" : "System prompt for the AI completion.",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-ai-S-ai-completion_profiles-S-openai_completion_profile-model",
+ "text" : "model",
+ "doc" : "Model to use for the AI completion.",
+ "type" : "String",
+ "default" : "\"gpt-4o\""
+ }
+ ],
+ "text" : "openai_completion_profile",
+ "doc" : "AI completion profile for OpenAI."
+ }
+ ],
+ "hash" : "V-ai-S-ai-completion_profiles",
+ "text" : "completion_profiles",
+ "doc" : "List of AI completion profiles.",
+ "type" : "Array(OneOf(Struct(anthropic_completion_profile),Struct(openai_completion_profile)))",
+ "default" : "[]"
+ }
+ ],
+ "text" : "ai",
+ "doc" : "AI functions settings."
+ }
+ ],
+ "hash" : "V-ai",
+ "text" : "ai",
+ "type" : "Struct(ai)"
+ }
+ ],
+ "text" : "root",
+ "doc" : ""
+}
\ No newline at end of file
diff --git a/hocon/hocon-ee-v5.10.1-zh.json b/hocon/hocon-ee-v5.10.1-zh.json
new file mode 100644
index 000000000..efa061707
--- /dev/null
+++ b/hocon/hocon-ee-v5.10.1-zh.json
@@ -0,0 +1,45980 @@
+{
+ "hash" : "T-root",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-tcp-S-mqtt_tcp_listener",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bind",
+ "text" : "bind",
+ "doc" : "监听套接字的 IP 地址和端口。",
+ "type" : "String",
+ "default" : "1883"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "监听器接收池的大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器允许的最大并发连接数。",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "在客户端的 SUBSCRIBE 和 UNSUBSCRIBE 请求、`PUBLISH` 消息以及遗嘱消息(如果在 `CONNECT` 数据包中提供)中,为主题添加静态或模板化的前缀(例如,`n1/` 或 `${username}/`)。\n- 从发布到相应订阅的消息的主题中移除此前缀。\n\n支持的占位符有:\n- `${username}`\n- `${clientid}`\n- `${zone}`\n- `${client_attrs.NAME}`\n\n例如,使用 `mountpoint=\"${username}/\"` 配置时,使用 `u1` 作为用户名的客户端将具有:\n- 客户端 `SUBSCRIBE sensors/#` 在服务器内部为 `u1/sensors/#`。\n- 服务器发布 `PUBLISH u1/sensors/data` -> 发送给客户端的主题为 `sensors/data`。\n\n前缀挂载/卸载适用于:\n- `CONNECT` 中的遗嘱消息\n- `PUBLISH`\n- `SUBSCRIBE`\n- `UNSUBSCRIBE`\n\n注意:挂载操作发生在**授权/ACL 检查之后**。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-zone",
+ "text" : "zone",
+ "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`",
+ "type" : "String",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。",
+ "type" : "Enum(true,false,quick_deny_anonymous)",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bytes_rate",
+ "text" : "bytes_rate",
+ "doc" : "限制单个客户端每个节点可以向代理发送的字节数。\n\n一旦达到限制,EMQX 将丢弃 QoS 0 消息并拒绝 QoS 1 和 QoS 2 消息,\n返回“配额超出”错误代码 (0x97)。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- `500KB/s`:每秒钟只接收 500 千字节,剩余字节将被丢弃/拒绝。\n- `500MB/10s`:每 10 秒只接收 500 兆字节,剩余字节将被丢弃/拒绝。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-bytes_burst",
+ "text" : "bytes_burst",
+ "doc" : "可以突发发送的字节数,超出常规的 `bytes_rate`。\n\n例如:`100MB/60m`:每 60 分钟内,可以在短时间内发送最多 100MB 的数据。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-messages_rate",
+ "text" : "messages_rate",
+ "doc" : "限制单个客户端每个节点可以向代理发送的消息数量。\n\n一旦达到限制,EMQX 将丢弃 QoS 0 消息并拒绝 QoS 1 和 QoS 2 消息,\n返回“配额超出”错误代码 (0x97)。\n\n例如:\n\n- `500/s`:每秒只接收 500 条消息,剩余消息将被丢弃/拒绝。\n- `500/10s`:每 10 秒只接收 500 条消息,剩余消息将被丢弃/拒绝。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-messages_burst",
+ "text" : "messages_burst",
+ "doc" : "可以突发发送的消息数,超出常规的 `messages_rate`,每个节点。\n\n例如:`10000/60m`:每 60 分钟内,可以在短时间内发送最多 10000 条消息。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "限制此监听器每个节点接受连接的速度。\n\n当达到限制后,EMQX 会在新连接被接受后立即关闭它们,从而有效清空等待被接受的连接队列。\n\n例如:\n\n- `1000/s`:每秒只接受 1000 个连接。\n- `1000/10s`:每 10 秒只接受 1000 个连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-max_conn_burst",
+ "text" : "max_conn_burst",
+ "doc" : "可以突发接受的连接数,超出常规速率,每个节点。\n\n例如:`10000/60m`:每 60 分钟内,可以在短时间内接受最多 10000 个连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "此监听器的访问控制规则。",
+ "type" : "Array(String)",
+ "default" : "[\"allow all\"]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果 EMQX 集群部署在 HAProxy 或 Nginx 之后,请启用代理协议 V1/2
\n详情见: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "代理协议超时。如果在超时时间内未收到代理协议数据包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-parse_unit",
+ "text" : "parse_unit",
+ "doc" : "此设置指定 MQTT 解析时的数据处理粒度,决定从字节流中提取和解析 MQTT 帧的方式:\n\n- `chunk`:按传输层数据包级别处理帧。此方式使用原始字节块作为解析单位,需要应用逻辑自行组装和解析 MQTT 帧。每个数据块的大小不确定,受传输速率、socket 缓冲区大小及其他内核设置影响。\n- `frame`:按完整的 MQTT 消息处理帧。此方式确保应用逻辑仅接收完整的 MQTT 帧进行处理。在大多数情况下,它比 `chunk` 选项具有更好的性能。\n\n请注意,`parse_unit` 的选择会影响 `active_n` 设置的解释方式:它决定了传递到连接进程的是原始字节块的数量还是完整的 MQTT 消息数量。",
+ "type" : "Enum(chunk,frame)",
+ "default" : "chunk"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-tcp-S-mqtt_tcp_listener-tcp_options",
+ "text" : "tcp_options",
+ "type" : "Struct(tcp_opts)"
+ }
+ ],
+ "text" : "mqtt_tcp_listener",
+ "doc" : "Settings for the MQTT over TCP listener."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-tcp",
+ "text" : "tcp",
+ "doc" : "TCP 监听器。",
+ "type" : "Map($name->OneOf(Struct(mqtt_tcp_listener),String(\"marked_for_deletion\")))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bind",
+ "text" : "bind",
+ "doc" : "监听套接字的 IP 地址和端口。",
+ "type" : "String",
+ "default" : "8883"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "监听器接收池的大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器允许的最大并发连接数。",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "在客户端的 SUBSCRIBE 和 UNSUBSCRIBE 请求、`PUBLISH` 消息以及遗嘱消息(如果在 `CONNECT` 数据包中提供)中,为主题添加静态或模板化的前缀(例如,`n1/` 或 `${username}/`)。\n- 从发布到相应订阅的消息的主题中移除此前缀。\n\n支持的占位符有:\n- `${username}`\n- `${clientid}`\n- `${zone}`\n- `${client_attrs.NAME}`\n\n例如,使用 `mountpoint=\"${username}/\"` 配置时,使用 `u1` 作为用户名的客户端将具有:\n- 客户端 `SUBSCRIBE sensors/#` 在服务器内部为 `u1/sensors/#`。\n- 服务器发布 `PUBLISH u1/sensors/data` -> 发送给客户端的主题为 `sensors/data`。\n\n前缀挂载/卸载适用于:\n- `CONNECT` 中的遗嘱消息\n- `PUBLISH`\n- `SUBSCRIBE`\n- `UNSUBSCRIBE`\n\n注意:挂载操作发生在**授权/ACL 检查之后**。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-zone",
+ "text" : "zone",
+ "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`",
+ "type" : "String",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。",
+ "type" : "Enum(true,false,quick_deny_anonymous)",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bytes_rate",
+ "text" : "bytes_rate",
+ "doc" : "限制单个客户端每个节点可以向代理发送的字节数。\n\n一旦达到限制,EMQX 将丢弃 QoS 0 消息并拒绝 QoS 1 和 QoS 2 消息,\n返回“配额超出”错误代码 (0x97)。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- `500KB/s`:每秒钟只接收 500 千字节,剩余字节将被丢弃/拒绝。\n- `500MB/10s`:每 10 秒只接收 500 兆字节,剩余字节将被丢弃/拒绝。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-bytes_burst",
+ "text" : "bytes_burst",
+ "doc" : "可以突发发送的字节数,超出常规的 `bytes_rate`。\n\n例如:`100MB/60m`:每 60 分钟内,可以在短时间内发送最多 100MB 的数据。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-messages_rate",
+ "text" : "messages_rate",
+ "doc" : "限制单个客户端每个节点可以向代理发送的消息数量。\n\n一旦达到限制,EMQX 将丢弃 QoS 0 消息并拒绝 QoS 1 和 QoS 2 消息,\n返回“配额超出”错误代码 (0x97)。\n\n例如:\n\n- `500/s`:每秒只接收 500 条消息,剩余消息将被丢弃/拒绝。\n- `500/10s`:每 10 秒只接收 500 条消息,剩余消息将被丢弃/拒绝。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-messages_burst",
+ "text" : "messages_burst",
+ "doc" : "可以突发发送的消息数,超出常规的 `messages_rate`,每个节点。\n\n例如:`10000/60m`:每 60 分钟内,可以在短时间内发送最多 10000 条消息。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "限制此监听器每个节点接受连接的速度。\n\n当达到限制后,EMQX 会在新连接被接受后立即关闭它们,从而有效清空等待被接受的连接队列。\n\n例如:\n\n- `1000/s`:每秒只接受 1000 个连接。\n- `1000/10s`:每 10 秒只接受 1000 个连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-max_conn_burst",
+ "text" : "max_conn_burst",
+ "doc" : "可以突发接受的连接数,超出常规速率,每个节点。\n\n例如:`10000/60m`:每 60 分钟内,可以在短时间内接受最多 10000 个连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "此监听器的访问控制规则。",
+ "type" : "Array(String)",
+ "default" : "[\"allow all\"]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果 EMQX 集群部署在 HAProxy 或 Nginx 之后,请启用代理协议 V1/2
\n详情见: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "代理协议超时。如果在超时时间内未收到代理协议数据包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-parse_unit",
+ "text" : "parse_unit",
+ "doc" : "此设置指定 MQTT 解析时的数据处理粒度,决定从字节流中提取和解析 MQTT 帧的方式:\n\n- `chunk`:按传输层数据包级别处理帧。此方式使用原始字节块作为解析单位,需要应用逻辑自行组装和解析 MQTT 帧。每个数据块的大小不确定,受传输速率、socket 缓冲区大小及其他内核设置影响。\n- `frame`:按完整的 MQTT 消息处理帧。此方式确保应用逻辑仅接收完整的 MQTT 帧进行处理。在大多数情况下,它比 `chunk` 选项具有更好的性能。\n\n请注意,`parse_unit` 的选择会影响 `active_n` 设置的解释方式:它决定了传递到连接进程的是原始字节块的数量还是完整的 MQTT 消息数量。",
+ "type" : "Enum(chunk,frame)",
+ "default" : "chunk"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-tcp_options",
+ "text" : "tcp_options",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "是否为该监听器启用 CRL 检查。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "listener_ssl_opts",
+ "doc" : "Socket options for SSL connections."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ssl-S-mqtt_ssl_listener-ssl_options",
+ "text" : "ssl_options",
+ "type" : "Struct(listener_ssl_opts)"
+ }
+ ],
+ "text" : "mqtt_ssl_listener",
+ "doc" : "Settings for the MQTT over SSL listener."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ssl",
+ "text" : "ssl",
+ "doc" : "SSL 监听器。",
+ "type" : "Map($name->OneOf(Struct(mqtt_ssl_listener),String(\"marked_for_deletion\")))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bind",
+ "text" : "bind",
+ "doc" : "监听套接字的 IP 地址和端口。",
+ "type" : "String",
+ "default" : "8083"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "监听器接收池的大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器允许的最大并发连接数。",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "在客户端的 SUBSCRIBE 和 UNSUBSCRIBE 请求、`PUBLISH` 消息以及遗嘱消息(如果在 `CONNECT` 数据包中提供)中,为主题添加静态或模板化的前缀(例如,`n1/` 或 `${username}/`)。\n- 从发布到相应订阅的消息的主题中移除此前缀。\n\n支持的占位符有:\n- `${username}`\n- `${clientid}`\n- `${zone}`\n- `${client_attrs.NAME}`\n\n例如,使用 `mountpoint=\"${username}/\"` 配置时,使用 `u1` 作为用户名的客户端将具有:\n- 客户端 `SUBSCRIBE sensors/#` 在服务器内部为 `u1/sensors/#`。\n- 服务器发布 `PUBLISH u1/sensors/data` -> 发送给客户端的主题为 `sensors/data`。\n\n前缀挂载/卸载适用于:\n- `CONNECT` 中的遗嘱消息\n- `PUBLISH`\n- `SUBSCRIBE`\n- `UNSUBSCRIBE`\n\n注意:挂载操作发生在**授权/ACL 检查之后**。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-zone",
+ "text" : "zone",
+ "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`",
+ "type" : "String",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。",
+ "type" : "Enum(true,false,quick_deny_anonymous)",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bytes_rate",
+ "text" : "bytes_rate",
+ "doc" : "限制单个客户端每个节点可以向代理发送的字节数。\n\n一旦达到限制,EMQX 将丢弃 QoS 0 消息并拒绝 QoS 1 和 QoS 2 消息,\n返回“配额超出”错误代码 (0x97)。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- `500KB/s`:每秒钟只接收 500 千字节,剩余字节将被丢弃/拒绝。\n- `500MB/10s`:每 10 秒只接收 500 兆字节,剩余字节将被丢弃/拒绝。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-bytes_burst",
+ "text" : "bytes_burst",
+ "doc" : "可以突发发送的字节数,超出常规的 `bytes_rate`。\n\n例如:`100MB/60m`:每 60 分钟内,可以在短时间内发送最多 100MB 的数据。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-messages_rate",
+ "text" : "messages_rate",
+ "doc" : "限制单个客户端每个节点可以向代理发送的消息数量。\n\n一旦达到限制,EMQX 将丢弃 QoS 0 消息并拒绝 QoS 1 和 QoS 2 消息,\n返回“配额超出”错误代码 (0x97)。\n\n例如:\n\n- `500/s`:每秒只接收 500 条消息,剩余消息将被丢弃/拒绝。\n- `500/10s`:每 10 秒只接收 500 条消息,剩余消息将被丢弃/拒绝。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-messages_burst",
+ "text" : "messages_burst",
+ "doc" : "可以突发发送的消息数,超出常规的 `messages_rate`,每个节点。\n\n例如:`10000/60m`:每 60 分钟内,可以在短时间内发送最多 10000 条消息。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "限制此监听器每个节点接受连接的速度。\n\n当达到限制后,EMQX 会在新连接被接受后立即关闭它们,从而有效清空等待被接受的连接队列。\n\n例如:\n\n- `1000/s`:每秒只接受 1000 个连接。\n- `1000/10s`:每 10 秒只接受 1000 个连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-max_conn_burst",
+ "text" : "max_conn_burst",
+ "doc" : "可以突发接受的连接数,超出常规速率,每个节点。\n\n例如:`10000/60m`:每 60 分钟内,可以在短时间内接受最多 10000 个连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "此监听器的访问控制规则。",
+ "type" : "Array(String)",
+ "default" : "[\"allow all\"]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果 EMQX 集群部署在 HAProxy 或 Nginx 之后,请启用代理协议 V1/2
\n详情见: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "代理协议超时。如果在超时时间内未收到代理协议数据包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-tcp_options",
+ "text" : "tcp_options",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-mqtt_path",
+ "text" : "mqtt_path",
+ "doc" : "WebSocket 的 MQTT 协议路径。因此,EMQX Broker 的 WebSocket 地址为:\nws://{ip}:{port}/mqtt",
+ "type" : "String",
+ "default" : "\"/mqtt\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-mqtt_piggyback",
+ "text" : "mqtt_piggyback",
+ "doc" : "WebSocket 消息是否允许包含多个 MQTT 数据包。",
+ "type" : "Enum(single,multiple)",
+ "default" : "multiple"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-compress",
+ "text" : "compress",
+ "doc" : "如果 true,则使用 zlib 压缩 WebSocket 消息
\ndeflate_opts 下的配置项属于压缩相关参数配置。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "关闭在此间隔内未发送 MQTT CONNECT 消息的客户端的传输层连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"7200s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-max_frame_size",
+ "text" : "max_frame_size",
+ "doc" : "单个 MQTT 数据包的最大长度。",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-fail_if_no_subprotocol",
+ "text" : "fail_if_no_subprotocol",
+ "doc" : "如果true,当客户端未携带Sec WebSocket Protocol字段时,服务器将返回一个错误。\n
注意:微信小程序需要禁用此验证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-supported_subprotocols",
+ "text" : "supported_subprotocols",
+ "doc" : "逗号分隔的 subprotocols 支持列表。",
+ "type" : "String",
+ "default" : "\"mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-check_origin_enable",
+ "text" : "check_origin_enable",
+ "doc" : "如果true,originHTTP 头将根据check_origins参数中配置的允许来源列表进行验证。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-allow_origin_absence",
+ "text" : "allow_origin_absence",
+ "doc" : "如果设置为 false 并且 check_origin_enable 为 true,服务器将拒绝没有 origin HTTP 头的请求。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-check_origins",
+ "text" : "check_origins",
+ "doc" : "允许的 origins 列表",
+ "type" : "String",
+ "default" : "\"http://localhost:18083, http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-proxy_address_header",
+ "text" : "proxy_address_header",
+ "doc" : "HTTP 头,用于传递有关客户端 IP 地址的信息。\n当 EMQX 集群部署在负载平衡器后面时,这一点非常重要。",
+ "type" : "String",
+ "default" : "\"x-forwarded-for\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-proxy_port_header",
+ "text" : "proxy_port_header",
+ "doc" : "HTTP 头,用于传递有关客户端端口的信息。当 EMQX 集群部署在负载平衡器后面时,这一点非常重要。",
+ "type" : "String",
+ "default" : "\"x-forwarded-port\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-level",
+ "text" : "level",
+ "doc" : "压缩级别",
+ "type" : "Enum(none,default,best_compression,best_speed)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-mem_level",
+ "text" : "mem_level",
+ "doc" : "指定压缩状态的大小
\n较低的值会减少每个连接的内存使用。",
+ "type" : "Integer(1..9)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-strategy",
+ "text" : "strategy",
+ "doc" : "指定压缩策略。",
+ "type" : "Enum(default,filtered,huffman_only,rle)",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_context_takeover",
+ "text" : "server_context_takeover",
+ "doc" : "接管意味着在服务器消息之间保留压缩状态。",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_context_takeover",
+ "text" : "client_context_takeover",
+ "doc" : "接管意味着在客户端消息之间保留压缩状态。",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_max_window_bits",
+ "text" : "server_max_window_bits",
+ "doc" : "指定服务器压缩上下文的大小。",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_max_window_bits",
+ "text" : "client_max_window_bits",
+ "doc" : "指定客户端压缩上下文的大小。",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ }
+ ],
+ "text" : "deflate_opts",
+ "doc" : "Compression options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-deflate_opts",
+ "text" : "deflate_opts",
+ "type" : "Struct(deflate_opts)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket-S-ws_opts-validate_utf8",
+ "text" : "validate_utf8",
+ "doc" : "设置为 false 可以禁用 WebSocket 帧 UTF-8 验证以提高性能。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "ws_opts",
+ "doc" : "WebSocket listener options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ws-S-mqtt_ws_listener-websocket",
+ "text" : "websocket",
+ "type" : "Struct(ws_opts)"
+ }
+ ],
+ "text" : "mqtt_ws_listener",
+ "doc" : "Settings for the MQTT over WebSocket listener."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-ws",
+ "text" : "ws",
+ "doc" : "HTTP websocket 监听器。",
+ "type" : "Map($name->OneOf(Struct(mqtt_ws_listener),String(\"marked_for_deletion\")))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bind",
+ "text" : "bind",
+ "doc" : "监听套接字的 IP 地址和端口。",
+ "type" : "String",
+ "default" : "8084"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "监听器接收池的大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器允许的最大并发连接数。",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "在客户端的 SUBSCRIBE 和 UNSUBSCRIBE 请求、`PUBLISH` 消息以及遗嘱消息(如果在 `CONNECT` 数据包中提供)中,为主题添加静态或模板化的前缀(例如,`n1/` 或 `${username}/`)。\n- 从发布到相应订阅的消息的主题中移除此前缀。\n\n支持的占位符有:\n- `${username}`\n- `${clientid}`\n- `${zone}`\n- `${client_attrs.NAME}`\n\n例如,使用 `mountpoint=\"${username}/\"` 配置时,使用 `u1` 作为用户名的客户端将具有:\n- 客户端 `SUBSCRIBE sensors/#` 在服务器内部为 `u1/sensors/#`。\n- 服务器发布 `PUBLISH u1/sensors/data` -> 发送给客户端的主题为 `sensors/data`。\n\n前缀挂载/卸载适用于:\n- `CONNECT` 中的遗嘱消息\n- `PUBLISH`\n- `SUBSCRIBE`\n- `UNSUBSCRIBE`\n\n注意:挂载操作发生在**授权/ACL 检查之后**。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-zone",
+ "text" : "zone",
+ "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`",
+ "type" : "String",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。",
+ "type" : "Enum(true,false,quick_deny_anonymous)",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bytes_rate",
+ "text" : "bytes_rate",
+ "doc" : "限制单个客户端每个节点可以向代理发送的字节数。\n\n一旦达到限制,EMQX 将丢弃 QoS 0 消息并拒绝 QoS 1 和 QoS 2 消息,\n返回“配额超出”错误代码 (0x97)。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- `500KB/s`:每秒钟只接收 500 千字节,剩余字节将被丢弃/拒绝。\n- `500MB/10s`:每 10 秒只接收 500 兆字节,剩余字节将被丢弃/拒绝。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-bytes_burst",
+ "text" : "bytes_burst",
+ "doc" : "可以突发发送的字节数,超出常规的 `bytes_rate`。\n\n例如:`100MB/60m`:每 60 分钟内,可以在短时间内发送最多 100MB 的数据。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-messages_rate",
+ "text" : "messages_rate",
+ "doc" : "限制单个客户端每个节点可以向代理发送的消息数量。\n\n一旦达到限制,EMQX 将丢弃 QoS 0 消息并拒绝 QoS 1 和 QoS 2 消息,\n返回“配额超出”错误代码 (0x97)。\n\n例如:\n\n- `500/s`:每秒只接收 500 条消息,剩余消息将被丢弃/拒绝。\n- `500/10s`:每 10 秒只接收 500 条消息,剩余消息将被丢弃/拒绝。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-messages_burst",
+ "text" : "messages_burst",
+ "doc" : "可以突发发送的消息数,超出常规的 `messages_rate`,每个节点。\n\n例如:`10000/60m`:每 60 分钟内,可以在短时间内发送最多 10000 条消息。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "限制此监听器每个节点接受连接的速度。\n\n当达到限制后,EMQX 会在新连接被接受后立即关闭它们,从而有效清空等待被接受的连接队列。\n\n例如:\n\n- `1000/s`:每秒只接受 1000 个连接。\n- `1000/10s`:每 10 秒只接受 1000 个连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-max_conn_burst",
+ "text" : "max_conn_burst",
+ "doc" : "可以突发接受的连接数,超出常规速率,每个节点。\n\n例如:`10000/60m`:每 60 分钟内,可以在短时间内接受最多 10000 个连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "此监听器的访问控制规则。",
+ "type" : "Array(String)",
+ "default" : "[\"allow all\"]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果 EMQX 集群部署在 HAProxy 或 Nginx 之后,请启用代理协议 V1/2
\n详情见: https://www.haproxy.com/blog/haproxy/proxy-protocol/",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "代理协议超时。如果在超时时间内未收到代理协议数据包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-tcp_options",
+ "text" : "tcp_options",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options-S-listener_wss_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "listener_wss_opts",
+ "doc" : "Socket options for WebSocket/SSL connections."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-ssl_options",
+ "text" : "ssl_options",
+ "type" : "Struct(listener_wss_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-mqtt_path",
+ "text" : "mqtt_path",
+ "doc" : "WebSocket 的 MQTT 协议路径。因此,EMQX Broker 的 WebSocket 地址为:\nws://{ip}:{port}/mqtt",
+ "type" : "String",
+ "default" : "\"/mqtt\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-mqtt_piggyback",
+ "text" : "mqtt_piggyback",
+ "doc" : "WebSocket 消息是否允许包含多个 MQTT 数据包。",
+ "type" : "Enum(single,multiple)",
+ "default" : "multiple"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-compress",
+ "text" : "compress",
+ "doc" : "如果 true,则使用 zlib 压缩 WebSocket 消息
\ndeflate_opts 下的配置项属于压缩相关参数配置。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "关闭在此间隔内未发送 MQTT CONNECT 消息的客户端的传输层连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"7200s\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-max_frame_size",
+ "text" : "max_frame_size",
+ "doc" : "单个 MQTT 数据包的最大长度。",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-fail_if_no_subprotocol",
+ "text" : "fail_if_no_subprotocol",
+ "doc" : "如果true,当客户端未携带Sec WebSocket Protocol字段时,服务器将返回一个错误。\n
注意:微信小程序需要禁用此验证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-supported_subprotocols",
+ "text" : "supported_subprotocols",
+ "doc" : "逗号分隔的 subprotocols 支持列表。",
+ "type" : "String",
+ "default" : "\"mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-check_origin_enable",
+ "text" : "check_origin_enable",
+ "doc" : "如果true,originHTTP 头将根据check_origins参数中配置的允许来源列表进行验证。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-allow_origin_absence",
+ "text" : "allow_origin_absence",
+ "doc" : "如果设置为 false 并且 check_origin_enable 为 true,服务器将拒绝没有 origin HTTP 头的请求。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-check_origins",
+ "text" : "check_origins",
+ "doc" : "允许的 origins 列表",
+ "type" : "String",
+ "default" : "\"http://localhost:18083, http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-proxy_address_header",
+ "text" : "proxy_address_header",
+ "doc" : "HTTP 头,用于传递有关客户端 IP 地址的信息。\n当 EMQX 集群部署在负载平衡器后面时,这一点非常重要。",
+ "type" : "String",
+ "default" : "\"x-forwarded-for\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-proxy_port_header",
+ "text" : "proxy_port_header",
+ "doc" : "HTTP 头,用于传递有关客户端端口的信息。当 EMQX 集群部署在负载平衡器后面时,这一点非常重要。",
+ "type" : "String",
+ "default" : "\"x-forwarded-port\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-level",
+ "text" : "level",
+ "doc" : "压缩级别",
+ "type" : "Enum(none,default,best_compression,best_speed)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-mem_level",
+ "text" : "mem_level",
+ "doc" : "指定压缩状态的大小
\n较低的值会减少每个连接的内存使用。",
+ "type" : "Integer(1..9)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-strategy",
+ "text" : "strategy",
+ "doc" : "指定压缩策略。",
+ "type" : "Enum(default,filtered,huffman_only,rle)",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_context_takeover",
+ "text" : "server_context_takeover",
+ "doc" : "接管意味着在服务器消息之间保留压缩状态。",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_context_takeover",
+ "text" : "client_context_takeover",
+ "doc" : "接管意味着在客户端消息之间保留压缩状态。",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-server_max_window_bits",
+ "text" : "server_max_window_bits",
+ "doc" : "指定服务器压缩上下文的大小。",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts-S-deflate_opts-client_max_window_bits",
+ "text" : "client_max_window_bits",
+ "doc" : "指定客户端压缩上下文的大小。",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ }
+ ],
+ "text" : "deflate_opts",
+ "doc" : "Compression options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-deflate_opts",
+ "text" : "deflate_opts",
+ "type" : "Struct(deflate_opts)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket-S-ws_opts-validate_utf8",
+ "text" : "validate_utf8",
+ "doc" : "设置为 false 可以禁用 WebSocket 帧 UTF-8 验证以提高性能。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "ws_opts",
+ "doc" : "WebSocket listener options."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-wss-S-mqtt_wss_listener-websocket",
+ "text" : "websocket",
+ "type" : "Struct(ws_opts)"
+ }
+ ],
+ "text" : "mqtt_wss_listener",
+ "doc" : "Settings for the MQTT over WebSocket/SSL listener."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-wss",
+ "text" : "wss",
+ "doc" : "HTTPS websocket 监听器。",
+ "type" : "Map($name->OneOf(Struct(mqtt_wss_listener),String(\"marked_for_deletion\")))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-quic-S-mqtt_quic_listener",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式。
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3。
\n如果打算使用 PSK 密码套件,tlsv1.3 应在 ssl.versions 中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"
\n\n注:QUIC 监听器只支持 tlsv1.3 的 ciphers。",
+ "type" : "Array(String)",
+ "default" : "[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts",
+ "fields" : [
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options-S-listener_quic_ssl_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "listener_quic_ssl_opts",
+ "doc" : "TLS options for QUIC transport."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "QUIC 传输层的 TLS 选项",
+ "type" : "Struct(listener_quic_ssl_opts)"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bind",
+ "text" : "bind",
+ "doc" : "监听套接字的 IP 地址和端口。",
+ "type" : "String",
+ "default" : "14567"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "监听器接收池的大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器允许的最大并发连接数。",
+ "type" : "OneOf(String(\"infinity\"),Integer(1..+inf))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "在客户端的 SUBSCRIBE 和 UNSUBSCRIBE 请求、`PUBLISH` 消息以及遗嘱消息(如果在 `CONNECT` 数据包中提供)中,为主题添加静态或模板化的前缀(例如,`n1/` 或 `${username}/`)。\n- 从发布到相应订阅的消息的主题中移除此前缀。\n\n支持的占位符有:\n- `${username}`\n- `${clientid}`\n- `${zone}`\n- `${client_attrs.NAME}`\n\n例如,使用 `mountpoint=\"${username}/\"` 配置时,使用 `u1` 作为用户名的客户端将具有:\n- 客户端 `SUBSCRIBE sensors/#` 在服务器内部为 `u1/sensors/#`。\n- 服务器发布 `PUBLISH u1/sensors/data` -> 发送给客户端的主题为 `sensors/data`。\n\n前缀挂载/卸载适用于:\n- `CONNECT` 中的遗嘱消息\n- `PUBLISH`\n- `SUBSCRIBE`\n- `UNSUBSCRIBE`\n\n注意:挂载操作发生在**授权/ACL 检查之后**。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-zone",
+ "text" : "zone",
+ "doc" : "监听器所属的配置 zone。\n连接到此监听器的客户端将继承在此 zone 名称下创建的 zone 设置。\n\n一个 zone 可以覆盖以下根名称下的配置:\n- `mqtt`\n- `force_shutdown`\n- `force_gc`\n- `flapping_detect`\n- `durable_sessions`",
+ "type" : "String",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证,通过检查认配置的认认证器链来决定是否允许接入。\n配置 false 时,将不对客户端做任何认证,任何客户端,不论是不是携带用户名等认证信息,都可以接入。\n配置 quick_deny_anonymous 时,行为跟 true 类似,但是会对匿名\n客户直接拒绝,不做使用任何认证器对客户端进行身份检查。",
+ "type" : "Enum(true,false,quick_deny_anonymous)",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bytes_rate",
+ "text" : "bytes_rate",
+ "doc" : "限制单个客户端每个节点可以向代理发送的字节数。\n\n一旦达到限制,EMQX 将丢弃 QoS 0 消息并拒绝 QoS 1 和 QoS 2 消息,\n返回“配额超出”错误代码 (0x97)。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- `500KB/s`:每秒钟只接收 500 千字节,剩余字节将被丢弃/拒绝。\n- `500MB/10s`:每 10 秒只接收 500 兆字节,剩余字节将被丢弃/拒绝。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-bytes_burst",
+ "text" : "bytes_burst",
+ "doc" : "可以突发发送的字节数,超出常规的 `bytes_rate`。\n\n例如:`100MB/60m`:每 60 分钟内,可以在短时间内发送最多 100MB 的数据。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-messages_rate",
+ "text" : "messages_rate",
+ "doc" : "限制单个客户端每个节点可以向代理发送的消息数量。\n\n一旦达到限制,EMQX 将丢弃 QoS 0 消息并拒绝 QoS 1 和 QoS 2 消息,\n返回“配额超出”错误代码 (0x97)。\n\n例如:\n\n- `500/s`:每秒只接收 500 条消息,剩余消息将被丢弃/拒绝。\n- `500/10s`:每 10 秒只接收 500 条消息,剩余消息将被丢弃/拒绝。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-messages_burst",
+ "text" : "messages_burst",
+ "doc" : "可以突发发送的消息数,超出常规的 `messages_rate`,每个节点。\n\n例如:`10000/60m`:每 60 分钟内,可以在短时间内发送最多 10000 条消息。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "限制此监听器每个节点接受连接的速度。\n\n当达到限制后,EMQX 会在新连接被接受后立即关闭它们,从而有效清空等待被接受的连接队列。\n\n例如:\n\n- `1000/s`:每秒只接受 1000 个连接。\n- `1000/10s`:每 10 秒只接受 1000 个连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-listeners-S-listeners-quic-S-mqtt_quic_listener-max_conn_burst",
+ "text" : "max_conn_burst",
+ "doc" : "可以突发接受的连接数,超出常规速率,每个节点。\n\n例如:`10000/60m`:每 60 分钟内,可以在短时间内接受最多 10000 个连接。",
+ "type" : "String"
+ }
+ ],
+ "text" : "mqtt_quic_listener",
+ "doc" : "Settings for the MQTT over QUIC listener."
+ }
+ ],
+ "hash" : "V-listeners-S-listeners-quic",
+ "text" : "quic",
+ "doc" : "QUIC 监听器。",
+ "type" : "Map($name->OneOf(Struct(mqtt_quic_listener),String(\"marked_for_deletion\")))"
+ }
+ ],
+ "text" : "listeners",
+ "doc" : "MQTT listeners identified by their protocol type and assigned names"
+ }
+ ],
+ "hash" : "V-listeners",
+ "text" : "listeners",
+ "doc" : "监听器配置按传输类型进行定义。\n每种传输类型都包含一个将监听器名称与其配置关联的映射。\n默认情况下,每种传输类型都包含一个名为 `default` 的监听器,该监听器不会在配置文件中显式声明。\n若要移除 `default` 监听器,可显式设置其配置为:`listeners.ws.default = marked_for_deletion`。\n\n另外,若希望禁用某个监听器但保留其配置内容,可将隐藏字段 `enable` 设置为 `false`,例如:`listeners.tcp.my_listener.enable = false`。",
+ "type" : "Struct(listeners)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-mqtt-S-mqtt",
+ "fields" : [
+ {
+ "hash" : "V-mqtt-S-mqtt-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "设置连接被断开或进入休眠状态前的等待时间,空闲超时后,\n - 如暂未收到客户端的 CONNECT 报文,连接将断开;\n - 如已收到客户端的 CONNECT 报文,连接将进入休眠模式以节省系统资源。\n\n注意:请合理设置该参数值,如等待时间设置过长,可能造成系统资源的浪费。",
+ "type" : "OneOf(String(\"infinity\"),Duration)",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_packet_size",
+ "text" : "max_packet_size",
+ "doc" : "允许的最大 MQTT 报文大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_clientid_len",
+ "text" : "max_clientid_len",
+ "doc" : "允许的最大 MQTT Client ID 长度。",
+ "type" : "Integer(23..65535)",
+ "default" : "65535"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_topic_levels",
+ "text" : "max_topic_levels",
+ "doc" : "允许的最大主题层级。",
+ "type" : "Integer(1..65535)",
+ "default" : "128"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_topic_alias",
+ "text" : "max_topic_alias",
+ "doc" : "允许的最大主题别名数,0 表示不支持主题别名。",
+ "type" : "Integer(0..65535)",
+ "default" : "65535"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-retain_available",
+ "text" : "retain_available",
+ "doc" : "是否启用对 MQTT 保留消息的支持。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-wildcard_subscription",
+ "text" : "wildcard_subscription",
+ "doc" : "是否启用对 MQTT 通配符订阅的支持。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-shared_subscription",
+ "text" : "shared_subscription",
+ "doc" : "是否启用对 MQTT 共享订阅的支持。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-shared_subscription_strategy",
+ "text" : "shared_subscription_strategy",
+ "doc" : "共享订阅的分发策略。\nEMQX 将 **分发状态**(如随机种子、轮询位置和粘性订阅者选择)作为 **发布客户端连接状态** 的一部分进行维护。\n如果发布客户端断开连接并重新连接,则此状态会丢失,必须重新初始化。\n\n- `random`:随机选择一个订阅者进行分发;\n- `round_robin`:共享订阅组中的客户端将依次消费消息,每个发布者独立记录循环进度,因此来自**不同发布者**的两个相邻消息可能会被订阅组中的同一客户端消费;\n- `round_robin_per_group`:共享订阅组中的客户端将依次消费消息,每个节点独立记录循环进度,因此来自**不同节点**的两个相邻消息可能会被订阅组中的同一客户端消费;\n- `local`:随机选择当前节点上的一个订阅者,如果当前节点没有订阅者,则在集群内随机选择;\n- `sticky`:持续将消息分发给最初选择的订阅者,直到他们的会话结束。初始选择基于 `mqtt_shared_subscription_initial_sticky_pick`;\n- `hash_clientid`:哈希发布者的客户端 ID 以选择订阅者;\n- `hash_topic`:哈希发布主题以选择订阅者。",
+ "type" : "Enum(random,round_robin,round_robin_per_group,sticky,local,hash_topic,hash_clientid)",
+ "default" : "round_robin"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-shared_subscription_initial_sticky_pick",
+ "text" : "shared_subscription_initial_sticky_pick",
+ "doc" : "当 shared_subscription_strategy 为 `sticky` 时,初始订阅者选择的策略。\n - `random`: 随机选择订阅者;\n - `local`: 随机选择当前节点上的订阅者,如果当前节点上没有订阅者,则在集群中随机选择;\n - `hash_clientid`: 根据发布者的客户端 ID 进行哈希,选择订阅者;\n - `hash_topic`: 根据发布的主题进行哈希,选择订阅者。",
+ "type" : "Enum(random,local,hash_topic,hash_clientid)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-exclusive_subscription",
+ "text" : "exclusive_subscription",
+ "doc" : "是否启用对 MQTT 排它订阅的支持。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-ignore_loop_deliver",
+ "text" : "ignore_loop_deliver",
+ "doc" : "设置由 MQTT v3.1.1/v3.1.0 客户端发布的消息是否将转发给其本身;类似 MQTT 5.0 协议中的 No Local 选项。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-strict_mode",
+ "text" : "strict_mode",
+ "doc" : "是否以严格模式解析 MQTT 消息。\n严格模式下,如客户端 ID、主题名称等中包含无效 utf8 字符串,连接将被断开。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-response_information",
+ "text" : "response_information",
+ "doc" : "UTF-8 字符串,用于指定返回给客户端的响应主题,如 reqrsp/,此时请求和应答客户端都需要使用 reqrsp/ 前缀的主题来完成通讯。\n如希望禁用此功能,请在下方的文字框中输入\"\";仅适用于 MQTT 5.0 客户端。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-server_keepalive",
+ "text" : "server_keepalive",
+ "doc" : "EMQX 要求的保活时间,如设为 disabled,则将使用客户端指定的保持连接时间;仅适用于 MQTT 5.0 客户端。",
+ "type" : "OneOf(Integer(1..+inf),String(\"disabled\"))",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-keepalive_multiplier",
+ "text" : "keepalive_multiplier",
+ "doc" : "Keep-Alive 超时 = Keep-Alive 间隔 × Keep-Alive 倍数。默认值 1.5 遵循 MQTT 5.0 规范。此倍数可调整,为系统管理员提供根据特定需求进行定制的灵活性。例如,如果客户端的 10 秒 Keep-Alive 间隔的 PINGREQ 因为额外的 10 秒延迟,将倍数更改为 2 可以让 EMQX 容忍此延迟。",
+ "type" : "Number",
+ "default" : "1.5"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-keepalive_check_interval",
+ "text" : "keepalive_check_interval",
+ "doc" : "检查传入 MQTT 数据包的频率,决定服务器检查新 MQTT 数据包的频率。\n如果在没有客户端发送任何数据包的情况下经过了一定时间,这段时间将累加起来。\n一旦累积时间超过 `keepalive-interval * keepalive-multiplier`,连接将被终止。\n默认设置为 30 秒,最小值为 1 秒,最大值为 `keepalive-interval / 2`。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "QoS 1/2 消息的重新投递间隔。",
+ "type" : "OneOf(String(\"infinity\"),Duration)",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-use_username_as_clientid",
+ "text" : "use_username_as_clientid",
+ "doc" : "是否使用用户名作为客户端 ID。\n此设置的作用时间晚于 对端证书作为用户名 和 对端证书作为客户端 ID。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-peer_cert_as_username",
+ "text" : "peer_cert_as_username",
+ "doc" : "使用对端证书中的 CN、DN 字段或整个证书内容来作为用户名;仅适用于 TLS 连接。\n目前支持:\n- cn: 取证书的 CN 字段\n- dn: 取证书的 DN 字段\n- crt: 取 DER 或 PEM 的证书内容\n- pem: 将 DER 证书转换为 PEM 格式作为用户名\n- md5: 取 DER 或 PEM 证书内容的 MD5 值",
+ "type" : "Enum(disabled,cn,dn,crt,pem,md5)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-peer_cert_as_clientid",
+ "text" : "peer_cert_as_clientid",
+ "doc" : "使用对端证书中的 CN、DN 字段或整个证书内容来作为客户端 ID。仅适用于 TLS 连接;\n目前支持:\n- cn: 取证书的 CN 字段\n- dn: 取证书的 DN 字段\n- crt: 取 DER 或 PEM 证书的内容\n- pem: 将 DER 证书内容转换为 PEM 格式作为客户端 ID\n- md5: 取 DER 或 PEM 证书内容的 MD5 值",
+ "type" : "Enum(disabled,cn,dn,crt,pem,md5)",
+ "default" : "disabled"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init",
+ "fields" : [
+ {
+ "hash" : "V-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init-expression",
+ "text" : "expression",
+ "doc" : "单行表达式,用于解析一组预定义的字符串函数(类似规则引擎 SQL 语句中的函数)。\n表达式可以是带有嵌套调用的函数调用,或直接变量引用。\n目前,它不提供用户定义的变量绑定(如 `var a=1`)或用户定义的函数。\n例如,提取以点分隔的客户端 ID 的前缀:`nth(1, tokens(clientid, '.'))`。\n\n预绑定的变量包括:\n- `clientid`:MQTT 客户端 ID。\n- `username`:MQTT 客户端的用户名。\n- `user_property.{NAME}`:连接包中的用户属性。\n- `zone`:监听器的配置区域。\n- `listener`:客户端连接的监听器 ID(如 `tcp:default`)。\n对于 TLS 客户端,直接连接或通过启用代理协议(v2)负载均衡器连接时,\n还可以使用一些额外的变量:\n- `cn`:客户端的 TLS 证书公共名称。\n- `dn`:客户端的 TLS 证书区分名称(主体)。\n- `peersni`:客户端发送的 TLS 服务器名称指示。\n\n您可以在 EMQX 文档中阅读更多关于变量表达式的信息。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-client_attrs_init-S-client_attrs_init-set_as_attr",
+ "text" : "set_as_attr",
+ "doc" : "从客户端数据中提取的客户端属性的名称。\n提取的属性将以此名称存储在 `client_attrs` 属性中。",
+ "type" : "String"
+ }
+ ],
+ "text" : "client_attrs_init",
+ "doc" : "指定如何初始化客户端属性。每个属性可被初始化为 `client_attrs.{NAME}` ,其中 `{NAME}` 是在配置字段 `set_as_attr` 中指定的属性名称。初始化的客户端属性将以指定的名称存储在 `client_attrs` 属性中,并使用指定的名称,可以作为变量来渲染挂载点、身份认证和授权请求的模板。例如,当 `set_as_attr = alias` 时,使用 `${client_attrs.alias}` 来渲染 HTTP POST 请求体,或者为主题命名空间渲染监听器配置 `moutpoint = devices/${client_attrs.alias}/`。"
+ }
+ ],
+ "hash" : "V-mqtt-S-mqtt-client_attrs_init",
+ "text" : "client_attrs_init",
+ "doc" : "指定如何初始化客户端属性。每个属性可被初始化为 `client_attrs.{NAME}` ,其中 `{NAME}` 是在配置字段 `set_as_attr` 中指定的属性名称。初始化的客户端属性将以指定的名称存储在 `client_attrs` 属性中,并使用指定的名称,可以作为变量来渲染挂载点、身份认证和授权请求的模板。例如,当 `set_as_attr = alias` 时,使用 `${client_attrs.alias}` 来渲染 HTTP POST 请求体,或者为主题命名空间渲染监听器配置 `moutpoint = devices/${client_attrs.alias}/`。",
+ "type" : "Array(Struct(client_attrs_init))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-clientid_override",
+ "text" : "clientid_override",
+ "doc" : "单行表达式,用于解析一组预定义的字符串函数(类似于规则引擎 SQL 语句)。\n该表达式可以是一个函数调用,并且可以使用嵌套调用作为其参数,或者是直接的变量引用。\n目前,它不支持用户自定义变量绑定(如 var a=1)或用户自定义函数。\n\n例如,提取以点(.)分隔的用户名前缀的表达式:nth(1, tokens(username, '.'))。\n\n预绑定的变量包括:\n- `clientid`:原始 MQTT 客户端 ID。\n- `username`:MQTT 客户端的用户名。\n- `client_attrs.{NAME}`:通过 client_attrs_init 配置初始化的客户端属性。\n\n对于通过 TLS 直接连接或通过启用了 proxy-protocol (v2) 的负载均衡器连接的客户端,还可以使用以下额外变量:\n- `cn`:客户端 TLS 证书的通用名称(Common Name)。\n- `dn`:客户端 TLS 证书的可分辨名称(Distinguished Name,即主题)。\n- `peersni`:客户端发送的 TLS 服务器名称指示(Server Name Indication, SNI)。\n\n您可以在 EMQX 文档中阅读更多关于 variform 表达式的内容。",
+ "type" : "OneOf(String(\"disabled\"),String)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-session_expiry_interval",
+ "text" : "session_expiry_interval",
+ "doc" : "指定会话将在连接断开后多久过期,仅适用于非 MQTT 5.0 的连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"2h\""
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-message_expiry_interval",
+ "text" : "message_expiry_interval",
+ "doc" : "MQTT 消息的过期间隔。对于 MQTT 5.0 客户端,此配置仅在消息中未设置 Message-Expiry-Interval 属性时生效;否则,将使用 Message-Expiry-Interval 属性的值。对于 5.0 之前的 MQTT 版本,此配置将始终生效。请注意,将 message_expiry_interval 设置为大于 session_expiry_interval 是没有意义的,因为会话过期时所有消息将被清除。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_awaiting_rel",
+ "text" : "max_awaiting_rel",
+ "doc" : "每个发布者的会话中,都存在一个队列来处理客户端发送的 QoS 2 消息。该队列会存储 QoS 2 消息的报文 ID 直到收到客户端的 PUBREL 或超时,达到队列长度的限制后,新的 QoS 2 消息发布会被拒绝,并返回 `147(0x93)` 错误。",
+ "type" : "OneOf(Integer(0..+inf),String(\"infinity\"))",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_qos_allowed",
+ "text" : "max_qos_allowed",
+ "doc" : "允许的最大 QoS 等级。",
+ "type" : "Integer(0..2)",
+ "default" : "2"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-mqueue_priorities",
+ "text" : "mqueue_priorities",
+ "doc" : "主题优先级。取值范围 [1-255]\n默认优先级表为空,即所有的主题优先级相同。\n\n注:优先主题名称中不支持使用逗号和等号。\n注:不在此列表中的主题,被视为最高/最低优先级,这取决于mqtt.mqueue_default_priority 的配置。\n\n示例:\n配置 \"topic/1\" > \"topic/2\":\nmqueue_priorities: {\"topic/1\": 10, \"topic/2\": 8}",
+ "type" : "OneOf(String(\"disabled\"),Map)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-mqueue_default_priority",
+ "text" : "mqueue_default_priority",
+ "doc" : "默认的主题优先级,不在 主题优先级(mqueue_priorities) 中的主题将会使用该优先级。",
+ "type" : "Enum(highest,lowest)",
+ "default" : "lowest"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-mqueue_store_qos0",
+ "text" : "mqueue_store_qos0",
+ "doc" : "指定在连接断开但会话保持期间,是否需要在消息队列中存储 QoS 0 消息。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_mqueue_len",
+ "text" : "max_mqueue_len",
+ "doc" : "消息队列最大长度。持久客户端断开连接或飞行窗口已满时排队的消息长度。",
+ "type" : "OneOf(Integer(0..+inf),String(\"infinity\"))",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "允许在完成应答前同时投递的 QoS 1 和 QoS 2 消息的最大数量。",
+ "type" : "Integer(1..65535)",
+ "default" : "32"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-max_subscriptions",
+ "text" : "max_subscriptions",
+ "doc" : "允许每个客户端建立的最大订阅数量。",
+ "type" : "OneOf(Integer(1..inf),String(\"infinity\"))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-upgrade_qos",
+ "text" : "upgrade_qos",
+ "doc" : "投递消息时,是否根据订阅主题时的 QoS 等级来强制提升派发的消息的 QoS 等级。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-await_rel_timeout",
+ "text" : "await_rel_timeout",
+ "doc" : "客户端发布 QoS 2 消息时,服务器等待 `PUBREL` 的最长时延。超过该时长后服务器会放弃等待,该 PACKET ID 会被释放,从而允许后续新的 PUBLISH 消息使用。如果超时后收到 PUBREL,服务器将会产生一条告警日志。注意,向订阅客户端转发消息的动作发生在进入等待之前。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"300s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-mqtt-S-mqtt-limiter-S-mqtt",
+ "fields" : [
+ {
+ "hash" : "V-mqtt-S-mqtt-limiter-S-mqtt-bytes_rate",
+ "text" : "bytes_rate",
+ "doc" : "限制单个客户端每个节点可以向代理发送的字节数。\n\n一旦达到限制,EMQX 将丢弃 QoS 0 消息并拒绝 QoS 1 和 QoS 2 消息,\n返回“配额超出”错误代码 (0x97)。\n\n字节的单位可以是:B、KB、MB、GB。\n\n例如:\n\n- `500KB/s`:每秒钟只接收 500 千字节,剩余字节将被丢弃/拒绝。\n- `500MB/10s`:每 10 秒只接收 500 兆字节,剩余字节将被丢弃/拒绝。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-limiter-S-mqtt-bytes_burst",
+ "text" : "bytes_burst",
+ "doc" : "可以突发发送的字节数,超出常规的 `bytes_rate`。\n\n例如:`100MB/60m`:每 60 分钟内,可以在短时间内发送最多 100MB 的数据。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-limiter-S-mqtt-messages_rate",
+ "text" : "messages_rate",
+ "doc" : "限制单个客户端每个节点可以向代理发送的消息数量。\n\n一旦达到限制,EMQX 将丢弃 QoS 0 消息并拒绝 QoS 1 和 QoS 2 消息,\n返回“配额超出”错误代码 (0x97)。\n\n例如:\n\n- `500/s`:每秒只接收 500 条消息,剩余消息将被丢弃/拒绝。\n- `500/10s`:每 10 秒只接收 500 条消息,剩余消息将被丢弃/拒绝。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-limiter-S-mqtt-messages_burst",
+ "text" : "messages_burst",
+ "doc" : "可以突发发送的消息数,超出常规的 `messages_rate`,每个节点。\n\n例如:`10000/60m`:每 60 分钟内,可以在短时间内发送最多 10000 条消息。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-limiter-S-mqtt-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "限制此监听器每个节点接受连接的速度。\n\n当达到限制后,EMQX 会在新连接被接受后立即关闭它们,从而有效清空等待被接受的连接队列。\n\n例如:\n\n- `1000/s`:每秒只接受 1000 个连接。\n- `1000/10s`:每 10 秒只接受 1000 个连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-mqtt-S-mqtt-limiter-S-mqtt-max_conn_burst",
+ "text" : "max_conn_burst",
+ "doc" : "可以突发接受的连接数,超出常规速率,每个节点。\n\n例如:`10000/60m`:每 60 分钟内,可以在短时间内接受最多 10000 个连接。",
+ "type" : "String"
+ }
+ ],
+ "text" : "mqtt",
+ "doc" : "MQTT 相关限流器。"
+ }
+ ],
+ "hash" : "V-mqtt-S-mqtt-limiter",
+ "text" : "limiter",
+ "doc" : "MQTT 相关的限流器配置。",
+ "type" : "Struct(mqtt)"
+ }
+ ],
+ "text" : "mqtt",
+ "doc" : "Global MQTT configuration."
+ }
+ ],
+ "hash" : "V-mqtt",
+ "text" : "mqtt",
+ "doc" : "全局的 MQTT 配置项。\nmqtt 下所有的配置作为全局的默认值存在,它可以被 zone 中的配置覆盖",
+ "type" : "Struct(mqtt)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-builtin_db",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw-name",
+ "text" : "name",
+ "doc" : "对于 BCRYPT 密码哈希,必须将名称设置为 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-bcrypt_rw-salt_rounds",
+ "text" : "salt_rounds",
+ "doc" : "BCRYPT 密码生成的工作因子。",
+ "type" : "Integer(5..10)",
+ "default" : "10"
+ }
+ ],
+ "text" : "bcrypt_rw",
+ "doc" : "bcrypt 密码哈希算法的设置(用于具有写入能力的数据库后端)。"
+ },
+ {
+ "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "对于 PBKDF2 密码哈希,必须将名称设置为 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "指定在 PBKDF2 算法中使用哪个 HMAC 函数。注意,自 5.8.3 版本以来,不再支持 md4、md5、ripemd160。",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "PBKDF2 算法的迭代次数。较高的值提供更好的安全性,但需要更多计算。",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "PBKDF2 算法派生密钥的字节长度。",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "PBKDF2 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-builtin_db-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "PLAIN、SHA、SHA256 和 SHA512 算法的盐位置。",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。"
+ }
+ ],
+ "hash" : "V-authentication-S-builtin_db-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "密码哈希创建和验证的选项。",
+ "type" : "OneOf(Struct(bcrypt_rw),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"built_in_database\")"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-user_id_type",
+ "text" : "user_id_type",
+ "doc" : "指定用于客户端身份 ID 认证的字段。",
+ "type" : "Enum(clientid,username)",
+ "default" : "username"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-bootstrap_file",
+ "text" : "bootstrap_file",
+ "doc" : "引导文件将用户导入内置数据库。\n对于数据库中已存在的用户 ID,不会重复导入。\n文件内容格式由 `bootstrap_type` 决定。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/auth-built-in-db-bootstrap.csv\""
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-bootstrap_type",
+ "text" : "bootstrap_type",
+ "doc" : "指定引导文件的内容类型。\n\n- **`plain`**:\n - 所需数据字段: `user_id`, `password`, `is_superuser`\n - `user_id`: 可以是客户端 ID 或用户名,具体取决于内置数据库认证的 `user_id_type` 配置。\n - `password`: 用户的明文密码。\n - `is_superuser`: 布尔值,用户是否为管理员。\n\n- **`hash`**:\n - 所需数据字段 `user_id`,`password_hash`,`salt`,`is_superuser`\n - 定义与 `plain` 类型相似,为提高安全性增加了 `password_hash` 和 `salt`。\n\n内容可以是 CSV 或 JSON 格式。\n\n这是一个 CSV 示例:`user_id,password_hash,salt,is_superuser\\nmy_user,b6c743545a7817ae8c8f624371d5f5f0373234bb0ff36b8ffbf19bce0e06ab75,de1024f462fb83910fd13151bd4bd235,true`\n\nJSON 内容应解码为对象数组,例如:`[{\"user_id\": \"my_user\",\"password\": \"s3cr3tp@ssw0rd\",\"is_superuser\": true}]`.\n\n`password_hash` 的哈希字符串取决于内容数据库认证机制中 `password_hash_algorithm` 的配置。例如,如果配置为 `password_hash_algorithm {name = sha256, salt_position = suffix}`,则在哈希之前将 salt 添加到密码中。等效的 Python 表达式为: `hashlib.sha256(password + salt).hexdigest()`.",
+ "type" : "Enum(hash,plain)",
+ "default" : "plain"
+ },
+ {
+ "hash" : "V-authentication-S-builtin_db-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "builtin_db",
+ "doc" : "使用内置数据库作为认证数据源的认证器的配置项。"
+ },
+ {
+ "hash" : "T-authentication-S-mysql",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mysql-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"mysql\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "对于 BCRYPT 密码哈希,必须将名称设置为 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "BCRYPT 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "对于 PBKDF2 密码哈希,必须将名称设置为 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "指定在 PBKDF2 算法中使用哪个 HMAC 函数。注意,自 5.8.3 版本以来,不再支持 md4、md5、ripemd160。",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "PBKDF2 算法的迭代次数。较高的值提供更好的安全性,但需要更多计算。",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "PBKDF2 算法派生密钥的字节长度。",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "PBKDF2 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-mysql-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "PLAIN、SHA、SHA256 和 SHA512 算法的盐位置。",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。"
+ }
+ ],
+ "hash" : "V-authentication-S-mysql-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "密码哈希验证的选项。",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-query",
+ "text" : "query",
+ "doc" : "用于查询密码散列等用于认证的数据的 SQL 语句。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-query_timeout",
+ "text" : "query_timeout",
+ "doc" : "SQL 查询的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-mysql-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-mysql-server",
+ "text" : "server",
+ "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n主机条目的格式如下:主机[:端口]。
\n如果未指定[:端口],将使用 MySQL 的默认端口3306。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String",
+ "default" : "root"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mysql-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mysql-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-mysql-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mysql",
+ "doc" : "使用 MySQL 作为认证数据源的认证器的配置项。"
+ },
+ {
+ "hash" : "T-authentication-S-postgresql",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-postgresql-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"postgresql\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "对于 BCRYPT 密码哈希,必须将名称设置为 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "BCRYPT 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "对于 PBKDF2 密码哈希,必须将名称设置为 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "指定在 PBKDF2 算法中使用哪个 HMAC 函数。注意,自 5.8.3 版本以来,不再支持 md4、md5、ripemd160。",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "PBKDF2 算法的迭代次数。较高的值提供更好的安全性,但需要更多计算。",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "PBKDF2 算法派生密钥的字节长度。",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "PBKDF2 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-postgresql-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "PLAIN、SHA、SHA256 和 SHA512 算法的盐位置。",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。"
+ }
+ ],
+ "hash" : "V-authentication-S-postgresql-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "密码哈希验证的选项。",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-query",
+ "text" : "query",
+ "doc" : "用于查询密码散列等用于认证的数据的 SQL 语句。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-server",
+ "text" : "server",
+ "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n一个主机条目的格式为:Host[:Port]。
\n如果没有指定 [:Port],将使用 PostgreSQL 默认端口 5432。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-disable_prepared_statements",
+ "text" : "disable_prepared_statements",
+ "doc" : "在连接中禁用预处理语句的使用。\n某些端点,如 PGBouncer 或 Transaction 模式下的 Supabase,\n不支持像处理语句这样的会话功能。 \n 对于此类连接,应启用此选项。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-postgresql-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-postgresql-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-postgresql-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "postgresql",
+ "doc" : "使用 PostgreSQL 作为认证数据源的认证器的配置项。"
+ },
+ {
+ "hash" : "T-authentication-S-mongo_single",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_single-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"mongodb\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-collection",
+ "text" : "collection",
+ "doc" : "存储认证数据的集合。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-filter",
+ "text" : "filter",
+ "doc" : "在查询中定义过滤条件的条件表达式。\n过滤器支持如下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_field",
+ "text" : "password_hash_field",
+ "doc" : "存储密码散列值字段。",
+ "type" : "String",
+ "default" : "password_hash"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-salt_field",
+ "text" : "salt_field",
+ "doc" : "用于存储盐值的字段。",
+ "type" : "String",
+ "default" : "salt"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-is_superuser_field",
+ "text" : "is_superuser_field",
+ "doc" : "定义用户是否具有超级用户权限的字段。",
+ "type" : "String",
+ "default" : "is_superuser"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "对于 BCRYPT 密码哈希,必须将名称设置为 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "BCRYPT 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "对于 PBKDF2 密码哈希,必须将名称设置为 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "指定在 PBKDF2 算法中使用哪个 HMAC 函数。注意,自 5.8.3 版本以来,不再支持 md4、md5、ripemd160。",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "PBKDF2 算法的迭代次数。较高的值提供更好的安全性,但需要更多计算。",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "PBKDF2 算法派生密钥的字节长度。",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "PBKDF2 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-mongo_single-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "PLAIN、SHA、SHA256 和 SHA512 算法的盐位置。",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。"
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_single-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "密码哈希验证的选项。",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "独立实例。当MongoDB服务器以独立模式运行时,必须设置为`single`。",
+ "type" : "String(\"single\")",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-server",
+ "text" : "server",
+ "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
主机条目具有以下形式:主机[:端口]。
如果未指定[:端口],则使用MongoDB的默认端口27017。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-w_mode",
+ "text" : "w_mode",
+ "doc" : "写入模式",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-srv_record",
+ "text" : "srv_record",
+ "doc" : "使用 DNS SRV 记录。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-auth_source",
+ "text" : "auth_source",
+ "doc" : "与用户认证信息关联的数据库名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_single-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "MongoDB 的拓扑结构。"
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_single-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_single-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_single-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_single-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mongo_single",
+ "doc" : "使用 MongoDB (Standalone) 作为认证数据源的认证器的配置项。"
+ },
+ {
+ "hash" : "T-authentication-S-mongo_rs",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_rs-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"mongodb\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-collection",
+ "text" : "collection",
+ "doc" : "存储认证数据的集合。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-filter",
+ "text" : "filter",
+ "doc" : "在查询中定义过滤条件的条件表达式。\n过滤器支持如下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_field",
+ "text" : "password_hash_field",
+ "doc" : "存储密码散列值字段。",
+ "type" : "String",
+ "default" : "password_hash"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-salt_field",
+ "text" : "salt_field",
+ "doc" : "用于存储盐值的字段。",
+ "type" : "String",
+ "default" : "salt"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-is_superuser_field",
+ "text" : "is_superuser_field",
+ "doc" : "定义用户是否具有超级用户权限的字段。",
+ "type" : "String",
+ "default" : "is_superuser"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "对于 BCRYPT 密码哈希,必须将名称设置为 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "BCRYPT 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "对于 PBKDF2 密码哈希,必须将名称设置为 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "指定在 PBKDF2 算法中使用哪个 HMAC 函数。注意,自 5.8.3 版本以来,不再支持 md4、md5、ripemd160。",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "PBKDF2 算法的迭代次数。较高的值提供更好的安全性,但需要更多计算。",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "PBKDF2 算法派生密钥的字节长度。",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "PBKDF2 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-mongo_rs-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "PLAIN、SHA、SHA256 和 SHA512 算法的盐位置。",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。"
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_rs-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "密码哈希验证的选项。",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "副本集。当MongoDB服务器以`副本集`模式运行时,必须设置为`rs`。",
+ "type" : "String(\"rs\")",
+ "default" : "rs"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-servers",
+ "text" : "servers",
+ "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-w_mode",
+ "text" : "w_mode",
+ "doc" : "写入模式",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-r_mode",
+ "text" : "r_mode",
+ "doc" : "读取模式。",
+ "type" : "Enum(master,slave_ok)",
+ "default" : "master"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-replica_set_name",
+ "text" : "replica_set_name",
+ "doc" : "副本集的名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-srv_record",
+ "text" : "srv_record",
+ "doc" : "使用 DNS SRV 记录。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-auth_source",
+ "text" : "auth_source",
+ "doc" : "与用户认证信息关联的数据库名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_rs-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "MongoDB 的拓扑结构。"
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_rs-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_rs-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_rs-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_rs-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mongo_rs",
+ "doc" : "使用 MongoDB (Replica Set) 作为认证数据源的认证器的配置项。"
+ },
+ {
+ "hash" : "T-authentication-S-mongo_sharded",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_sharded-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"mongodb\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-collection",
+ "text" : "collection",
+ "doc" : "存储认证数据的集合。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-filter",
+ "text" : "filter",
+ "doc" : "在查询中定义过滤条件的条件表达式。\n过滤器支持如下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_field",
+ "text" : "password_hash_field",
+ "doc" : "存储密码散列值字段。",
+ "type" : "String",
+ "default" : "password_hash"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-salt_field",
+ "text" : "salt_field",
+ "doc" : "用于存储盐值的字段。",
+ "type" : "String",
+ "default" : "salt"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-is_superuser_field",
+ "text" : "is_superuser_field",
+ "doc" : "定义用户是否具有超级用户权限的字段。",
+ "type" : "String",
+ "default" : "is_superuser"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "对于 BCRYPT 密码哈希,必须将名称设置为 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "BCRYPT 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "对于 PBKDF2 密码哈希,必须将名称设置为 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "指定在 PBKDF2 算法中使用哪个 HMAC 函数。注意,自 5.8.3 版本以来,不再支持 md4、md5、ripemd160。",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "PBKDF2 算法的迭代次数。较高的值提供更好的安全性,但需要更多计算。",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "PBKDF2 算法派生密钥的字节长度。",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "PBKDF2 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-mongo_sharded-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "PLAIN、SHA、SHA256 和 SHA512 算法的盐位置。",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。"
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_sharded-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "密码哈希验证的选项。",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "分片集群。当 MongoDB 服务器以`分片`模式运行时,必须设置为`sharded`。",
+ "type" : "String(\"sharded\")",
+ "default" : "sharded"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-servers",
+ "text" : "servers",
+ "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-w_mode",
+ "text" : "w_mode",
+ "doc" : "写入模式",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-srv_record",
+ "text" : "srv_record",
+ "doc" : "使用 DNS SRV 记录。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-auth_source",
+ "text" : "auth_source",
+ "doc" : "与用户认证信息关联的数据库名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_sharded-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "MongoDB 的拓扑结构。"
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_sharded-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-mongo_sharded-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-mongo_sharded-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-mongo_sharded-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mongo_sharded",
+ "doc" : "使用 MongoDB (Sharded Cluster) 作为认证数据源的认证器的配置项。"
+ },
+ {
+ "hash" : "T-authentication-S-redis_single",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_single-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"redis\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-cmd",
+ "text" : "cmd",
+ "doc" : "用于查询密码散列等用于认证的数据的 Redis 命令,目前仅支持 HGET 与 HMGET。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "对于 BCRYPT 密码哈希,必须将名称设置为 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "BCRYPT 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "对于 PBKDF2 密码哈希,必须将名称设置为 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "指定在 PBKDF2 算法中使用哪个 HMAC 函数。注意,自 5.8.3 版本以来,不再支持 md4、md5、ripemd160。",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "PBKDF2 算法的迭代次数。较高的值提供更好的安全性,但需要更多计算。",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "PBKDF2 算法派生密钥的字节长度。",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "PBKDF2 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-redis_single-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "PLAIN、SHA、SHA256 和 SHA512 算法的盐位置。",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。"
+ }
+ ],
+ "hash" : "V-authentication-S-redis_single-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "密码哈希验证的选项。",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-server",
+ "text" : "server",
+ "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-redis_type",
+ "text" : "redis_type",
+ "doc" : "Single 模式。 当 Redis 服务器在 Single 模式下运行时必须设置为 'single' 。",
+ "type" : "String(\"single\")",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-database",
+ "text" : "database",
+ "doc" : "Redis 数据库 ID。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-redis_single-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_single-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-redis_single-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "redis_single",
+ "doc" : "使用 Redis (Standalone) 作为认证数据源的认证器的配置项。"
+ },
+ {
+ "hash" : "T-authentication-S-redis_cluster",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_cluster-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"redis\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-cmd",
+ "text" : "cmd",
+ "doc" : "用于查询密码散列等用于认证的数据的 Redis 命令,目前仅支持 HGET 与 HMGET。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "对于 BCRYPT 密码哈希,必须将名称设置为 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "BCRYPT 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "对于 PBKDF2 密码哈希,必须将名称设置为 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "指定在 PBKDF2 算法中使用哪个 HMAC 函数。注意,自 5.8.3 版本以来,不再支持 md4、md5、ripemd160。",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "PBKDF2 算法的迭代次数。较高的值提供更好的安全性,但需要更多计算。",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "PBKDF2 算法派生密钥的字节长度。",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "PBKDF2 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-redis_cluster-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "PLAIN、SHA、SHA256 和 SHA512 算法的盐位置。",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。"
+ }
+ ],
+ "hash" : "V-authentication-S-redis_cluster-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "密码哈希验证的选项。",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-servers",
+ "text" : "servers",
+ "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-redis_type",
+ "text" : "redis_type",
+ "doc" : "Cluster 模式。当 Redis 服务器在集群模式下运行时必须设置为'cluster'。",
+ "type" : "String(\"cluster\")",
+ "default" : "cluster"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-redis_cluster-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_cluster-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-redis_cluster-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "redis_cluster",
+ "doc" : "使用 Redis (Cluster) 作为认证数据源的认证器的配置项。"
+ },
+ {
+ "hash" : "T-authentication-S-redis_sentinel",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_sentinel-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"redis\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-cmd",
+ "text" : "cmd",
+ "doc" : "用于查询密码散列等用于认证的数据的 Redis 命令,目前仅支持 HGET 与 HMGET。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-bcrypt",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-bcrypt-name",
+ "text" : "name",
+ "doc" : "对于 BCRYPT 密码哈希,必须将名称设置为 'bcrypt'",
+ "type" : "String(\"bcrypt\")"
+ }
+ ],
+ "text" : "bcrypt",
+ "doc" : "BCRYPT 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-name",
+ "text" : "name",
+ "doc" : "对于 PBKDF2 密码哈希,必须将名称设置为 'pbkdf2'",
+ "type" : "String(\"pbkdf2\")"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-mac_fun",
+ "text" : "mac_fun",
+ "doc" : "指定在 PBKDF2 算法中使用哪个 HMAC 函数。注意,自 5.8.3 版本以来,不再支持 md4、md5、ripemd160。",
+ "type" : "Enum(md4,md5,ripemd160,sha,sha224,sha256,sha384,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-iterations",
+ "text" : "iterations",
+ "doc" : "PBKDF2 算法的迭代次数。较高的值提供更好的安全性,但需要更多计算。",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-pbkdf2-dk_length",
+ "text" : "dk_length",
+ "doc" : "PBKDF2 算法派生密钥的字节长度。",
+ "type" : "Integer(1..+inf)"
+ }
+ ],
+ "text" : "pbkdf2",
+ "doc" : "PBKDF2 密码哈希算法的设置。"
+ },
+ {
+ "hash" : "T-authentication-S-redis_sentinel-password_hash_algorithm-S-simple",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-simple-name",
+ "text" : "name",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。",
+ "type" : "Enum(plain,md5,sha,sha256,sha512)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm-S-simple-salt_position",
+ "text" : "salt_position",
+ "doc" : "PLAIN、SHA、SHA256 和 SHA512 算法的盐位置。",
+ "type" : "Enum(disable,prefix,suffix)",
+ "default" : "prefix"
+ }
+ ],
+ "text" : "simple",
+ "doc" : "简单算法(如 PLAIN、SHA、SHA256 和 SHA512)的设置。"
+ }
+ ],
+ "hash" : "V-authentication-S-redis_sentinel-password_hash_algorithm",
+ "text" : "password_hash_algorithm",
+ "doc" : "密码哈希验证的选项。",
+ "type" : "OneOf(Struct(bcrypt),Struct(pbkdf2),Struct(simple))",
+ "default" : "{name = sha256, salt_position = prefix}"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-servers",
+ "text" : "servers",
+ "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-redis_type",
+ "text" : "redis_type",
+ "doc" : "Sentinel 模式。 当 Redis 服务器在 Senitel 模式下运行时必须设置为 'sentinel' 。",
+ "type" : "String(\"sentinel\")",
+ "default" : "sentinel"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-sentinel",
+ "text" : "sentinel",
+ "doc" : "Redis sentinel 模式下的集群名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-database",
+ "text" : "database",
+ "doc" : "Redis 数据库 ID。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-redis_sentinel-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-redis_sentinel-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-redis_sentinel-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "redis_sentinel",
+ "doc" : "使用 Redis (Sentinel) 作为认证数据源的认证器的配置项。"
+ },
+ {
+ "hash" : "T-authentication-S-http_get",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-http_get-method",
+ "text" : "method",
+ "doc" : "HTTP 请求方法。",
+ "type" : "String(\"get\")"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-headers",
+ "text" : "headers",
+ "doc" : "HTTP Headers 列表 (无 content-type) 。",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"http\")"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-url",
+ "text" : "url",
+ "doc" : "认证 HTTP 服务器地址。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-body",
+ "text" : "body",
+ "doc" : "HTTP 请求体。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时时长。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_get-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-http_get-request-S-request",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-http_get-request-S-request-method",
+ "text" : "method",
+ "doc" : "HTTP 请求方法。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-request-S-request-path",
+ "text" : "path",
+ "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-request-S-request-body",
+ "text" : "body",
+ "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-request-S-request-headers",
+ "text" : "headers",
+ "doc" : "HTTP 请求头列表。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-request-S-request-max_retries",
+ "text" : "max_retries",
+ "doc" : "如果发送请求时出错,最大重试次数。",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-request-S-request-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "request",
+ "doc" : ""
+ }
+ ],
+ "hash" : "V-authentication-S-http_get-request",
+ "text" : "request",
+ "doc" : "配置 HTTP 请求参数。",
+ "type" : "Struct(request)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-http_get-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-http_get-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_get-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_get-max_retries",
+ "text" : "max_retries",
+ "doc" : "Deprecated since 5.0.4.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-http_get-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ }
+ ],
+ "text" : "http_get",
+ "doc" : "使用 HTTP Server 作为认证服务的认证器的配置项 (使用 GET 请求)。"
+ },
+ {
+ "hash" : "T-authentication-S-http_post",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-http_post-method",
+ "text" : "method",
+ "doc" : "HTTP 请求方法。",
+ "type" : "String(\"post\")"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-headers",
+ "text" : "headers",
+ "doc" : "HTTP Headers 列表",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"http\")"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-url",
+ "text" : "url",
+ "doc" : "认证 HTTP 服务器地址。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-body",
+ "text" : "body",
+ "doc" : "HTTP 请求体。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时时长。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_post-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-http_post-request-S-request",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-http_post-request-S-request-method",
+ "text" : "method",
+ "doc" : "HTTP 请求方法。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-request-S-request-path",
+ "text" : "path",
+ "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-request-S-request-body",
+ "text" : "body",
+ "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-request-S-request-headers",
+ "text" : "headers",
+ "doc" : "HTTP 请求头列表。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-request-S-request-max_retries",
+ "text" : "max_retries",
+ "doc" : "如果发送请求时出错,最大重试次数。",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-request-S-request-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "request",
+ "doc" : ""
+ }
+ ],
+ "hash" : "V-authentication-S-http_post-request",
+ "text" : "request",
+ "doc" : "配置 HTTP 请求参数。",
+ "type" : "Struct(request)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-http_post-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-http_post-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_post-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-authentication-S-http_post-max_retries",
+ "text" : "max_retries",
+ "doc" : "Deprecated since 5.0.4.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-http_post-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ }
+ ],
+ "text" : "http_post",
+ "doc" : "使用 HTTP Server 作为认证服务的认证器的配置项 (使用 POST 请求)。"
+ },
+ {
+ "hash" : "T-authentication-S-jwt_hmac",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-jwt_hmac-algorithm",
+ "text" : "algorithm",
+ "doc" : "JWT 签名算法,支持 HMAC (配置为 hmac-based)和 RSA、ECDSA (配置为 public-key)。",
+ "type" : "Enum(hmac-based)"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-secret",
+ "text" : "secret",
+ "doc" : "使用 HMAC 算法时用于验证 JWT 的密钥",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-secret_base64_encoded",
+ "text" : "secret_base64_encoded",
+ "doc" : "密钥是否为 base64 编码。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"jwt\")"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-acl_claim_name",
+ "text" : "acl_claim_name",
+ "doc" : "用于获取 ACL 规则的 JWT 声明名称。",
+ "type" : "String",
+ "default" : "acl"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-verify_claims",
+ "text" : "verify_claims",
+ "doc" : "需要验证的自定义声明列表,是一个由名称/值对组成的列表。指定一个键(Key)来查找 JWT 中对应的声明(Claim),并提供一个预期值(Expected Value)来与声明的实际值进行比较,以确保只有满足特定条件的 JWT 才能被接受和使用。\n例如要求 JWT 中的特定声明(如 clientid)的值必须与当前连接的客户端 ID 相匹配。\n预期值可以使用以下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID\n身份认证将确认 JWT 中的声明值(从密码字段中获取)与 verify_claims 中要求的内容是否匹配。",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-disconnect_after_expire",
+ "text" : "disconnect_after_expire",
+ "doc" : "在 token 过期后断开客户端连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-from",
+ "text" : "from",
+ "doc" : "指定客户端连接请求中 JWT 的位置。",
+ "type" : "Enum(username,password)",
+ "default" : "password"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_hmac-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "jwt_hmac",
+ "doc" : "用于认证的 JWT 使用 HMAC 算法签发时的配置。"
+ },
+ {
+ "hash" : "T-authentication-S-jwt_public_key",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-jwt_public_key-algorithm",
+ "text" : "algorithm",
+ "doc" : "JWT 签名算法,支持 HMAC (配置为 hmac-based)和 RSA、ECDSA (配置为 public-key)。",
+ "type" : "Enum(public-key)"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-public_key",
+ "text" : "public_key",
+ "doc" : "用于验证 JWT 的公钥。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"jwt\")"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-acl_claim_name",
+ "text" : "acl_claim_name",
+ "doc" : "用于获取 ACL 规则的 JWT 声明名称。",
+ "type" : "String",
+ "default" : "acl"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-verify_claims",
+ "text" : "verify_claims",
+ "doc" : "需要验证的自定义声明列表,是一个由名称/值对组成的列表。指定一个键(Key)来查找 JWT 中对应的声明(Claim),并提供一个预期值(Expected Value)来与声明的实际值进行比较,以确保只有满足特定条件的 JWT 才能被接受和使用。\n例如要求 JWT 中的特定声明(如 clientid)的值必须与当前连接的客户端 ID 相匹配。\n预期值可以使用以下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID\n身份认证将确认 JWT 中的声明值(从密码字段中获取)与 verify_claims 中要求的内容是否匹配。",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-disconnect_after_expire",
+ "text" : "disconnect_after_expire",
+ "doc" : "在 token 过期后断开客户端连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-from",
+ "text" : "from",
+ "doc" : "指定客户端连接请求中 JWT 的位置。",
+ "type" : "Enum(username,password)",
+ "default" : "password"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_public_key-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "jwt_public_key",
+ "doc" : "用于认证的 JWT 使用 RSA 或 ECDSA 算法签发时的配置。"
+ },
+ {
+ "hash" : "T-authentication-S-jwt_jwks",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-jwt_jwks-use_jwks",
+ "text" : "use_jwks",
+ "doc" : "是否使用 JWKS。",
+ "type" : "Enum(true)"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-endpoint",
+ "text" : "endpoint",
+ "doc" : "JWKS 端点, 它是一个以 JWKS 格式返回服务端的公钥集的只读端点。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-headers",
+ "text" : "headers",
+ "doc" : "JWKS 请求中需要发送的 HTTP 请求头列表。",
+ "type" : "Map",
+ "default" : "{Accept = \"application/json\"}"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "JWKS 刷新间隔。",
+ "type" : "Integer",
+ "default" : "300"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-jwt_jwks-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-jwt_jwks-ssl",
+ "text" : "ssl",
+ "doc" : "SSL 选项。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"jwt\")"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-acl_claim_name",
+ "text" : "acl_claim_name",
+ "doc" : "用于获取 ACL 规则的 JWT 声明名称。",
+ "type" : "String",
+ "default" : "acl"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-verify_claims",
+ "text" : "verify_claims",
+ "doc" : "需要验证的自定义声明列表,是一个由名称/值对组成的列表。指定一个键(Key)来查找 JWT 中对应的声明(Claim),并提供一个预期值(Expected Value)来与声明的实际值进行比较,以确保只有满足特定条件的 JWT 才能被接受和使用。\n例如要求 JWT 中的特定声明(如 clientid)的值必须与当前连接的客户端 ID 相匹配。\n预期值可以使用以下占位符:\n- ${username}: 将在运行时被替换为客户端连接时使用的用户名\n- ${clientid}: 将在运行时被替换为客户端连接时使用的客户端 ID\n身份认证将确认 JWT 中的声明值(从密码字段中获取)与 verify_claims 中要求的内容是否匹配。",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-disconnect_after_expire",
+ "text" : "disconnect_after_expire",
+ "doc" : "在 token 过期后断开客户端连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-from",
+ "text" : "from",
+ "doc" : "指定客户端连接请求中 JWT 的位置。",
+ "type" : "Enum(username,password)",
+ "default" : "password"
+ },
+ {
+ "hash" : "V-authentication-S-jwt_jwks-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "jwt_jwks",
+ "doc" : "用于认证的 JWTs 需要从 JWKS 端点获取时的配置。"
+ },
+ {
+ "hash" : "T-authentication-S-scram",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"scram\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"built_in_database\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram-algorithm",
+ "text" : "algorithm",
+ "doc" : "Hashing algorithm.",
+ "type" : "Enum(sha256,sha512)",
+ "default" : "sha256"
+ },
+ {
+ "hash" : "V-authentication-S-scram-iteration_count",
+ "text" : "iteration_count",
+ "doc" : "Iteration count.",
+ "type" : "Integer(0..+inf)",
+ "default" : "4096"
+ },
+ {
+ "hash" : "V-authentication-S-scram-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "scram",
+ "doc" : "Settings for Salted Challenge Response Authentication Mechanism\n(SCRAM) authentication."
+ },
+ {
+ "hash" : "T-authentication-S-ldap",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-ldap-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"password_based\")"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"ldap\")"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-query_timeout",
+ "text" : "query_timeout",
+ "doc" : "LDAP 查询的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-ldap-acl_ttl_attribute",
+ "text" : "acl_ttl_attribute",
+ "doc" : "指示使用哪个属性来表示 ACL TTL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-publish_attribute",
+ "text" : "publish_attribute",
+ "doc" : "表示使用哪个属性来表示允许`发布`的主题列表。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-subscribe_attribute",
+ "text" : "subscribe_attribute",
+ "doc" : "表示使用哪个属性来表示允许`订阅`的主题列表。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-all_attribute",
+ "text" : "all_attribute",
+ "doc" : "表示使用哪个属性来表示允许`发布`和`订阅`的主题列表。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-acl_rule_attribute",
+ "text" : "acl_rule_attribute",
+ "doc" : "指示使用哪个属性来表示 JSON 编码的 ACL 规则。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-base_dn",
+ "text" : "base_dn",
+ "doc" : "与基本对象条目(或根)相关的名称。\n搜索用户的起点。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-filter",
+ "text" : "filter",
+ "doc" : "定义哪些条件必须被依次满足的过滤器\n用于搜索匹配一条给定的条目.
\n筛选器的语法遵循 RFC 4515,并且还支持占位符。",
+ "type" : "String",
+ "default" : "\"(objectClass=mqttUser)\""
+ },
+ {
+ "hash" : "V-authentication-S-ldap-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-ldap-server",
+ "text" : "server",
+ "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机名条目的格式为:`主机[:端口]`。
\n如果 `[:端口]` 未指定, 将使用 LDAP 默认端口 389。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "设置每个单独请求所使用的最大时间(以毫秒为单位)。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-ldap-ssl-S-ssl",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-ssl-S-ssl-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。"
+ }
+ ],
+ "hash" : "V-authentication-S-ldap-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-ldap-method-S-hash_method",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-ldap-method-S-hash_method-type",
+ "text" : "type",
+ "doc" : "认证方式类型。",
+ "type" : "Enum(hash)",
+ "default" : "hash"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-method-S-hash_method-password_attribute",
+ "text" : "password_attribute",
+ "doc" : "指示哪个属性用于表示用户密码。",
+ "type" : "String",
+ "default" : "userPassword"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-method-S-hash_method-is_superuser_attribute",
+ "text" : "is_superuser_attribute",
+ "doc" : "指示哪个属性用于表示用户是否为超级用户。",
+ "type" : "String",
+ "default" : "isSuperuser"
+ }
+ ],
+ "text" : "hash_method",
+ "doc" : "通过将本地密码与经过由`密码属性`指定的算法加密的密码进行比对来进行认证。"
+ },
+ {
+ "hash" : "T-authentication-S-ldap-method-S-bind_method",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-ldap-method-S-bind_method-type",
+ "text" : "type",
+ "doc" : "认证方式类型。",
+ "type" : "Enum(bind)",
+ "default" : "bind"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-method-S-bind_method-is_superuser_attribute",
+ "text" : "is_superuser_attribute",
+ "doc" : "指示哪个属性用于表示用户是否为超级用户。",
+ "type" : "String",
+ "default" : "isSuperuser"
+ },
+ {
+ "hash" : "V-authentication-S-ldap-method-S-bind_method-bind_password",
+ "text" : "bind_password",
+ "doc" : "绑定密码的模板。",
+ "type" : "String",
+ "default" : "\"${password}\""
+ }
+ ],
+ "text" : "bind_method",
+ "doc" : "通过 LDAP 绑定操作进行认证。"
+ }
+ ],
+ "hash" : "V-authentication-S-ldap-method",
+ "text" : "method",
+ "doc" : "认证方式。",
+ "type" : "OneOf(Struct(hash_method),Struct(bind_method))"
+ }
+ ],
+ "text" : "ldap",
+ "doc" : "使用 LDAP 作为认证数据源的认证器的配置项。"
+ },
+ {
+ "hash" : "T-authentication-S-gcp_device",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-gcp_device-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"gcp_device\")"
+ },
+ {
+ "hash" : "V-authentication-S-gcp_device-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "gcp_device",
+ "doc" : "使用 GCP 设备作为认证数据源的认证器配置。"
+ },
+ {
+ "hash" : "T-authentication-S-scram_restapi_get",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-method",
+ "text" : "method",
+ "doc" : "HTTP 请求方法。",
+ "type" : "String(\"get\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-headers",
+ "text" : "headers",
+ "doc" : "HTTP Headers 列表 (无 content-type) 。",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"scram\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"http\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-algorithm",
+ "text" : "algorithm",
+ "doc" : "Hashing algorithm.",
+ "type" : "Enum(sha256,sha512)",
+ "default" : "sha256"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-iteration_count",
+ "text" : "iteration_count",
+ "doc" : "Iteration count.",
+ "type" : "Integer(0..+inf)",
+ "default" : "4096"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-url",
+ "text" : "url",
+ "doc" : "认证 HTTP 服务器地址。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-body",
+ "text" : "body",
+ "doc" : "HTTP 请求体。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时时长。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-max_retries",
+ "text" : "max_retries",
+ "doc" : "Deprecated since 5.0.4.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-scram_restapi_get-request-S-request",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request-S-request-method",
+ "text" : "method",
+ "doc" : "HTTP 请求方法。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request-S-request-path",
+ "text" : "path",
+ "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request-S-request-body",
+ "text" : "body",
+ "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request-S-request-headers",
+ "text" : "headers",
+ "doc" : "HTTP 请求头列表。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request-S-request-max_retries",
+ "text" : "max_retries",
+ "doc" : "如果发送请求时出错,最大重试次数。",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-request-S-request-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "request",
+ "doc" : ""
+ }
+ ],
+ "hash" : "V-authentication-S-scram_restapi_get-request",
+ "text" : "request",
+ "doc" : "配置 HTTP 请求参数。",
+ "type" : "Struct(request)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_get-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-scram_restapi_get-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "scram_restapi_get",
+ "doc" : "使用 HTTP Server 作为认证服务的认证器的配置项 (使用 GET 请求)。"
+ },
+ {
+ "hash" : "T-authentication-S-scram_restapi_post",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-method",
+ "text" : "method",
+ "doc" : "HTTP 请求方法。",
+ "type" : "String(\"post\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-headers",
+ "text" : "headers",
+ "doc" : "HTTP Headers 列表",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"scram\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"http\")"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-algorithm",
+ "text" : "algorithm",
+ "doc" : "Hashing algorithm.",
+ "type" : "Enum(sha256,sha512)",
+ "default" : "sha256"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-iteration_count",
+ "text" : "iteration_count",
+ "doc" : "Iteration count.",
+ "type" : "Integer(0..+inf)",
+ "default" : "4096"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-url",
+ "text" : "url",
+ "doc" : "认证 HTTP 服务器地址。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-body",
+ "text" : "body",
+ "doc" : "HTTP 请求体。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时时长。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-max_retries",
+ "text" : "max_retries",
+ "doc" : "Deprecated since 5.0.4.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-scram_restapi_post-request-S-request",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request-S-request-method",
+ "text" : "method",
+ "doc" : "HTTP 请求方法。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request-S-request-path",
+ "text" : "path",
+ "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request-S-request-body",
+ "text" : "body",
+ "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request-S-request-headers",
+ "text" : "headers",
+ "doc" : "HTTP 请求头列表。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request-S-request-max_retries",
+ "text" : "max_retries",
+ "doc" : "如果发送请求时出错,最大重试次数。",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-request-S-request-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "request",
+ "doc" : ""
+ }
+ ],
+ "hash" : "V-authentication-S-scram_restapi_post-request",
+ "text" : "request",
+ "doc" : "配置 HTTP 请求参数。",
+ "type" : "Struct(request)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authentication-S-scram_restapi_post-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authentication-S-scram_restapi_post-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "scram_restapi_post",
+ "doc" : "使用 HTTP Server 作为认证服务的认证器的配置项 (使用 POST 请求)。"
+ },
+ {
+ "hash" : "T-authentication-S-kerberos",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-kerberos-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-authentication-S-kerberos-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"gssapi\")"
+ },
+ {
+ "hash" : "V-authentication-S-kerberos-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"kerberos\")"
+ },
+ {
+ "hash" : "V-authentication-S-kerberos-principal",
+ "text" : "principal",
+ "doc" : "服务器的 Kerberos 主体。\n例如: mqtt/emqx-cluster-1.example.com@MY_REALM.EXAMPLE.COM。\n注意:所使用的领域需要在 EMQX 节点的 /etc/krb5.conf 文件中配置。",
+ "type" : "String"
+ }
+ ],
+ "text" : "kerberos",
+ "doc" : "Settings for Kerberos authentication."
+ },
+ {
+ "hash" : "T-authentication-S-cinfo",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-cinfo-mechanism",
+ "text" : "mechanism",
+ "doc" : "认证方式。",
+ "type" : "String(\"cinfo\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication-S-cinfo-checks-S-cinfo_check",
+ "fields" : [
+ {
+ "hash" : "V-authentication-S-cinfo-checks-S-cinfo_check-is_match",
+ "text" : "is_match",
+ "doc" : "一个 Variform 表达式或表达式数组,用于评估一组从客户端信息派生的预绑定变量。\n支持的变量:\n- `username`: 客户端的用户名。\n- `password`:客户端的密码。\n- `clientid`: 客户端的 ID。\n- `client_attrs.*`: 客户端的属性。\n- `peerhost`: 客户端的 IP 地址。\n- `cert_subject`: TLS 证书的主题。\n- `cert_common_name`: TLS 证书通用名称。\n- `zone`:客户端连接所使用监听器所属的配置区域。\n\n如果所有表达式的结果都是字符串值 `'true'`,则从此认证器返回对应的 `result`。\n如果任一表达式的结果不是 `'true'`,则跳过当前检查。\n例如:若希望确保客户端 ID 与其 TLS 证书的通用名称始终一致,可使用表达式 `str_eq(clientid, cert_common_name)`。",
+ "type" : "OneOf(String,Array(String))"
+ },
+ {
+ "hash" : "V-authentication-S-cinfo-checks-S-cinfo_check-result",
+ "text" : "result",
+ "doc" : "当匹配条件为 `true` 时返回的结果。\n支持的结果:\n- `ignore`: 将身份验证交由链中的下一个认证器处理。\n- `allow`: 允许客户端连接。\n- `deny`: 拒绝客户端连接。",
+ "type" : "Enum(allow,deny,ignore)"
+ }
+ ],
+ "text" : "cinfo_check",
+ "doc" : "对客户端信息进行的检查。\n它定义了一个匹配条件,并在条件为 `true` 时返回结果。\n如果所有检查都被跳过,则返回默认结果 `ignore`。"
+ }
+ ],
+ "hash" : "V-authentication-S-cinfo-checks",
+ "text" : "checks",
+ "doc" : "对客户端信息执行的一组检查。\n如果所有检查都被跳过,则返回默认结果 `ignore`。\n`ignore` 结果表示将认证流程交由链中的下一个认证器处理。",
+ "type" : "Array(Struct(cinfo_check))"
+ },
+ {
+ "hash" : "V-authentication-S-cinfo-precondition",
+ "text" : "precondition",
+ "doc" : "一个 Variform 表达式,用于评估一组从客户端信息派生的预绑定变量。\n\n支持的变量:\n- `username`:客户端的用户名\n- `password`:客户端的密码\n- `clientid`:客户端的 ID\n- `client_attrs.*`:客户端的属性\n- `cert_common_name`:客户端 TLS 证书的主题字段\n- `cert_subject`:客户端 TLS 证书的通用名称(CN)\n- `peersni`:TLS 客户端发送的 SNI(服务器名称指示)\n- `listener`:监听器 ID(例如 `tcp:default`)\n- `zone`:关联的配置区域。\n\n表达式必须评估为字符串值 'true',此认证器才会被调用。\n如果表达式评估为其他值,则跳过此认证器。\n\n示例:\n- 仅在客户端从监听器 `ssl:letsencryt` 连接时调用:\n `str_eq(listener, 'ssl:letsencryt')`\n- 如果用户名为空则跳过:\n `not(is_empty_val(username))`\n- 仅在密码存在且区域为 'zone1' 时调用:\n `iif(is_empty_val(password), false, str_eq(zone, 'zone1'))`\n\n在 EMQX 文档中查找有关 Variform 表达式的更多信息。",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "cinfo",
+ "doc" : "基于客户端信息(如用户名、客户端ID、\n客户端属性以及从 TLS 证书提取的数据)进行客户端认证。"
+ }
+ ],
+ "hash" : "V-authentication",
+ "text" : "authentication",
+ "doc" : "默认的 MQTT 监听器的全局认证配置。\n\n有关每个监听器的单独配置,请参阅监听器配置中的authentication。\n\n此选项可配置为:\n\n []: 默认值,允许 *所有* 登录- one: 例如
{enable:true,backend:\"built_in_database\",mechanism=\"password_based\"} \n - chain: 结构体数组。
\n
\n\n当配置了一个认证链时,登录凭据将按照配置的顺序检查后端,直到可以做出'允许'或'拒绝'的决定。\n\n如果在完全遍历认证链之后没有决定,登录将被拒绝。",
+ "type" : "Array(OneOf(Struct(builtin_db),Struct(mysql),Struct(postgresql),Struct(mongo_single),Struct(mongo_rs),Struct(mongo_sharded),Struct(redis_single),Struct(redis_cluster),Struct(redis_sentinel),Struct(http_get),Struct(http_post),Struct(jwt_hmac),Struct(jwt_public_key),Struct(jwt_jwks),Struct(scram),Struct(ldap),Struct(gcp_device),Struct(scram_restapi_get),Struct(scram_restapi_post),Struct(kerberos),Struct(cinfo)))",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication_settings-S-settings",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-authentication_settings-S-settings-node_cache-S-config",
+ "fields" : [
+ {
+ "hash" : "V-authentication_settings-S-settings-node_cache-S-config-enable",
+ "text" : "enable",
+ "doc" : "启用或禁用缓存。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authentication_settings-S-settings-node_cache-S-config-cache_ttl",
+ "text" : "cache_ttl",
+ "doc" : "缓存的认证/授权结果过期的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"1m\""
+ },
+ {
+ "hash" : "V-authentication_settings-S-settings-node_cache-S-config-max_count",
+ "text" : "max_count",
+ "doc" : "缓存结果的最大数量。",
+ "type" : "OneOf(String(\"unlimited\"),Integer(0..+inf))",
+ "default" : "1000000"
+ },
+ {
+ "hash" : "V-authentication_settings-S-settings-node_cache-S-config-max_memory",
+ "text" : "max_memory",
+ "doc" : "缓存的最大内存使用量。",
+ "type" : "OneOf(String(\"unlimited\"),Bytesize)",
+ "default" : "\"100MB\""
+ }
+ ],
+ "text" : "config",
+ "doc" : "认证/授权缓存的配置。"
+ }
+ ],
+ "hash" : "V-authentication_settings-S-settings-node_cache",
+ "text" : "node_cache",
+ "type" : "Struct(config)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "settings",
+ "doc" : "Global settings for authentication"
+ }
+ ],
+ "hash" : "V-authentication_settings",
+ "text" : "authentication_settings",
+ "doc" : "认证全局设置。",
+ "type" : "Struct(settings)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-no_match",
+ "text" : "no_match",
+ "doc" : "如果用户或客户端不匹配 ACL 规则,或者从可配置授权源(比如内置数据库、HTTP API 或 PostgreSQL 等。)内未找\n到此类用户或客户端时,模式的认访问控制操作。\n在“授权”中查找更多详细信息。",
+ "type" : "Enum(allow,deny)",
+ "default" : "allow"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-deny_action",
+ "text" : "deny_action",
+ "doc" : "授权检查拒绝操作时的操作。",
+ "type" : "Enum(ignore,disconnect)",
+ "default" : "ignore"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-cache-S-authz_cache",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-cache-S-authz_cache-max_size",
+ "text" : "max_size",
+ "doc" : "缓存项的最大数量。",
+ "type" : "Integer(1..1048576)",
+ "default" : "32"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-cache-S-authz_cache-ttl",
+ "text" : "ttl",
+ "doc" : "缓存数据的生存时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"1m\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-cache-S-authz_cache-excludes",
+ "text" : "excludes",
+ "doc" : "排除主题列表,列表内的主题将不会生成授权缓存。",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "authz_cache",
+ "doc" : "Settings for the authorization cache."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-cache",
+ "text" : "cache",
+ "type" : "Struct(authz_cache)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-file",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-file-type",
+ "text" : "type",
+ "doc" : "数据后端类型",
+ "type" : "String(\"file\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-file-path",
+ "text" : "path",
+ "doc" : "包含 ACL 规则的文件路径。\n如果该文件在启动 EMQX 节点之前已经配置好,\n只要 EMQX 有读取权限,它可以放置在任何位置。\n即,EMQX 将把它视为只读。\n\n如果规则集是从 EMQX Dashboard 或 HTTP API 创建或更新的,\n将创建一个新文件并放置在 EMQX 的 data_dir 中的 authz 子目录下,\n旧文件将不再使用。",
+ "type" : "String"
+ }
+ ],
+ "text" : "file",
+ "doc" : "使用 ACL 文件授权。"
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-builtin_db",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-builtin_db-type",
+ "text" : "type",
+ "doc" : "数据后端类型",
+ "type" : "String(\"built_in_database\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-builtin_db-max_rules",
+ "text" : "max_rules",
+ "doc" : "每个客户端/用户的最大规则数。请注意,随着规则数量的增加,性能可能会下降。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ }
+ ],
+ "text" : "builtin_db",
+ "doc" : "使用内置数据库 (mnesia) 进行授权。"
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-http_get",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-type",
+ "text" : "type",
+ "doc" : "数据后端类型",
+ "type" : "String(\"http\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-url",
+ "text" : "url",
+ "doc" : "认证服务器地址",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时。",
+ "type" : "String",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-body",
+ "text" : "body",
+ "doc" : "HTTP 请求体",
+ "type" : "Map($name->String)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-max_retries",
+ "text" : "max_retries",
+ "doc" : "Deprecated since 5.0.4.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-http_get-request-S-request",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-method",
+ "text" : "method",
+ "doc" : "HTTP 请求方法。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-path",
+ "text" : "path",
+ "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-body",
+ "text" : "body",
+ "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-headers",
+ "text" : "headers",
+ "doc" : "HTTP 请求头列表。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-max_retries",
+ "text" : "max_retries",
+ "doc" : "如果发送请求时出错,最大重试次数。",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request-S-request-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "request",
+ "doc" : ""
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-request",
+ "text" : "request",
+ "doc" : "配置 HTTP 请求参数。",
+ "type" : "Struct(request)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-method",
+ "text" : "method",
+ "doc" : "HTTP 请求方法",
+ "type" : "String(\"get\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_get-headers",
+ "text" : "headers",
+ "doc" : "HTTP Headers 列表 (无 content-type) 。",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", keep-alive = \"timeout=30, max=1000\"}"
+ }
+ ],
+ "text" : "http_get",
+ "doc" : "使用外部 HTTP 服务器授权(GET 请求)。"
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-http_post",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-type",
+ "text" : "type",
+ "doc" : "数据后端类型",
+ "type" : "String(\"http\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-url",
+ "text" : "url",
+ "doc" : "认证服务器地址",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时。",
+ "type" : "String",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-body",
+ "text" : "body",
+ "doc" : "HTTP 请求体",
+ "type" : "Map($name->String)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-max_retries",
+ "text" : "max_retries",
+ "doc" : "Deprecated since 5.0.4.",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-http_post-request-S-request",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-method",
+ "text" : "method",
+ "doc" : "HTTP 请求方法。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-path",
+ "text" : "path",
+ "doc" : "URL 路径。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-body",
+ "text" : "body",
+ "doc" : "HTTP 请求的主体。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-headers",
+ "text" : "headers",
+ "doc" : "HTTP 请求头列表。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-max_retries",
+ "text" : "max_retries",
+ "doc" : "如果发送请求时出错,最大重试次数。",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request-S-request-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "request",
+ "doc" : ""
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-request",
+ "text" : "request",
+ "doc" : "配置 HTTP 请求参数。",
+ "type" : "Struct(request)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-method",
+ "text" : "method",
+ "doc" : "HTTP 请求方法",
+ "type" : "String(\"post\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-http_post-headers",
+ "text" : "headers",
+ "doc" : "HTTP Headers 列表",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=30, max=1000\"}"
+ }
+ ],
+ "text" : "http_post",
+ "doc" : "使用外部 HTTP 服务器授权(POST 请求)。"
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-redis_single",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-type",
+ "text" : "type",
+ "doc" : "数据后端类型",
+ "type" : "String(\"redis\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-server",
+ "text" : "server",
+ "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-redis_type",
+ "text" : "redis_type",
+ "doc" : "Single 模式。 当 Redis 服务器在 Single 模式下运行时必须设置为 'single' 。",
+ "type" : "String(\"single\")",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-database",
+ "text" : "database",
+ "doc" : "Redis 数据库 ID。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_single-cmd",
+ "text" : "cmd",
+ "doc" : "用于检索授权数据的数据库查询。",
+ "type" : "String"
+ }
+ ],
+ "text" : "redis_single",
+ "doc" : "使用单个 Redis 实例进行授权。"
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-redis_sentinel",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-type",
+ "text" : "type",
+ "doc" : "数据后端类型",
+ "type" : "String(\"redis\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-servers",
+ "text" : "servers",
+ "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-redis_type",
+ "text" : "redis_type",
+ "doc" : "Sentinel 模式。 当 Redis 服务器在 Senitel 模式下运行时必须设置为 'sentinel' 。",
+ "type" : "String(\"sentinel\")",
+ "default" : "sentinel"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-sentinel",
+ "text" : "sentinel",
+ "doc" : "Redis sentinel 模式下的集群名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-database",
+ "text" : "database",
+ "doc" : "Redis 数据库 ID。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_sentinel-cmd",
+ "text" : "cmd",
+ "doc" : "用于检索授权数据的数据库查询。",
+ "type" : "String"
+ }
+ ],
+ "text" : "redis_sentinel",
+ "doc" : "使用 Redis Sentinel 进行授权。"
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-redis_cluster",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-type",
+ "text" : "type",
+ "doc" : "数据后端类型",
+ "type" : "String(\"redis\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-servers",
+ "text" : "servers",
+ "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-redis_type",
+ "text" : "redis_type",
+ "doc" : "Cluster 模式。当 Redis 服务器在集群模式下运行时必须设置为'cluster'。",
+ "type" : "String(\"cluster\")",
+ "default" : "cluster"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-redis_cluster-cmd",
+ "text" : "cmd",
+ "doc" : "用于检索授权数据的数据库查询。",
+ "type" : "String"
+ }
+ ],
+ "text" : "redis_cluster",
+ "doc" : "使用 Redis 集群进行授权。"
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mysql",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-type",
+ "text" : "type",
+ "doc" : "数据后端类型",
+ "type" : "String(\"mysql\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-server",
+ "text" : "server",
+ "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n主机条目的格式如下:主机[:端口]。
\n如果未指定[:端口],将使用 MySQL 的默认端口3306。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String",
+ "default" : "root"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-prepare_statement",
+ "text" : "prepare_statement",
+ "doc" : "SQL 预处理语句列表。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mysql-query",
+ "text" : "query",
+ "doc" : "用于检索授权数据的数据库查询。",
+ "type" : "String"
+ }
+ ],
+ "text" : "mysql",
+ "doc" : "使用 MySQL 数据库进行授权。"
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-postgresql",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-type",
+ "text" : "type",
+ "doc" : "数据后端类型",
+ "type" : "String(\"postgresql\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-server",
+ "text" : "server",
+ "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n一个主机条目的格式为:Host[:Port]。
\n如果没有指定 [:Port],将使用 PostgreSQL 默认端口 5432。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-disable_prepared_statements",
+ "text" : "disable_prepared_statements",
+ "doc" : "在连接中禁用预处理语句的使用。\n某些端点,如 PGBouncer 或 Transaction 模式下的 Supabase,\n不支持像处理语句这样的会话功能。 \n 对于此类连接,应启用此选项。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-prepare_statement",
+ "text" : "prepare_statement",
+ "doc" : "SQL 预处理语句列表。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-postgresql-query",
+ "text" : "query",
+ "doc" : "用于检索授权数据的数据库查询。",
+ "type" : "String"
+ }
+ ],
+ "text" : "postgresql",
+ "doc" : "使用 PostgreSQL 数据库进行授权。"
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_single",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-type",
+ "text" : "type",
+ "doc" : "数据后端类型",
+ "type" : "String(\"mongodb\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-collection",
+ "text" : "collection",
+ "doc" : "包含授权数据的 `MongoDB` 集合。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-filter",
+ "text" : "filter",
+ "doc" : "定义查询中过滤条件的条件表达式。\n过滤器支持以下占位符
\n - ${username}:在连接时将用客户端使用的 用户名 替换
\n - ${clientid}:在连接时将用客户端使用的 客户端 ID 替换",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-limit",
+ "text" : "limit",
+ "doc" : "限制获取的记录数量。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-skip",
+ "text" : "skip",
+ "doc" : "跳过的授权记录数量。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "独立实例。当MongoDB服务器以独立模式运行时,必须设置为`single`。",
+ "type" : "String(\"single\")",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-server",
+ "text" : "server",
+ "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
主机条目具有以下形式:主机[:端口]。
如果未指定[:端口],则使用MongoDB的默认端口27017。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-w_mode",
+ "text" : "w_mode",
+ "doc" : "写入模式",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-srv_record",
+ "text" : "srv_record",
+ "doc" : "使用 DNS SRV 记录。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-auth_source",
+ "text" : "auth_source",
+ "doc" : "与用户认证信息关联的数据库名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_single-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "MongoDB 的拓扑结构。"
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_single-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mongo_single",
+ "doc" : "使用 MongoDB 授权(单实例)。"
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_rs",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-type",
+ "text" : "type",
+ "doc" : "数据后端类型",
+ "type" : "String(\"mongodb\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-collection",
+ "text" : "collection",
+ "doc" : "包含授权数据的 `MongoDB` 集合。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-filter",
+ "text" : "filter",
+ "doc" : "定义查询中过滤条件的条件表达式。\n过滤器支持以下占位符
\n - ${username}:在连接时将用客户端使用的 用户名 替换
\n - ${clientid}:在连接时将用客户端使用的 客户端 ID 替换",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-limit",
+ "text" : "limit",
+ "doc" : "限制获取的记录数量。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-skip",
+ "text" : "skip",
+ "doc" : "跳过的授权记录数量。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "副本集。当MongoDB服务器以`副本集`模式运行时,必须设置为`rs`。",
+ "type" : "String(\"rs\")",
+ "default" : "rs"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-servers",
+ "text" : "servers",
+ "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-w_mode",
+ "text" : "w_mode",
+ "doc" : "写入模式",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-r_mode",
+ "text" : "r_mode",
+ "doc" : "读取模式。",
+ "type" : "Enum(master,slave_ok)",
+ "default" : "master"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-replica_set_name",
+ "text" : "replica_set_name",
+ "doc" : "副本集的名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-srv_record",
+ "text" : "srv_record",
+ "doc" : "使用 DNS SRV 记录。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-auth_source",
+ "text" : "auth_source",
+ "doc" : "与用户认证信息关联的数据库名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "MongoDB 的拓扑结构。"
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_rs-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mongo_rs",
+ "doc" : "使用 MongoDB 授权(副本集模式)"
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-type",
+ "text" : "type",
+ "doc" : "数据后端类型",
+ "type" : "String(\"mongodb\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-collection",
+ "text" : "collection",
+ "doc" : "包含授权数据的 `MongoDB` 集合。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-filter",
+ "text" : "filter",
+ "doc" : "定义查询中过滤条件的条件表达式。\n过滤器支持以下占位符
\n - ${username}:在连接时将用客户端使用的 用户名 替换
\n - ${clientid}:在连接时将用客户端使用的 客户端 ID 替换",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-limit",
+ "text" : "limit",
+ "doc" : "限制获取的记录数量。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-skip",
+ "text" : "skip",
+ "doc" : "跳过的授权记录数量。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "分片集群。当 MongoDB 服务器以`分片`模式运行时,必须设置为`sharded`。",
+ "type" : "String(\"sharded\")",
+ "default" : "sharded"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-servers",
+ "text" : "servers",
+ "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-w_mode",
+ "text" : "w_mode",
+ "doc" : "写入模式",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-srv_record",
+ "text" : "srv_record",
+ "doc" : "使用 DNS SRV 记录。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-auth_source",
+ "text" : "auth_source",
+ "doc" : "与用户认证信息关联的数据库名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "MongoDB 的拓扑结构。"
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-mongo_sharded-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "mongo_sharded",
+ "doc" : "使用 MongoDB 授权(分片集群模式)。"
+ },
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-ldap",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-type",
+ "text" : "type",
+ "doc" : "数据后端类型",
+ "type" : "String(\"ldap\")"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-publish_attribute",
+ "text" : "publish_attribute",
+ "doc" : "表示使用哪个属性来表示允许`发布`的主题列表。",
+ "type" : "String",
+ "default" : "mqttPublishTopic"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-subscribe_attribute",
+ "text" : "subscribe_attribute",
+ "doc" : "表示使用哪个属性来表示允许`订阅`的主题列表。",
+ "type" : "String",
+ "default" : "mqttSubscriptionTopic"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-all_attribute",
+ "text" : "all_attribute",
+ "doc" : "表示使用哪个属性来表示允许`发布`和`订阅`的主题列表。",
+ "type" : "String",
+ "default" : "mqttPubSubTopic"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-acl_rule_attribute",
+ "text" : "acl_rule_attribute",
+ "doc" : "指示使用哪个属性来表示 JSON 编码的 ACL 规则。",
+ "type" : "String",
+ "default" : "mqttAclRule"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-query_timeout",
+ "text" : "query_timeout",
+ "doc" : "LDAP 查询超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-base_dn",
+ "text" : "base_dn",
+ "doc" : "与基本对象条目(或根)相关的名称。\n搜索用户的起点。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-filter",
+ "text" : "filter",
+ "doc" : "定义哪些条件必须被依次满足的过滤器\n用于搜索匹配一条给定的条目.
\n筛选器的语法遵循 RFC 4515,并且还支持占位符。",
+ "type" : "String",
+ "default" : "\"(objectClass=mqttUser)\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-server",
+ "text" : "server",
+ "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机名条目的格式为:`主机[:端口]`。
\n如果 `[:端口]` 未指定, 将使用 LDAP 默认端口 389。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "设置每个单独请求所使用的最大时间(以毫秒为单位)。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-sources-S-ldap-ssl-S-ssl",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl-S-ssl-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。"
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources-S-ldap-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "ldap",
+ "doc" : "LDAP 授权设置"
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-sources",
+ "text" : "sources",
+ "doc" : "
\n授权(ACL)数据提供者的数组。\n它被设计为一个数组,而不是哈希映射,因此可以\n将源按顺序排列形成访问控制链。
\n\n在授权 '发布' 或 '订阅' 操作时,配置的\n源会按顺序检查。在检查 ACL 源时,\n如果未找到客户端(通过用户名或客户端 ID 标识),\n则继续检查下一个源。一旦返回 '允许' 或 '拒绝' 决定,\n立即停止检查。
\n\n如果在任何源中都未找到客户端,\n则应用 'authorization.no_match' 中配置的默认操作。
\n\n注意:\n源元素由它们的 '类型' 标识。\n不允许配置两个或更多相同类型的源。",
+ "type" : "Array(OneOf(Struct(file),Struct(builtin_db),Struct(http_get),Struct(http_post),Struct(redis_single),Struct(redis_sentinel),Struct(redis_cluster),Struct(mysql),Struct(postgresql),Struct(mongo_single),Struct(mongo_rs),Struct(mongo_sharded),Struct(ldap)))",
+ "default" : "[{enable = true, path = \"${EMQX_ETC_DIR}/acl.conf\", type = file}]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-authorization-S-authorization-node_cache-S-config",
+ "fields" : [
+ {
+ "hash" : "V-authorization-S-authorization-node_cache-S-config-enable",
+ "text" : "enable",
+ "doc" : "启用或禁用缓存。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-node_cache-S-config-cache_ttl",
+ "text" : "cache_ttl",
+ "doc" : "缓存的认证/授权结果过期的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"1m\""
+ },
+ {
+ "hash" : "V-authorization-S-authorization-node_cache-S-config-max_count",
+ "text" : "max_count",
+ "doc" : "缓存结果的最大数量。",
+ "type" : "OneOf(String(\"unlimited\"),Integer(0..+inf))",
+ "default" : "1000000"
+ },
+ {
+ "hash" : "V-authorization-S-authorization-node_cache-S-config-max_memory",
+ "text" : "max_memory",
+ "doc" : "缓存的最大内存使用量。",
+ "type" : "OneOf(String(\"unlimited\"),Bytesize)",
+ "default" : "\"100MB\""
+ }
+ ],
+ "text" : "config",
+ "doc" : "认证/授权缓存的配置。"
+ }
+ ],
+ "hash" : "V-authorization-S-authorization-node_cache",
+ "text" : "node_cache",
+ "type" : "Struct(config)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "authorization",
+ "doc" : "授权相关"
+ }
+ ],
+ "hash" : "V-authorization",
+ "text" : "authorization",
+ "doc" : "授权(ACL)。EMQX 支持完整的客户端访问控制(ACL)。",
+ "type" : "Struct(authorization)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-node-S-node",
+ "fields" : [
+ {
+ "hash" : "V-node-S-node-name",
+ "text" : "name",
+ "doc" : "节点名。格式为 \\@\\。其中 可以是 IP 地址,也可以是 FQDN。\n详见 http://erlang.org/doc/reference_manual/distributed.html。",
+ "type" : "String",
+ "default" : "\"emqx@127.0.0.1\""
+ },
+ {
+ "hash" : "V-node-S-node-cookie",
+ "text" : "cookie",
+ "doc" : "分布式 Erlang 集群使用的 cookie 值。集群间保持一致",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-node-S-node-max_ports",
+ "text" : "max_ports",
+ "doc" : "Erlang 系统同时存在的最大端口数。\n实际选择的最大值可能比设置的数字大得多。\n参考: https://www.erlang.org/doc/man/erl.html",
+ "type" : "Integer(1024..134217727)",
+ "default" : "1048576"
+ },
+ {
+ "hash" : "V-node-S-node-dist_buffer_size",
+ "text" : "dist_buffer_size",
+ "doc" : "Erlang 分布式缓冲区的繁忙阈值,单位是 KB。",
+ "type" : "Integer(1..2097151)",
+ "default" : "8192"
+ },
+ {
+ "hash" : "V-node-S-node-data_dir",
+ "text" : "data_dir",
+ "doc" : "节点数据存放目录,可能会自动创建的子目录如下:
\n- `mnesia/`。EMQX 的内置数据库目录。例如,`mnesia/emqx@127.0.0.1`。
\n如果节点要被重新命名(例如,`emqx@10.0.1.1`)。旧目录应该首先被删除。
\n- `configs`。在启动时生成的配置,以及集群/本地覆盖的配置。
\n- `patches`: 热补丁文件将被放在这里。
\n- `trace`: 日志跟踪文件。
\n\n**注意**: 一个数据 dir 不能被两个或更多的 EMQX 节点同时使用。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-node-S-node-global_gc_interval",
+ "text" : "global_gc_interval",
+ "doc" : "全局垃圾回收的周期性执行间隔。设置为 disabled 可禁用此功能。
仅当 EMQX 的内存使用持续增长且明显超过正常水平,并且手动触发垃圾回收确实能释放大量内存时,才建议使用此功能作为临时解决方案。",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-node-S-node-role",
+ "aliases" : [
+ "db_role"
+ ],
+ "text" : "role",
+ "doc" : "选择节点的角色。
\ncore 节点提供数据的持久性,并负责写入。建议将核心节点放置在不同的机架或不同的可用区。
\nreplicant 节点是临时工作节点。 从集群中删除它们,不影响数据库冗余
\n建议复制节点多于核心节点。
\n注意:该参数仅在设置backend时生效到 rlog。",
+ "type" : "Enum(core,replicant)",
+ "default" : "core"
+ }
+ ],
+ "text" : "node",
+ "doc" : "节点名称、Cookie、配置文件、数据目录和 Erlang 虚拟机(BEAM)启动参数。"
+ }
+ ],
+ "hash" : "V-node",
+ "text" : "node",
+ "type" : "Struct(node)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-name",
+ "text" : "name",
+ "doc" : "EMQX 集群名称。每个集群都有一个唯一的名称。服务发现时会用于做路径的一部分。",
+ "type" : "String",
+ "default" : "emqxcl"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-discovery_strategy",
+ "text" : "discovery_strategy",
+ "doc" : "集群节点发现方式。可选值为:\n- manual: 使用 emqx ctl cluster 命令管理集群。
\n- static: 配置静态节点。配置几个固定的节点,新节点通过连接固定节点中的某一个来加入集群。
\n- dns: 使用 DNS A 记录的方式发现节点。
\n- etcd: 使用 etcd 发现节点。
\n- k8s: 使用 Kubernetes API 发现节点。",
+ "type" : "Enum(manual,static,singleton,dns,etcd,k8s)",
+ "default" : "manual"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-autoclean",
+ "text" : "autoclean",
+ "doc" : "指定多久之后从集群中删除离线节点。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"24h\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-autoheal",
+ "text" : "autoheal",
+ "doc" : "集群脑裂自动恢复机制开关。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-proto_dist",
+ "text" : "proto_dist",
+ "doc" : "分布式 Erlang 集群协议类型。可选值为:
\n- inet_tcp: 使用 IPv4
\n- inet_tls: 使用 TLS,需要配合 etc/ssl_dist.conf 一起使用。
\n- inet6_tcp: IPv6 TCP
\n- inet6_tls: IPv6 TLS, 与 etc/ssl_dist.conf 配合使用。",
+ "type" : "Enum(inet_tcp,inet6_tcp,inet_tls,inet6_tls)",
+ "default" : "inet_tcp"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-static-S-cluster_static",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-static-S-cluster_static-seeds",
+ "text" : "seeds",
+ "doc" : "集群中的 EMQX 节点名称列表,\n指定固定的节点列表,多个节点间使用逗号 , 分隔。\n当 cluster.discovery_strategy 为 static 时,此配置项才有效。\n适合于节点数量较少且固定的集群。",
+ "type" : "OneOf(String,Array(String))",
+ "default" : "[]"
+ }
+ ],
+ "text" : "cluster_static",
+ "doc" : "静态节点服务发现。新节点通过连接一个节点来加入集群。"
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-static",
+ "text" : "static",
+ "type" : "Struct(cluster_static)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-dns-S-cluster_dns",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-dns-S-cluster_dns-name",
+ "text" : "name",
+ "doc" : "指定 DNS A 记录的名字。emqx 会通过访问这个 DNS A 记录来获取 IP 地址列表。\n当cluster.discovery_strategy 为 dns 时有效。",
+ "type" : "String",
+ "default" : "localhost"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-dns-S-cluster_dns-record_type",
+ "text" : "record_type",
+ "doc" : "DNS 记录类型。",
+ "type" : "Enum(a,aaaa,srv)",
+ "default" : "a"
+ }
+ ],
+ "text" : "cluster_dns",
+ "doc" : "DNS SRV 记录服务发现。"
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-dns",
+ "text" : "dns",
+ "type" : "Struct(cluster_dns)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-etcd-S-cluster_etcd",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-server",
+ "text" : "server",
+ "doc" : "指定 etcd 服务的地址。如有多个服务使用逗号 , 分隔。\n当 cluster.discovery_strategy 为 etcd 时,此配置项才有效。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-prefix",
+ "text" : "prefix",
+ "doc" : "指定 etcd 路径的前缀。每个节点在 etcd 中都会创建一个路径:\nv2/keys///
\n当 cluster.discovery_strategy 为 etcd 时,此配置项才有效。",
+ "type" : "String",
+ "default" : "emqxcl"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-node_ttl",
+ "text" : "node_ttl",
+ "doc" : "指定 etcd 中节点信息的过期时间。\n当 cluster.discovery_strategy 为 etcd 时,此配置项才有效。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"1m\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-etcd-S-cluster_etcd-ssl_options",
+ "aliases" : [
+ "ssl"
+ ],
+ "text" : "ssl_options",
+ "doc" : "当使用 TLS 连接 etcd 时的配置选项。\n当 cluster.discovery_strategy 为 etcd 时,此配置项才有效。",
+ "type" : "Struct(ssl_client_opts)"
+ }
+ ],
+ "text" : "cluster_etcd",
+ "doc" : "使用 'etcd' 服务的服务发现。"
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-etcd",
+ "text" : "etcd",
+ "type" : "Struct(cluster_etcd)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-k8s-S-cluster_k8s",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-apiserver",
+ "text" : "apiserver",
+ "doc" : "指定 Kubernetes API Server。如有多个 Server 使用逗号 , 分隔。\n当 cluster.discovery_strategy 为 k8s 时,此配置项才有效。",
+ "type" : "String",
+ "default" : "\"https://kubernetes.default.svc:443\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-service_name",
+ "text" : "service_name",
+ "doc" : "指定 Kubernetes 中 EMQX 的服务名。\n当 cluster.discovery_strategy 为 k8s 时,此配置项才有效。",
+ "type" : "String",
+ "default" : "emqx"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-address_type",
+ "text" : "address_type",
+ "doc" : "当使用 k8s 方式集群时,address_type 用来从 Kubernetes 接口的应答里获取什么形式的 Host 列表。\n指定 cluster.k8s.address_type 为 ip,则将从 Kubernetes 接口中获取集群中其他节点\n的 IP 地址。",
+ "type" : "Enum(ip,dns,hostname)",
+ "default" : "ip"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-namespace",
+ "text" : "namespace",
+ "doc" : "当使用 k8s 方式并且 cluster.k8s.address_type 指定为 dns 类型时,\n可设置 emqx 节点名的命名空间。与 cluster.k8s.suffix 一起使用用以拼接得到节点名列表。",
+ "type" : "String",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-k8s-S-cluster_k8s-suffix",
+ "text" : "suffix",
+ "doc" : "当使用 k8s 方式并且 cluster.k8s.address_type 指定为 dns 类型时,可设置 emqx 节点名的后缀。\n与 cluster.k8s.namespace 一起使用用以拼接得到节点名列表。",
+ "type" : "String",
+ "default" : "\"pod.local\""
+ }
+ ],
+ "text" : "cluster_k8s",
+ "doc" : "Kubernetes 服务发现。"
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-k8s",
+ "text" : "k8s",
+ "type" : "Struct(cluster_k8s)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-links-S-link",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-name",
+ "text" : "name",
+ "doc" : "连接(远程)集群名称。必须与远程集群中配置的 `cluster.name` 值完全相同。不得与本地的 cluster.name 相同。所有配置的集群连接名称必须唯一。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-server",
+ "text" : "server",
+ "doc" : "远程 EMQX 消息服务器的 MQTT 主机和端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-clientid",
+ "text" : "clientid",
+ "doc" : "可选的基础 MQTT 客户端 ID,用于连接到远程 EMQX 集群。如果省略,将使用本地的 `cluster.name`。EMQX 在互相连接的集群之间维持多个连接,因此基础客户端 ID 会自动添加不同的后缀。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-username",
+ "text" : "username",
+ "doc" : "用于连接到远程 EMQX 集群的 MQTT 用户名(可选)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-password",
+ "text" : "password",
+ "doc" : "用于连接到远程 EMQX 集群的密码(可选)。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-links-S-link-ssl",
+ "text" : "ssl",
+ "doc" : "用于连接到远程 EMQX 集群的 SSL 配置。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-topics",
+ "text" : "topics",
+ "doc" : "将由连接的远程 EMQX 消息服务器转发到本地消息服务器的 MQTT 主题。只有当本地 EMQX 有匹配的订阅者时,消息才会被转发。\n支持通配符。将一侧的主题列表设置为空可以建立单向连接:具有空主题的一侧不会接收远程消息,但可以根据连接另一侧配置的主题将相关消息转发给其连接的对端。",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-pool_size",
+ "text" : "pool_size",
+ "doc" : "将向连接的 EMQX 消息服务器发布消息的 MQTT 客户端池的大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "在未收到 ACK 的情况下,MQTT 桥接器重试发送 QoS1/QoS2 消息的延迟。",
+ "type" : "String",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "MQTT 协议的最大待处理(已发送但未确认)消息数。",
+ "type" : "Integer(0..+inf)",
+ "default" : "32"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts",
+ "fields" : [
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-auto_restart_interval",
+ "text" : "auto_restart_interval",
+ "doc" : "Deprecated since 5.1.0.",
+ "type" : "OneOf(String(\"infinity\"),Duration)"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-enable_queue",
+ "text" : "enable_queue",
+ "doc" : "Deprecated since v5.0.14.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts-S-creation_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "creation_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-links-S-link-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(creation_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "link",
+ "doc" : "集群连接配置"
+ }
+ ],
+ "hash" : "V-cluster-S-cluster-links",
+ "text" : "links",
+ "doc" : "已连接的 EMQX 集群列表。",
+ "type" : "Array(Struct(link))",
+ "default" : "[]"
+ }
+ ],
+ "text" : "cluster",
+ "doc" : "EMQX 节点可以组成一个集群,以提高总容量。
这里指定了节点之间如何连接。"
+ }
+ ],
+ "hash" : "V-cluster",
+ "text" : "cluster",
+ "type" : "Struct(cluster)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-log-S-log",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-log-S-log-console-S-console_handler",
+ "fields" : [
+ {
+ "hash" : "V-log-S-log-console-S-console_handler-level",
+ "text" : "level",
+ "doc" : "当前日志处理进程的日志级别。\n默认为 warning 级别。",
+ "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)",
+ "default" : "warning"
+ },
+ {
+ "hash" : "V-log-S-log-console-S-console_handler-enable",
+ "text" : "enable",
+ "doc" : "启用此日志处理进程。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-log-S-log-console-S-console_handler-formatter",
+ "aliases" : [
+ "format"
+ ],
+ "text" : "formatter",
+ "doc" : "选择日志格式类型。 text 用于纯文本,json 用于结构化日志记录。",
+ "type" : "Enum(text,json)",
+ "default" : "text"
+ },
+ {
+ "hash" : "V-log-S-log-console-S-console_handler-timestamp_format",
+ "text" : "timestamp_format",
+ "doc" : "选择时间戳格式:\n- `auto`:自动选择最佳格式。`epoch` 给 JSON 日志 `rfc3339` 给自由文本格式。\n- `epoch`: 微秒精度的 Unix epoch 整形值。\n- `rfc3339`: 遵从 RFC3339 规范的字符串格式。",
+ "type" : "Enum(auto,epoch,rfc3339)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-log-S-log-console-S-console_handler-time_offset",
+ "text" : "time_offset",
+ "doc" : "日志中的时间戳使用的时间偏移量。\n可选值为:\n - system: 本地系统使用的时区偏移量\n - utc: 0 时区的偏移量\n - +-[hh]:[mm]: 自定义偏移量,比如 \"-02:00\" 或者 \"+00:00\"\n默认值为本地系统的时区偏移量:system。",
+ "type" : "String",
+ "default" : "system"
+ },
+ {
+ "hash" : "V-log-S-log-console-S-console_handler-payload_encode",
+ "text" : "payload_encode",
+ "doc" : "确定跟踪文件中有效负载格式的格式。
\n`text`:基于文本的协议或纯文本协议。\n建议在有效负载为 JSON 编码时使用
\n`hex`:二进制十六进制编码。当有效负载是自定义二进制协议时,建议使用此选项
\n`hidden`:有效负载被模糊化为 `******`",
+ "type" : "Enum(hex,text,hidden)",
+ "default" : "text"
+ }
+ ],
+ "text" : "console_handler",
+ "doc" : "日志处理进程将日志事件打印到 EMQX 控制台。"
+ }
+ ],
+ "hash" : "V-log-S-log-console",
+ "aliases" : [
+ "console_handler"
+ ],
+ "text" : "console",
+ "type" : "Struct(console_handler)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-log-S-log-file-S-log_file_handler",
+ "fields" : [
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-path",
+ "aliases" : [
+ "file",
+ "to"
+ ],
+ "text" : "path",
+ "doc" : "日志文件路径及名字。",
+ "type" : "String",
+ "default" : "\"${EMQX_LOG_DIR}/emqx.log\""
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-rotation_count",
+ "aliases" : [
+ "rotation"
+ ],
+ "text" : "rotation_count",
+ "doc" : "轮换的最大日志文件数。",
+ "type" : "Integer(1..128)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-rotation_size",
+ "aliases" : [
+ "max_size"
+ ],
+ "text" : "rotation_size",
+ "doc" : "此参数控制日志文件轮换。 `infinity` 意味着日志文件将无限增长,否则日志文件将在达到 `max_size`(以字节为单位)时进行轮换。\n与 rotation count 配合使用。如果 counter 为 10,则是 10 个文件轮换。",
+ "type" : "OneOf(String(\"infinity\"),Bytesize)",
+ "default" : "\"50MB\""
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-level",
+ "text" : "level",
+ "doc" : "当前日志处理进程的日志级别。\n默认为 warning 级别。",
+ "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)",
+ "default" : "warning"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-formatter",
+ "aliases" : [
+ "format"
+ ],
+ "text" : "formatter",
+ "doc" : "选择日志格式类型。 text 用于纯文本,json 用于结构化日志记录。",
+ "type" : "Enum(text,json)",
+ "default" : "text"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-timestamp_format",
+ "text" : "timestamp_format",
+ "doc" : "选择时间戳格式:\n- `auto`:自动选择最佳格式。`epoch` 给 JSON 日志 `rfc3339` 给自由文本格式。\n- `epoch`: 微秒精度的 Unix epoch 整形值。\n- `rfc3339`: 遵从 RFC3339 规范的字符串格式。",
+ "type" : "Enum(auto,epoch,rfc3339)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-time_offset",
+ "text" : "time_offset",
+ "doc" : "日志中的时间戳使用的时间偏移量。\n可选值为:\n - system: 本地系统使用的时区偏移量\n - utc: 0 时区的偏移量\n - +-[hh]:[mm]: 自定义偏移量,比如 \"-02:00\" 或者 \"+00:00\"\n默认值为本地系统的时区偏移量:system。",
+ "type" : "String",
+ "default" : "system"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-payload_encode",
+ "text" : "payload_encode",
+ "doc" : "确定跟踪文件中有效负载格式的格式。
\n`text`:基于文本的协议或纯文本协议。\n建议在有效负载为 JSON 编码时使用
\n`hex`:二进制十六进制编码。当有效负载是自定义二进制协议时,建议使用此选项
\n`hidden`:有效负载被模糊化为 `******`",
+ "type" : "Enum(hex,text,hidden)",
+ "default" : "text"
+ }
+ ],
+ "text" : "log_file_handler",
+ "doc" : "日志处理进程将日志事件打印到文件。"
+ },
+ {
+ "hash" : "T-log-S-log-file-S-log_file_handler",
+ "fields" : [
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-path",
+ "aliases" : [
+ "file",
+ "to"
+ ],
+ "text" : "path",
+ "doc" : "日志文件路径及名字。",
+ "type" : "String",
+ "default" : "\"${EMQX_LOG_DIR}/emqx.log\""
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-rotation_count",
+ "aliases" : [
+ "rotation"
+ ],
+ "text" : "rotation_count",
+ "doc" : "轮换的最大日志文件数。",
+ "type" : "Integer(1..128)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-rotation_size",
+ "aliases" : [
+ "max_size"
+ ],
+ "text" : "rotation_size",
+ "doc" : "此参数控制日志文件轮换。 `infinity` 意味着日志文件将无限增长,否则日志文件将在达到 `max_size`(以字节为单位)时进行轮换。\n与 rotation count 配合使用。如果 counter 为 10,则是 10 个文件轮换。",
+ "type" : "OneOf(String(\"infinity\"),Bytesize)",
+ "default" : "\"50MB\""
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-level",
+ "text" : "level",
+ "doc" : "当前日志处理进程的日志级别。\n默认为 warning 级别。",
+ "type" : "Enum(debug,info,notice,warning,error,critical,alert,emergency,all)",
+ "default" : "warning"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-formatter",
+ "aliases" : [
+ "format"
+ ],
+ "text" : "formatter",
+ "doc" : "选择日志格式类型。 text 用于纯文本,json 用于结构化日志记录。",
+ "type" : "Enum(text,json)",
+ "default" : "text"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-timestamp_format",
+ "text" : "timestamp_format",
+ "doc" : "选择时间戳格式:\n- `auto`:自动选择最佳格式。`epoch` 给 JSON 日志 `rfc3339` 给自由文本格式。\n- `epoch`: 微秒精度的 Unix epoch 整形值。\n- `rfc3339`: 遵从 RFC3339 规范的字符串格式。",
+ "type" : "Enum(auto,epoch,rfc3339)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-time_offset",
+ "text" : "time_offset",
+ "doc" : "日志中的时间戳使用的时间偏移量。\n可选值为:\n - system: 本地系统使用的时区偏移量\n - utc: 0 时区的偏移量\n - +-[hh]:[mm]: 自定义偏移量,比如 \"-02:00\" 或者 \"+00:00\"\n默认值为本地系统的时区偏移量:system。",
+ "type" : "String",
+ "default" : "system"
+ },
+ {
+ "hash" : "V-log-S-log-file-S-log_file_handler-payload_encode",
+ "text" : "payload_encode",
+ "doc" : "确定跟踪文件中有效负载格式的格式。
\n`text`:基于文本的协议或纯文本协议。\n建议在有效负载为 JSON 编码时使用
\n`hex`:二进制十六进制编码。当有效负载是自定义二进制协议时,建议使用此选项
\n`hidden`:有效负载被模糊化为 `******`",
+ "type" : "Enum(hex,text,hidden)",
+ "default" : "text"
+ }
+ ],
+ "text" : "log_file_handler",
+ "doc" : "日志处理进程将日志事件打印到文件。"
+ }
+ ],
+ "hash" : "V-log-S-log-file",
+ "aliases" : [
+ "file_handlers"
+ ],
+ "text" : "file",
+ "doc" : "输出到文件的日志处理进程列表",
+ "type" : "OneOf(Struct(log_file_handler),Map($handler_name->Struct(log_file_handler)))",
+ "default" : "{level = warning}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-log-S-log-throttling-S-log_throttling",
+ "fields" : [
+ {
+ "hash" : "V-log-S-log-throttling-S-log_throttling-time_window",
+ "text" : "time_window",
+ "doc" : "此配置设置控制限流消息的日志记录行为,包括但不限于像 'authorization_permission_denied' 这样的消息。\n在每个定义的时间窗口内,只有一个限流消息的实例会被记录,以防止日志泛滥。\n在每个时间窗口结束时,将生成一个摘要日志,详细说明该期间内任何限流消息的发生。\n重要的是,此设置的最短有效时间窗口为 1 秒(1s)。\n如果指定的值低于 1s,则会自动调整为 1s。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"1m\""
+ }
+ ],
+ "text" : "log_throttling",
+ "doc" : "日志限流功能通过在配置的时间窗口内丢弃除第一个事件外的所有事件,来减少可能泛滥的日志事件数量。\n如果 `console` 或 `file` 日志级别设置为 debug,则自动禁用限流。"
+ }
+ ],
+ "hash" : "V-log-S-log-throttling",
+ "text" : "throttling",
+ "type" : "Struct(log_throttling)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-log-S-log-audit-S-log_audit_handler",
+ "fields" : [
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-path",
+ "text" : "path",
+ "doc" : "审计日志文件的名称。",
+ "type" : "String",
+ "default" : "\"${EMQX_LOG_DIR}/audit.log\""
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-rotation_count",
+ "text" : "rotation_count",
+ "doc" : "轮换的最大日志文件数。",
+ "type" : "Integer(1..128)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-rotation_size",
+ "text" : "rotation_size",
+ "doc" : "此参数控制日志文件轮换。 `infinity` 意味着日志文件将无限增长,否则日志文件将在达到 `max_size`(以字节为单位)时进行轮换。\n与 rotation count 配合使用。如果 counter 为 10,则是 10 个文件轮换。",
+ "type" : "OneOf(String(\"infinity\"),Bytesize)",
+ "default" : "\"50MB\""
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-max_filter_size",
+ "text" : "max_filter_size",
+ "doc" : "将最新的 N 条日志条目存储在数据库中,以供 /audit HTTP API 进行日志数据的筛选和检索。\n清除多余的日志记录的间隔保持在 10 到 20 秒之间。",
+ "type" : "Integer(10..30000)",
+ "default" : "5000"
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-ignore_high_frequency_request",
+ "text" : "ignore_high_frequency_request",
+ "doc" : "忽略高频请求以避免淹没审计日志,例如发布/订阅踢出 http API 请求将被忽略。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-timestamp_format",
+ "text" : "timestamp_format",
+ "doc" : "选择时间戳格式:\n- `auto`:自动选择最佳格式。`epoch` 给 JSON 日志 `rfc3339` 给自由文本格式。\n- `epoch`: 微秒精度的 Unix epoch 整形值。\n- `rfc3339`: 遵从 RFC3339 规范的字符串格式。",
+ "type" : "Enum(auto,epoch,rfc3339)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-time_offset",
+ "text" : "time_offset",
+ "doc" : "日志中的时间戳使用的时间偏移量。\n可选值为:\n - system: 本地系统使用的时区偏移量\n - utc: 0 时区的偏移量\n - +-[hh]:[mm]: 自定义偏移量,比如 \"-02:00\" 或者 \"+00:00\"\n默认值为本地系统的时区偏移量:system。",
+ "type" : "String",
+ "default" : "system"
+ },
+ {
+ "hash" : "V-log-S-log-audit-S-log_audit_handler-payload_encode",
+ "text" : "payload_encode",
+ "doc" : "确定跟踪文件中有效负载格式的格式。
\n`text`:基于文本的协议或纯文本协议。\n建议在有效负载为 JSON 编码时使用
\n`hex`:二进制十六进制编码。当有效负载是自定义二进制协议时,建议使用此选项
\n`hidden`:有效负载被模糊化为 `******`",
+ "type" : "Enum(hex,text,hidden)",
+ "default" : "text"
+ }
+ ],
+ "text" : "log_audit_handler",
+ "doc" : "将日志时间输出到文件的审计日志处理进程。"
+ }
+ ],
+ "hash" : "V-log-S-log-audit",
+ "text" : "audit",
+ "doc" : "审计日志文件处理进程",
+ "type" : "Struct(log_audit_handler)",
+ "default" : "{enable = false, level = info}"
+ }
+ ],
+ "text" : "log",
+ "doc" : "EMQX 支持多个日志处理器,包括一个控制台处理器和多个文件处理器。\n默认情况下,EMQX 在 Docker 环境或控制台/前台模式下运行时会输出日志到控制台,\n否则会将日志输出到文件 `${EMQX_LOG_DIR}/emqx.log.N`。\n对于高级配置,您可以在此部分找到更多参数。"
+ }
+ ],
+ "hash" : "V-log",
+ "text" : "log",
+ "doc" : "EMQX 支持两种主要的日志处理进程:file 和 console,另有一个专门设计用于始终将日志定向到文件的 audit 处理进程。\n系统的默认日志处理行为可以通过环境变量 `EMQX_DEFAULT_LOG_HANDLER` 配置,它接受以下设置:\n\n- file:将日志输出仅定向到文件。\n- console:将日志输出仅定向到控制台。\n\n值得注意的是,当通过 systemd 的 emqx.service 文件启动 EMQX 时,EMQX_DEFAULT_LOG_HANDLER 被设置为 file。\n在 systemd 启动之外的场景中,console 作为默认的日志处理进程。",
+ "type" : "Struct(log)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-rpc-S-rpc",
+ "fields" : [
+ {
+ "hash" : "V-rpc-S-rpc-mode",
+ "text" : "mode",
+ "doc" : "在 sync 模式下,发送端等待接收端的 ack 信号。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-protocol",
+ "aliases" : [
+ "driver"
+ ],
+ "text" : "protocol",
+ "doc" : "集群间通信使用的传输协议。",
+ "type" : "Enum(tcp,ssl)",
+ "default" : "tcp"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-async_batch_size",
+ "text" : "async_batch_size",
+ "doc" : "异步模式下,发送的批量消息的最大数量。",
+ "type" : "Integer",
+ "default" : "256"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-port_discovery",
+ "text" : "port_discovery",
+ "doc" : "manual: 通过 server_port 来发现端口。\n
stateless: 使用无状态的方式来发现端口,使用如下算法。如果节点名称是 \nemqxN@127.0.0.1, N 是一个数字,那么监听端口就是 5370 + N。\n注意:当 port_discovery 设置为 manual 时,server_port 配置将不起作用。",
+ "type" : "Enum(manual,stateless)",
+ "default" : "stateless"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-server_port",
+ "aliases" : [
+ "tcp_server_port",
+ "ssl_server_port"
+ ],
+ "text" : "server_port",
+ "doc" : "RPC 本地服务使用的监听端口。
\n请注意,此配置仅在 rpc.port_discovery 设置为手动时生效。",
+ "type" : "Integer(1..+inf)",
+ "default" : "5369"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-client_num",
+ "aliases" : [
+ "tcp_client_num"
+ ],
+ "text" : "client_num",
+ "doc" : "设置该节点与每个远程节点之间发起的最大 RPC 通信通道数量。",
+ "type" : "Integer(1..256)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "建立 RPC 连接的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-certfile",
+ "text" : "certfile",
+ "doc" : "TLS 证书文件的路径,用于验证集群节点的身份。\n只有当 rpc.driver 设置为 ssl 时,此配置才会生效。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-keyfile",
+ "text" : "keyfile",
+ "doc" : "rpc.certfile 的私钥文件的路径。
\n注意:此文件内容是私钥,所以需要设置权限为 600。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "验证 rpc.certfile 的 CA 证书文件的路径。
\n注意:集群中所有节点的证书必须使用同一个 CA 签发。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "发送 RPC 请求的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-authentication_timeout",
+ "text" : "authentication_timeout",
+ "doc" : "远程节点认证的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-call_receive_timeout",
+ "text" : "call_receive_timeout",
+ "doc" : "同步 RPC 的回复超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-socket_keepalive_idle",
+ "text" : "socket_keepalive_idle",
+ "doc" : "对应 TCP_KEEPIDLE socket 选项。指定在 TCP 开始发送 keepalive 探测包之前,连接需要保持空闲的时间(以秒为单位)。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"15m\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-socket_keepalive_interval",
+ "text" : "socket_keepalive_interval",
+ "doc" : "对应 TCP_KEEPINTVL socket 选项。指每次 keepalive 探测之间的时间间隔(以秒为单位)。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"75s\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-socket_keepalive_count",
+ "text" : "socket_keepalive_count",
+ "doc" : "对应 TCP_KEEPCNT socket 选项。指定在放弃连接并终止连接之前发送的最大 TCP keepalive 探测次数,如果未从另一端收到响应,则终止连接。",
+ "type" : "Integer",
+ "default" : "9"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-socket_sndbuf",
+ "text" : "socket_sndbuf",
+ "doc" : "TCP 调节参数。TCP 发送缓冲区大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-socket_recbuf",
+ "text" : "socket_recbuf",
+ "doc" : "TCP 调节参数。TCP 接收缓冲区大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-socket_buffer",
+ "text" : "socket_buffer",
+ "doc" : "TCP 调节参数。用户模式套接字缓冲区大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-insecure_fallback",
+ "text" : "insecure_fallback",
+ "doc" : "兼容旧的无鉴权模式",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-tls_versions",
+ "text" : "tls_versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-rpc-S-rpc-listen_address",
+ "text" : "listen_address",
+ "doc" : "指示 RPC 服务器监听的 IP 地址。例如,使用 \"0.0.0.0\" 表示 IPv4 或 \"::\" 表示 IPv6。",
+ "type" : "String",
+ "default" : "\"0.0.0.0\""
+ },
+ {
+ "hash" : "V-rpc-S-rpc-ipv6_only",
+ "text" : "ipv6_only",
+ "doc" : "此设置仅在 rpc.listen_address 被分配了一个 IPv6 地址时有效。\n如果设置为 true,RPC 客户端将仅使用 IPv6 进行连接。\n否则,即使服务器位于 IPv6 上,客户端也可能选择 IPv4。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "rpc",
+ "doc" : "EMQX 使用 gen_rpc 库来实现跨节点通信。
\n大多数情况下,默认的配置应该可以工作,但如果你需要做一些性能优化或者实验,可以尝试调整这些参数。"
+ }
+ ],
+ "hash" : "V-rpc",
+ "text" : "rpc",
+ "type" : "Struct(rpc)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sys_topics-S-sys_topics",
+ "fields" : [
+ {
+ "hash" : "V-sys_topics-S-sys_topics-sys_msg_interval",
+ "text" : "sys_msg_interval",
+ "doc" : "发送 `$SYS` 主题的间隔时间。",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "\"1m\""
+ },
+ {
+ "hash" : "V-sys_topics-S-sys_topics-sys_heartbeat_interval",
+ "text" : "sys_heartbeat_interval",
+ "doc" : "发送心跳系统消息的间隔时间,它包括:\n - `$SYS/brokers//uptime`\n - `$SYS/brokers//datetime`",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sys_topics-S-sys_topics-sys_event_messages-S-event_names",
+ "fields" : [
+ {
+ "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_connected",
+ "text" : "client_connected",
+ "doc" : "是否开启客户端已连接事件消息。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_disconnected",
+ "text" : "client_disconnected",
+ "doc" : "是否开启客户端已断开连接事件消息。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_subscribed",
+ "text" : "client_subscribed",
+ "doc" : "是否开启客户端已成功订阅主题事件消息。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-sys_topics-S-sys_topics-sys_event_messages-S-event_names-client_unsubscribed",
+ "text" : "client_unsubscribed",
+ "doc" : "是否开启客户端已成功取消订阅主题事件消息。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "event_names",
+ "doc" : "Enable or disable client lifecycle event publishing.\n\nThe following options affect MQTT clients as well as\ngateway clients. The types of the clients\nare distinguished by the topic prefix:\n\n- For the MQTT clients, the format is:\n`$SYS/broker//clients//`\n- For the Gateway clients, it is\n`$SYS/broker//gateway//clients//`\n"
+ }
+ ],
+ "hash" : "V-sys_topics-S-sys_topics-sys_event_messages",
+ "text" : "sys_event_messages",
+ "doc" : "客户端事件消息。",
+ "type" : "Struct(event_names)"
+ }
+ ],
+ "text" : "sys_topics",
+ "doc" : "The EMQX Broker periodically publishes its own status, message statistics,\nclient online and offline events to the system topic starting with `$SYS/`.\n\nThe following options control the behavior of `$SYS` topics."
+ }
+ ],
+ "hash" : "V-sys_topics",
+ "text" : "sys_topics",
+ "doc" : "系统主题配置。",
+ "type" : "Struct(sys_topics)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-force_shutdown-S-force_shutdown",
+ "fields" : [
+ {
+ "hash" : "V-force_shutdown-S-force_shutdown-max_mailbox_size",
+ "aliases" : [
+ "max_message_queue_len"
+ ],
+ "text" : "max_mailbox_size",
+ "doc" : "每个在线客户端在 EMQX 服务器中都是独立的一个进程。该配置可以设为单个进程的邮箱消息队列设置最大长度,当超过该上限时,客户端会被强制下线。",
+ "type" : "Integer(0..inf)",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-force_shutdown-S-force_shutdown-max_heap_size",
+ "text" : "max_heap_size",
+ "doc" : "Heap 的总大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"32MB\""
+ }
+ ],
+ "text" : "force_shutdown",
+ "doc" : "When the process message queue length, or the memory bytes\nreaches a certain value, the process is forced to close.\n\nNote: \"message queue\" here refers to the \"message mailbox\"\nof the Erlang process, not the `mqueue` of QoS 1 and QoS 2."
+ }
+ ],
+ "hash" : "V-force_shutdown",
+ "text" : "force_shutdown",
+ "type" : "Struct(force_shutdown)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_storage-S-durable_storage",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"builtin_raft\")",
+ "default" : "builtin_raft"
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-replication_factor",
+ "text" : "replication_factor",
+ "doc" : "每个分片应有的相同副本数量。\n增加此数字可以提高持久性和可用性,但会消耗更多资源。\n复制工作需要健康的副本仲裁,因此一般情况下选择奇数个副本是一个好选择。\n请注意,这仅在持久存储数据库初始化期间生效。\n在数据库已创建后更改此配置参数不会生效。",
+ "type" : "Integer(1..+inf)",
+ "default" : "3"
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-n_sites",
+ "text" : "n_sites",
+ "doc" : "需要共享存储分片集责任的存储站点数量。\n在此上下文中,站点是启用了消息持久性的 EMQX 节点。\n请注意,这仅在持久存储数据库初始化期间生效。\n在此阶段,至少需要上线这么多站点以在它们之间分配分片,否则消息存储将不可用。\n初始化完成后,站点可能会下线,这将根据下线站点的数量和复制因子影响可用性。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-data_dir",
+ "text" : "data_dir",
+ "doc" : "数据库所在的文件系统目录。\n\n默认情况下,它等于 node.data_dir。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-n_shards",
+ "text" : "n_shards",
+ "doc" : "内置的持久存储将数据分成多个分片。\n此配置参数定义分片的数量。\n请注意,它仅在持久存储数据库初始化期间生效。\n在数据库已经创建后更改此配置参数将不会产生任何效果。",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-transaction-S-optimistic_transaction",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-transaction-S-optimistic_transaction-flush_interval",
+ "text" : "flush_interval",
+ "doc" : "指定操作在提交到存储之前可能在缓冲区中停留的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-transaction-S-optimistic_transaction-idle_flush_interval",
+ "text" : "idle_flush_interval",
+ "doc" : "如果分片在此期间未收到新事务,则缓冲区会提前刷新。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"1ms\""
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-transaction-S-optimistic_transaction-conflict_window",
+ "text" : "conflict_window",
+ "doc" : "内置持久存储后端在称为冲突跟踪窗口的时间段内跟踪最近的更新。\n\n早于窗口开始的事务将被自动拒绝。\n因此,实际上,此参数限制了事务可以运行的时间。\n\n较高的值可以减少因长时间运行而拒绝事务的风险,但可能会增加 RAM 需求。\n\n此值应大于刷新间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "optimistic_transaction",
+ "doc" : "内置持久存储后端的事务设置。"
+ }
+ ],
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-transaction",
+ "text" : "transaction",
+ "doc" : "事务设置。",
+ "type" : "Struct(optimistic_transaction)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized_v2",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized_v2-type",
+ "text" : "type",
+ "doc" : "通配符优化布局类型。",
+ "type" : "String(\"wildcard_optimized_v2\")",
+ "default" : "wildcard_optimized_v2"
+ }
+ ],
+ "text" : "layout_builtin_wildcard_optimized_v2",
+ "doc" : "通配符优化 布局旨在最大化覆盖大量主题的通配符订阅的吞吐量。\n\n例如,它可以处理大量客户端将数据发布到包含其客户端 ID 的主题的场景,如:sensor/%device-version%/%clientid%/temperature、sensor/%device-version%/%clientid%/pressure 等。\n此布局将自动将此类主题分组到单个流中,因此订阅包含通配符的主题过滤器(如 sensor/+/+/temperature)的客户端将能够以单个批次消费所有设备发布的消息。\n\n此布局对非通配符订阅也是有效的。"
+ },
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_wildcard_optimized-type",
+ "text" : "type",
+ "doc" : "通配符优化布局类型。",
+ "type" : "String(\"wildcard_optimized\")",
+ "default" : "wildcard_optimized"
+ }
+ ],
+ "text" : "layout_builtin_wildcard_optimized",
+ "doc" : "通配符优化 布局旨在最大化覆盖大量主题的通配符订阅的吞吐量。\n\n例如,它可以处理大量客户端将数据发布到包含其客户端 ID 的主题的场景,如:sensor/%device-version%/%clientid%/temperature、sensor/%device-version%/%clientid%/pressure 等。\n此布局将自动将此类主题分组到单个流中,因此订阅包含通配符的主题过滤器(如 sensor/+/+/temperature)的客户端将能够以单个批次消费所有设备发布的消息。\n\n此布局对非通配符订阅也是有效的。"
+ },
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_reference",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout-S-layout_builtin_reference-type",
+ "text" : "type",
+ "doc" : "参考布局类型",
+ "type" : "String(\"reference\")",
+ "default" : "reference"
+ }
+ ],
+ "text" : "layout_builtin_reference",
+ "doc" : "一种简单的布局类型,将所有主题的所有消息按时间顺序存储在一个流中。\n\n不推荐用于生产环境。"
+ }
+ ],
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_raft-layout",
+ "text" : "layout",
+ "doc" : "存储布局是一种在磁盘上排列来自各种主题和客户端消息的方法。\n\n根据工作负载类型和主题结构的不同,可以采用不同的数据存储策略,以最大化地提高从持久存储中读取消息的效率。",
+ "type" : "OneOf(Struct(layout_builtin_wildcard_optimized_v2),Struct(layout_builtin_wildcard_optimized),Struct(layout_builtin_reference))",
+ "default" : "{type = wildcard_optimized_v2}"
+ }
+ ],
+ "text" : "builtin_raft",
+ "doc" : "使用嵌入式 RocksDB 键值存储的内置存储后端。"
+ },
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "String(\"builtin_local\")",
+ "default" : "builtin_local"
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-data_dir",
+ "text" : "data_dir",
+ "doc" : "数据库所在的文件系统目录。\n\n默认情况下,它等于 node.data_dir。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-n_shards",
+ "text" : "n_shards",
+ "doc" : "内置的持久存储将数据分成多个分片。\n此配置参数定义分片的数量。\n请注意,它仅在持久存储数据库初始化期间生效。\n在数据库已经创建后更改此配置参数将不会产生任何效果。",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-transaction-S-optimistic_transaction",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-transaction-S-optimistic_transaction-flush_interval",
+ "text" : "flush_interval",
+ "doc" : "指定操作在提交到存储之前可能在缓冲区中停留的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-transaction-S-optimistic_transaction-idle_flush_interval",
+ "text" : "idle_flush_interval",
+ "doc" : "如果分片在此期间未收到新事务,则缓冲区会提前刷新。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"1ms\""
+ },
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-transaction-S-optimistic_transaction-conflict_window",
+ "text" : "conflict_window",
+ "doc" : "内置持久存储后端在称为冲突跟踪窗口的时间段内跟踪最近的更新。\n\n早于窗口开始的事务将被自动拒绝。\n因此,实际上,此参数限制了事务可以运行的时间。\n\n较高的值可以减少因长时间运行而拒绝事务的风险,但可能会增加 RAM 需求。\n\n此值应大于刷新间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "optimistic_transaction",
+ "doc" : "内置持久存储后端的事务设置。"
+ }
+ ],
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-transaction",
+ "text" : "transaction",
+ "doc" : "事务设置。",
+ "type" : "Struct(optimistic_transaction)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized_v2",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized_v2-type",
+ "text" : "type",
+ "doc" : "通配符优化布局类型。",
+ "type" : "String(\"wildcard_optimized_v2\")",
+ "default" : "wildcard_optimized_v2"
+ }
+ ],
+ "text" : "layout_builtin_wildcard_optimized_v2",
+ "doc" : "通配符优化 布局旨在最大化覆盖大量主题的通配符订阅的吞吐量。\n\n例如,它可以处理大量客户端将数据发布到包含其客户端 ID 的主题的场景,如:sensor/%device-version%/%clientid%/temperature、sensor/%device-version%/%clientid%/pressure 等。\n此布局将自动将此类主题分组到单个流中,因此订阅包含通配符的主题过滤器(如 sensor/+/+/temperature)的客户端将能够以单个批次消费所有设备发布的消息。\n\n此布局对非通配符订阅也是有效的。"
+ },
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_wildcard_optimized-type",
+ "text" : "type",
+ "doc" : "通配符优化布局类型。",
+ "type" : "String(\"wildcard_optimized\")",
+ "default" : "wildcard_optimized"
+ }
+ ],
+ "text" : "layout_builtin_wildcard_optimized",
+ "doc" : "通配符优化 布局旨在最大化覆盖大量主题的通配符订阅的吞吐量。\n\n例如,它可以处理大量客户端将数据发布到包含其客户端 ID 的主题的场景,如:sensor/%device-version%/%clientid%/temperature、sensor/%device-version%/%clientid%/pressure 等。\n此布局将自动将此类主题分组到单个流中,因此订阅包含通配符的主题过滤器(如 sensor/+/+/temperature)的客户端将能够以单个批次消费所有设备发布的消息。\n\n此布局对非通配符订阅也是有效的。"
+ },
+ {
+ "hash" : "T-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_reference",
+ "fields" : [
+ {
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout-S-layout_builtin_reference-type",
+ "text" : "type",
+ "doc" : "参考布局类型",
+ "type" : "String(\"reference\")",
+ "default" : "reference"
+ }
+ ],
+ "text" : "layout_builtin_reference",
+ "doc" : "一种简单的布局类型,将所有主题的所有消息按时间顺序存储在一个流中。\n\n不推荐用于生产环境。"
+ }
+ ],
+ "hash" : "V-durable_storage-S-durable_storage-messages-S-builtin_local-layout",
+ "text" : "layout",
+ "doc" : "存储布局是一种在磁盘上排列来自各种主题和客户端消息的方法。\n\n根据工作负载类型和主题结构的不同,可以采用不同的数据存储策略,以最大化地提高从持久存储中读取消息的效率。",
+ "type" : "OneOf(Struct(layout_builtin_wildcard_optimized_v2),Struct(layout_builtin_wildcard_optimized),Struct(layout_builtin_reference))",
+ "default" : "{type = wildcard_optimized_v2}"
+ }
+ ],
+ "text" : "builtin_local",
+ "doc" : "使用嵌入式 RocksDB 键值存储的内置存储后端。\n此后端不支持集群。"
+ }
+ ],
+ "hash" : "V-durable_storage-S-durable_storage-messages",
+ "text" : "messages",
+ "doc" : "与 MQTT 消息的持久存储相关的配置。",
+ "type" : "OneOf(Struct(builtin_raft),Struct(builtin_local))",
+ "default" : "{backend = builtin_raft}"
+ }
+ ],
+ "text" : "durable_storage",
+ "doc" : "与 EMQX 持久存储相关的配置。\n\nEMQX 使用持久存储来卸载各种数据到磁盘,如 MQTT 消息。"
+ }
+ ],
+ "hash" : "V-durable_storage",
+ "text" : "durable_storage",
+ "doc" : "与 EMQX 持久存储相关的配置。\n\nEMQX 使用持久存储来卸载各种数据到磁盘,如 MQTT 消息。",
+ "type" : "Struct(durable_storage)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-force_gc-S-force_gc",
+ "fields" : [
+ {
+ "hash" : "V-force_gc-S-force_gc-count",
+ "text" : "count",
+ "doc" : "在进程收到多少消息之后,对此进程执行垃圾回收。",
+ "type" : "Integer(0..inf)",
+ "default" : "16000"
+ },
+ {
+ "hash" : "V-force_gc-S-force_gc-bytes",
+ "text" : "bytes",
+ "doc" : "在进程处理过多少个字节之后,对此进程执行垃圾回收。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"16MB\""
+ }
+ ],
+ "text" : "force_gc",
+ "doc" : "Force garbage collection in MQTT connection process after\n they process certain number of messages or bytes of data."
+ }
+ ],
+ "hash" : "V-force_gc",
+ "text" : "force_gc",
+ "type" : "Struct(force_gc)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sysmon-S-sysmon",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-sysmon-S-sysmon-vm-S-sysmon_vm",
+ "fields" : [
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_check_interval",
+ "text" : "process_check_interval",
+ "doc" : "定期进程限制检查的时间间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_high_watermark",
+ "text" : "process_high_watermark",
+ "doc" : "在发出相应告警之前,本地节点上可以同时存在多少进程的阈值(以进程百分比表示)。",
+ "type" : "String",
+ "default" : "\"80%\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-process_low_watermark",
+ "text" : "process_low_watermark",
+ "doc" : "在清除相应告警之前,本地节点上可以同时存在多少进程的阈值(以进程百分比表示)。",
+ "type" : "String",
+ "default" : "\"60%\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-long_gc",
+ "text" : "long_gc",
+ "doc" : "当系统检测到某个 Erlang 进程垃圾回收占用过长时间,会触发一条带有 long_gc 关键字的日志。\n同时还会发布一条主题为 $SYS/sysmon/long_gc 的 MQTT 系统消息。",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-long_schedule",
+ "text" : "long_schedule",
+ "doc" : "启用后,如果 Erlang VM 调度器出现某个任务占用时间过长时,会触发一条带有 'long_schedule' 关键字的日志。\n同时还会发布一条主题为 $SYS/sysmon/long_schedule 的 MQTT 系统消息。",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "\"240ms\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-large_heap",
+ "text" : "large_heap",
+ "doc" : "启用后,当一个 Erlang 进程申请了大量内存,系统会触发一条带有 large_heap 关键字的\nwarning 级别日志。同时还会发布一条主题为 $SYS/sysmon/busy_dist_port 的 MQTT 系统消息。",
+ "type" : "OneOf(String(\"disabled\"),Bytesize)",
+ "default" : "\"32MB\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-busy_dist_port",
+ "text" : "busy_dist_port",
+ "doc" : "启用后,当用于集群接点之间 RPC 的连接过忙时,会触发一条带有 busy_dist_port 关键字的 warning 级别日志。\n同时还会发布一条主题为 $SYS/sysmon/busy_dist_port 的 MQTT 系统消息。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-vm-S-sysmon_vm-busy_port",
+ "text" : "busy_port",
+ "doc" : "当一个系统接口(例如 TCP socket)过忙,会触发一条带有 busy_port 关键字的 warning 级别的日志。\n同时还会发布一条主题为 $SYS/sysmon/busy_port 的 MQTT 系统消息。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "sysmon_vm",
+ "doc" : "This part of the configuration is responsible for collecting\n BEAM VM events, such as long garbage collection, traffic congestion in the inter-broker\n communication, etc."
+ }
+ ],
+ "hash" : "V-sysmon-S-sysmon-vm",
+ "text" : "vm",
+ "type" : "Struct(sysmon_vm)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sysmon-S-sysmon-os-S-sysmon_os",
+ "fields" : [
+ {
+ "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_check_interval",
+ "text" : "cpu_check_interval",
+ "doc" : "定期 CPU 检查的时间间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_high_watermark",
+ "text" : "cpu_high_watermark",
+ "doc" : "在发出相应告警之前可以使用多少系统 CPU 的阈值,以系统 CPU 负载的百分比表示。",
+ "type" : "String",
+ "default" : "\"80%\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-cpu_low_watermark",
+ "text" : "cpu_low_watermark",
+ "doc" : "在解除相应告警之前可以使用多少系统 CPU 的阈值,以系统 CPU 负载的百分比表示。",
+ "type" : "String",
+ "default" : "\"60%\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-mem_check_interval",
+ "text" : "mem_check_interval",
+ "doc" : "定期内存检查的时间间隔。",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-sysmem_high_watermark",
+ "text" : "sysmem_high_watermark",
+ "doc" : "在发出相应报警之前可以分配多少系统内存的阈值,以系统内存的百分比表示。",
+ "type" : "String",
+ "default" : "\"70%\""
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-os-S-sysmon_os-procmem_high_watermark",
+ "text" : "procmem_high_watermark",
+ "doc" : "在发出相应告警之前,一个 Erlang 进程可以分配多少系统内存的阈值,以系统内存的百分比表示。",
+ "type" : "String",
+ "default" : "\"5%\""
+ }
+ ],
+ "text" : "sysmon_os",
+ "doc" : "This part of the configuration is responsible for monitoring\n the host OS health, such as free memory, disk space, CPU load, etc."
+ }
+ ],
+ "hash" : "V-sysmon-S-sysmon-os",
+ "text" : "os",
+ "type" : "Struct(sysmon_os)"
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-mnesia_tm_mailbox_size_alarm_threshold",
+ "text" : "mnesia_tm_mailbox_size_alarm_threshold",
+ "doc" : "当 mnesia 事务管理器的邮箱大小超过该阈值时,会触发告警。该进程负责处理 EMQX 内部数据库 mnesia 中的所有事务。\n\n可能导致此告警触发的原因有多种。以下是一些需要检查或考虑的事项:\n- 降低 `max_conn_rate`,以便客户端以较慢的速度加入;\n- 增加 EMQX 的 CPU / RAM 资源;\n- 降低客户端侧的保留消息速率;\n- 检查集群内部网络带宽是否已达到最大值。",
+ "type" : "Integer(1..+inf)",
+ "default" : "500"
+ },
+ {
+ "hash" : "V-sysmon-S-sysmon-broker_pool_mailbox_size_alarm_threshold",
+ "text" : "broker_pool_mailbox_size_alarm_threshold",
+ "doc" : "当代理服务器线程池的最大邮箱大小超过该阈值时,会触发告警。代理服务器线程池负责处理添加和移除订阅,以及路由信息的复制。\n\n可能导致此告警触发的原因有多种。以下是一些需要检查或考虑的事项:\n- 增加 EMQX 的 CPU / RAM 资源;\n- 审查客户端的订阅情况,例如,尝试压缩主题过滤器;\n- 检查集群内部网络带宽是否已达到最大值。",
+ "type" : "Integer(1..+inf)",
+ "default" : "500"
+ }
+ ],
+ "text" : "sysmon",
+ "doc" : "Features related to system monitoring and introspection."
+ }
+ ],
+ "hash" : "V-sysmon",
+ "text" : "sysmon",
+ "type" : "Struct(sysmon)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-alarm-S-alarm",
+ "fields" : [
+ {
+ "hash" : "V-alarm-S-alarm-actions",
+ "text" : "actions",
+ "doc" : "告警激活时触发的动作。
目前,支持以下操作:log 和 publish.\nlog 将告警写入日志 (控制台或者文件).\npublish 将告警作为 MQTT 消息发布到系统主题:\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/activate and\n$SYS/brokers/emqx@xx.xx.xx.x/alarms/deactivate",
+ "type" : "Array(Enum(log,publish))",
+ "default" : "[log, publish]"
+ },
+ {
+ "hash" : "V-alarm-S-alarm-size_limit",
+ "text" : "size_limit",
+ "doc" : "最多可以存储的历史告警数量。\n\n当达到最大数量时,将删除最旧的历史告警以存储新的历史告警。",
+ "type" : "Integer(1..3000)",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-alarm-S-alarm-validity_period",
+ "text" : "validity_period",
+ "doc" : "历史告警的有效期。从历史告警激活的时间开始计算,而不是取消的时间。\n\n如果告警存在的时间超过了有效期,该告警将被删除。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"24h\""
+ }
+ ],
+ "text" : "alarm",
+ "doc" : "Settings for the alarms."
+ }
+ ],
+ "hash" : "V-alarm",
+ "text" : "alarm",
+ "type" : "Struct(alarm)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-flapping_detect-S-flapping_detect",
+ "fields" : [
+ {
+ "hash" : "V-flapping_detect-S-flapping_detect-enable",
+ "text" : "enable",
+ "doc" : "启用抖动检测功能。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-flapping_detect-S-flapping_detect-window_time",
+ "text" : "window_time",
+ "doc" : "抖动检测的时间窗口。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"1m\""
+ },
+ {
+ "hash" : "V-flapping_detect-S-flapping_detect-max_count",
+ "text" : "max_count",
+ "doc" : "MQTT 客户端在“窗口”时间内允许的最大断开次数",
+ "type" : "Integer(0..+inf)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-flapping_detect-S-flapping_detect-ban_time",
+ "text" : "ban_time",
+ "doc" : "抖动的客户端将会被禁止登录多长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ }
+ ],
+ "text" : "flapping_detect",
+ "doc" : "This config controls the allowed maximum number of `CONNECT` packets received\nfrom the same clientid in a time frame defined by `window_time`.\nAfter the limit is reached, successive `CONNECT` requests are forbidden\n(banned) until the end of the time period defined by `ban_time`."
+ }
+ ],
+ "hash" : "V-flapping_detect",
+ "text" : "flapping_detect",
+ "type" : "Struct(flapping_detect)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-durable_sessions-S-durable_sessions",
+ "fields" : [
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-enable",
+ "text" : "enable",
+ "doc" : "使用持久存储来持久化客户端会话。\n如果启用,会话和相应的消息将被持久存储,并在服务器停机时保留。\n\n::: warning\n发送到持久会话的消息会被存储在磁盘上。\n这不可避免地限制了系统的总体吞吐量。\n:::",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-batch_size",
+ "text" : "batch_size",
+ "doc" : "此值影响持久会话的流量控制。\n持久会话以批次查询持久消息存储。\n此值指定批次的大小。\n\n注意:较大的批次通常提高系统的吞吐量和整体性能,但会增加每个客户端的 RAM 使用量。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-idle_poll_interval",
+ "text" : "idle_poll_interval",
+ "doc" : "持久会话向存储发送轮询请求的过期间隔时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-heartbeat_interval",
+ "text" : "heartbeat_interval",
+ "doc" : "持久会话每个心跳间隔将其状态备份到磁盘上。\n\n在对过期会话进行垃圾回收时,系统也会考虑心跳间隔的时间。\n当会话终止的精确时间不确定时,心跳间隔会作为安全边际添加到会话过期时间中。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5000ms\""
+ },
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-session_gc_interval",
+ "text" : "session_gc_interval",
+ "doc" : "执行持久会话垃圾回收的间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10m\""
+ },
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-session_gc_batch_size",
+ "text" : "session_gc_batch_size",
+ "doc" : "每次迭代要垃圾回收的过期持久会话的批量大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-durable_sessions-S-durable_sessions-message_retention_period",
+ "text" : "message_retention_period",
+ "doc" : "消息服务器会在此时间段内保留发送到持久会话的消息。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"1d\""
+ }
+ ],
+ "text" : "durable_sessions",
+ "doc" : "会话持久化功能的相关设置。"
+ }
+ ],
+ "hash" : "V-durable_sessions",
+ "text" : "durable_sessions",
+ "type" : "Struct(durable_sessions)"
+ },
+ {
+ "hash" : "V-config_backup_interval",
+ "text" : "config_backup_interval",
+ "doc" : "备份 `cluster.hocon` 配置文件的时间间隔。即使在该时间间隔内进行了多次配置更新,也只会创建一次备份,包含当前的最新配置。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-doris-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-server",
+ "text" : "server",
+ "doc" : "连接的 IPv4 或 IPv6 地址或主机名。
\n 主机条目具有以下形式:`Host[:Port]`。
\n 如果未指定 `[:Port]`,则使用 Doris 默认端口 9030。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String",
+ "default" : "root"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl-S-ssl-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-doris-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-doris-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Doris 表的连接器配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-doris",
+ "text" : "doris",
+ "doc" : "Doris 表的连接器配置。",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-clickhouse-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-url",
+ "text" : "url",
+ "doc" : "你想连接到的 Clickhouse 服务器的 HTTP URL(例如 http://myhostname:8123)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-clickhouse-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Clickhouse 桥接配置"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-clickhouse",
+ "text" : "clickhouse",
+ "doc" : "ClickHouse Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-rabbitmq-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-server",
+ "text" : "server",
+ "doc" : "您想要连接的 RabbitMQ 服务器地址(例如,localhost)。",
+ "type" : "String",
+ "default" : "localhost"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-port",
+ "text" : "port",
+ "doc" : "您想要连接的 RabbitMQ 服务器地址(例如,localhost)。",
+ "type" : "Integer(1..65535)",
+ "default" : "5672"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-username",
+ "text" : "username",
+ "doc" : "用于与 RabbitMQ 服务器进行认证的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池的大小",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-timeout",
+ "text" : "timeout",
+ "doc" : "等待连接建立的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-virtual_host",
+ "text" : "virtual_host",
+ "doc" : "连接到 RabbitMQ 服务器时使用的虚拟主机。",
+ "type" : "String",
+ "default" : "\"/\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-heartbeat",
+ "text" : "heartbeat",
+ "doc" : "向 RabbitMQ 服务器发送心跳消息的间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "连接器资源选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-rabbitmq-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "RabbitMQ 连接器的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-rabbitmq",
+ "text" : "rabbitmq",
+ "doc" : "RabbitMQ Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mqtt-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "将发布消息到远程代理的 MQTT 客户端池的大小。
\n每个 MQTT 客户端都将分配'clientid',格式为'${clientid_prefix}:${bridge_name}:egress:${node}:${n}'\n其中'n'是池中客户端的编号。\n\n如果 `static_clientids` 不为空,则此选项无效。当使用静态客户端 ID 时,池的大小始终根据每个节点分配的 ID 数量来确定。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-mode",
+ "text" : "mode",
+ "doc" : "Deprecated since v5.1.0 & e5.1.0.",
+ "type" : "Enum(cluster_shareload)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-server",
+ "text" : "server",
+ "doc" : "远程 MQTT 代理的主机和端口",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-clientid_prefix",
+ "text" : "clientid_prefix",
+ "doc" : "附加到 egress 动作使用的 clientid 前缀(可选)。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-static_clientids-S-static_clientid_entry",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-static_clientids-S-static_clientid_entry-node",
+ "text" : "node",
+ "doc" : "节点名称(例如:`emqx@10.0.0.1`)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-static_clientids-S-static_clientid_entry-ids",
+ "text" : "ids",
+ "doc" : "分配给此节点的静态客户端 ID 数组。",
+ "type" : "Array(String)"
+ }
+ ],
+ "text" : "static_clientid_entry",
+ "doc" : "将 EMQX 节点名称映射到静态客户端 ID 的条目。\n\n如果定义了任何条目,则只有与这些条目匹配的 EMQX 节点才会启动具有相应 clientid 的 MQTT 客户端。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-static_clientids",
+ "text" : "static_clientids",
+ "doc" : "将 EMQX 节点名称映射到静态客户端 ID 的条目。\n\n如果定义了任何条目,则只有与这些条目匹配的 EMQX 节点才会启动具有相应 clientid 的 MQTT 客户端。",
+ "type" : "Array(Struct(static_clientid_entry))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-reconnect_interval",
+ "text" : "reconnect_interval",
+ "doc" : "Deprecated since v5.0.16.",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-proto_ver",
+ "text" : "proto_ver",
+ "doc" : "MQTT协议版本",
+ "type" : "Enum(v3,v4,v5)",
+ "default" : "v4"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-bridge_mode",
+ "text" : "bridge_mode",
+ "doc" : "如果启用桥接模式。\n注意:此设置仅适用于 MQTT 协议版本早于5.0的情况,远程 MQTT\n代理必须支持此功能。\n如果将 bridge_mode 设置为true,则桥接将指示远程代理它是一个桥接而不是普通客户端。\n这意味着循环检测将更加有效,并且保留的消息将被正确传递。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-username",
+ "text" : "username",
+ "doc" : "MQTT 协议的用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-password",
+ "text" : "password",
+ "doc" : "MQTT 协议的密码
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-clean_start",
+ "text" : "clean_start",
+ "doc" : "在重新连接到入口动作时是否启动新会话",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-keepalive",
+ "text" : "keepalive",
+ "doc" : "时间间隔是一个包含数字和时间单位的字符串:\n - `ms` 表示毫秒\n - `s` 表示秒\n - `m` 表示分钟\n - `h` 表示小时\n或其组合:`1h5m0s`",
+ "type" : "String",
+ "default" : "\"160s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接远程代理服务器的超时时间。在尝试建立初始连接时,连接的工作进程会暂停,直到达到设定的超时时间为止。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "在未收到 ACK 的情况下,MQTT 桥接器重试发送 QoS1/QoS2 消息的延迟。",
+ "type" : "String",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "MQTT 协议的最大 inflight(已发送但未确认)消息数",
+ "type" : "Integer(0..+inf)",
+ "default" : "32"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mqtt-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "MQTT connector 的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mqtt",
+ "text" : "mqtt",
+ "doc" : "MQTT Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-dynamo-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-url",
+ "text" : "url",
+ "doc" : "DynamoDB 的地址。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-region",
+ "text" : "region",
+ "doc" : "AWS Dynamo 的区域",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-aws_access_key_id",
+ "text" : "aws_access_key_id",
+ "doc" : "DynamoDB 的访问 ID。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-aws_secret_access_key",
+ "text" : "aws_secret_access_key",
+ "doc" : "DynamoDB 的访问密钥。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-dynamo-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "DynamoDB 连接器的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-dynamo",
+ "text" : "dynamo",
+ "doc" : "DynamoDB Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-timescale-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-server",
+ "text" : "server",
+ "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n一个主机条目具有以下格式:Host[:Port]。
\n如果未指定 [:Port],将使用 PostgreSQL 默认端口5432。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-disable_prepared_statements",
+ "text" : "disable_prepared_statements",
+ "doc" : "在连接中禁用预处理语句的使用。\n某些端点,如 PGBouncer 或 Transaction 模式下的 Supabase,\n不支持像处理语句这样的会话功能。 \n 对于此类连接,应启用此选项。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-timescale-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "PostgreSQL 连接器的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-timescale",
+ "text" : "timescale",
+ "doc" : "Timescale Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-bootstrap_hosts",
+ "text" : "bootstrap_hosts",
+ "doc" : "用逗号分隔的 host[:port] 主机列表。默认端口号为 9092。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "建立 TCP 连接时的最大等待时长(若启用认证,这个等待时长也包含完成认证所需时间)。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-min_metadata_refresh_interval",
+ "text" : "min_metadata_refresh_interval",
+ "doc" : "刷新 Kafka broker 和 Kafka 主题元数据段最短时间间隔。设置太小可能会增加 Kafka 压力。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-metadata_request_timeout",
+ "text" : "metadata_request_timeout",
+ "doc" : "刷新元数据时最大等待时长。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password-mechanism",
+ "text" : "mechanism",
+ "doc" : "SASL 认证方法名称。",
+ "type" : "Enum(plain,scram_sha_256,scram_sha_512)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password-username",
+ "text" : "username",
+ "doc" : "SASL 认证的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_username_password-password",
+ "text" : "password",
+ "doc" : "SASL 认证的密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_username_password",
+ "doc" : "基于用户名密码的认证。"
+ },
+ {
+ "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_gssapi_kerberos",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_principal",
+ "text" : "kerberos_principal",
+ "doc" : "SASL GSSAPI 认证方法的 Kerberos 主体,例如 kafka/node1.example.com@EXAMPLE.COM/code>,注意:这里使用的 realm 需要配置在 EMQX 服务器的 /etc/krb5.conf 中。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_keytab_file",
+ "text" : "kerberos_keytab_file",
+ "doc" : "SASL GSSAPI 认证方法的 Kerberos keytab 文件。注意:该文件需要上传到 EMQX 服务器中,且运行 EMQX 服务的系统账户需要有读取权限。",
+ "type" : "String"
+ }
+ ],
+ "text" : "auth_gssapi_kerberos",
+ "doc" : "使用 GSSAPI/Kerberos 认证。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-authentication",
+ "text" : "authentication",
+ "doc" : "认证配置。\n- none:无认证。\n- msk_iam:使用 [MSK IAM 认证](https://docs.aws.amazon.com/msk/latest/developerguide/security-iam.html)。注意:这仅在 EMQX 运行在 EC2 实例上时有效。\n- basic auth:简单的用户名和密码认证。\n- kerberos:使用 Kerberos GSSAPI 认证。",
+ "type" : "OneOf(String(\"none\"),String(\"msk_iam\"),Struct(auth_username_password),Struct(auth_gssapi_kerberos))",
+ "default" : "none"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "TCP socket 的发送缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "TCP socket 的收包缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "设置‘true’让系统内核立即发送。否则当需要发送的内容很少时,可能会有一定延迟(默认 40 毫秒)。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive",
+ "text" : "tcp_keepalive",
+ "doc" : "启用 TCP Keepalive(保持连接)。\n该值由三个以逗号分隔的数字组成,格式为 'Idle,Interval,Probes':\n - Idle:连接空闲多长时间(秒)后,服务器开始发送 Keepalive 探测报文(Linux 默认值 7200)。\n - Interval:每次 TCP Keepalive 探测之间的间隔时间(秒)(Linux 默认值 75)。\n - Probes:如果未从对端收到响应,在放弃连接并关闭之前,最多发送的 TCP Keepalive 探测报文次数(Linux 默认值 9)。\n例如,配置为 \"240,30,5\" 意味着:当连接空闲 240 秒后,EMQX 将开始发送探测报文,每 30 秒发送一次直到收到响应,如果连续 5 没有收到响应,则关闭该连接。\n默认值:'none'。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "socket_opts",
+ "doc" : "更多 Socket 参数设置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-socket_opts",
+ "text" : "socket_opts",
+ "doc" : "更多 Socket 参数设置。",
+ "type" : "Struct(socket_opts)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-health_check_topic",
+ "text" : "health_check_topic",
+ "doc" : "专用于更精确的连接器健康检查的主题名称。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "TLS 握手的 Server Name Indication (SNI) 设置。
\n- auto:客户端将使用 \"servicebus.windows.net\" 作为 SNI。
\n- disable:如果您希望阻止客户端发送 SNI。
\n- 其他字符串值将按原样发送。",
+ "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)",
+ "default" : "auto"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Kafka 客户端的 TLS/SSL 选项"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-ssl",
+ "text" : "ssl",
+ "type" : "Struct(ssl_client_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_producer-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "一个 Kafka 生产者客户端的配置项"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_producer",
+ "text" : "kafka_producer",
+ "doc" : "Kafka Producer Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-datalayers-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-server",
+ "text" : "server",
+ "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机条目的格式为:`Host[:Port]`.
\n如果未指定 `[:Port]`,则使用 Datalayers 的默认端口 8361。",
+ "type" : "String",
+ "default" : "\"127.0.0.1:8361\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池的大小,指向桥接目标服务的连接池大小。",
+ "type" : "Integer",
+ "default" : "8"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-driver_type",
+ "text" : "driver_type",
+ "doc" : "用于与 Datalayers 服务通信的驱动程序。",
+ "type" : "Enum(influxdb_v1)",
+ "default" : "influxdb_v1"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-database",
+ "text" : "database",
+ "doc" : "Datalayers 数据库",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-username",
+ "text" : "username",
+ "doc" : "Datalayers 用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters-S-datalayers_influxdb_v1_parameters-password",
+ "text" : "password",
+ "doc" : "Datalayers 密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "datalayers_influxdb_v1_parameters",
+ "doc" : "特定于此 Datalayers 连接器类型的参数集。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-parameters",
+ "text" : "parameters",
+ "doc" : "特定于此 Datalayers 连接器类型的参数集。",
+ "type" : "OneOf(Struct(datalayers_influxdb_v1_parameters))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-datalayers-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Datalayers 数据集成的配置"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-datalayers",
+ "text" : "datalayers",
+ "doc" : "Datalayers Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-couchbase-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-server",
+ "text" : "server",
+ "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n 主机条目的格式为:`Host[:Port]`。`Host[:Port]`.
\n 如果未指定 `[:Port]`,则使用 Couchbase 默认的查询服务端口 8093。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 HTTP 服务器时的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-pipelining",
+ "text" : "pipelining",
+ "doc" : "一个正整数,表示是否连续发送 HTTP 请求。当设置为 1 时,表示每次发送 HTTP 请求后,需要等待服务器返回再继续发送下一个请求。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "指定与 Couchbase 服务对接时连接池中可以维持的并发连接数。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-username",
+ "text" : "username",
+ "doc" : "访问 Couchbase 服务的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-password",
+ "text" : "password",
+ "doc" : "访问 Couchbase 服务的密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-couchbase-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "用于连接 Couchbase 服务的连接器配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-couchbase",
+ "text" : "couchbase",
+ "doc" : "Couchbase Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "独立实例。当MongoDB服务器以独立模式运行时,必须设置为`single`。",
+ "type" : "String(\"single\")",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single-server",
+ "text" : "server",
+ "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
主机条目具有以下形式:主机[:端口]。
如果未指定[:端口],则使用MongoDB的默认端口27017。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_single-w_mode",
+ "text" : "w_mode",
+ "doc" : "写入模式",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ }
+ ],
+ "text" : "connector_single",
+ "doc" : "单个 MongoDB 实例的设置"
+ },
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "分片集群。当 MongoDB 服务器以`分片`模式运行时,必须设置为`sharded`。",
+ "type" : "String(\"sharded\")",
+ "default" : "sharded"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded-servers",
+ "text" : "servers",
+ "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_sharded-w_mode",
+ "text" : "w_mode",
+ "doc" : "写入模式",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ }
+ ],
+ "text" : "connector_sharded",
+ "doc" : "分片集群的设置。"
+ },
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-mongo_type",
+ "text" : "mongo_type",
+ "doc" : "副本集。当MongoDB服务器以`副本集`模式运行时,必须设置为`rs`。",
+ "type" : "String(\"rs\")",
+ "default" : "rs"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-servers",
+ "text" : "servers",
+ "doc" : "集群连接的节点列表。节点应使用逗号分隔,例如:节点[,节点]。\n对于每个节点,应该是要连接的 IPv4 或 IPv6 地址或主机名。\n主机条目具有以下形式:主机[:端口]。\n如果未指定[:端口],则使用 MongoDB 的默认端口27017。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-w_mode",
+ "text" : "w_mode",
+ "doc" : "写入模式",
+ "type" : "Enum(unsafe,safe)",
+ "default" : "unsafe"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-r_mode",
+ "text" : "r_mode",
+ "doc" : "读取模式。",
+ "type" : "Enum(master,slave_ok)",
+ "default" : "master"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters-S-connector_rs-replica_set_name",
+ "text" : "replica_set_name",
+ "doc" : "副本集的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "connector_rs",
+ "doc" : "副本集的设置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-parameters",
+ "text" : "parameters",
+ "doc" : "特定于此 MongoDB 连接器类型的一组参数,mongo_type 可以是 single(独立)、sharded(分片)或 rs(副本集)之一。",
+ "type" : "OneOf(Struct(connector_single),Struct(connector_sharded),Struct(connector_rs))"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-srv_record",
+ "text" : "srv_record",
+ "doc" : "使用 DNS SRV 记录。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-use_legacy_protocol",
+ "text" : "use_legacy_protocol",
+ "doc" : "是否使用 MongoDB 的传统协议与数据库通信。默认情况下,将尝试自动确定是否支持较新的协议。",
+ "type" : "Enum(auto,true,false)",
+ "default" : "auto"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-auth_source",
+ "text" : "auth_source",
+ "doc" : "与用户认证信息关联的数据库名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-max_overflow",
+ "text" : "max_overflow",
+ "doc" : "在池中的所有工作线程都繁忙时,可以创建的附加工作线程的最大数量。这有助于通过允许更多并发连接到 MongoDB 服务器来管理工作负载的暂时性波动。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-overflow_ttl",
+ "text" : "overflow_ttl",
+ "doc" : "超出配置的池大小(\"溢出\")的工作线程在终止之前的时间段。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-overflow_check_period",
+ "text" : "overflow_check_period",
+ "doc" : "检查是否存在多余工作线程(\"溢出\")的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-local_threshold_ms",
+ "text" : "local_threshold_ms",
+ "doc" : "用于在多个合适的 MongoDB 实例中进行选择的延迟窗口的大小。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-connect_timeout_ms",
+ "text" : "connect_timeout_ms",
+ "doc" : "在超时之前尝试连接的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-socket_timeout_ms",
+ "text" : "socket_timeout_ms",
+ "doc" : "在套接字上尝试发送或接收超时之前的持续时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-server_selection_timeout_ms",
+ "text" : "server_selection_timeout_ms",
+ "doc" : "指定在抛出异常之前进行服务器选择的阻塞时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-wait_queue_timeout_ms",
+ "text" : "wait_queue_timeout_ms",
+ "doc" : "工作线程等待连接可用的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-heartbeat_frequency_ms",
+ "text" : "heartbeat_frequency_ms",
+ "doc" : "控制驱动程序何时检查 MongoDB 部署的状态。指定检查之间的时间间隔,从上次检查结束到下次检查开始计算。如果连接数增加(例如,如果增加了池大小),则可能需要增加此时间间隔,以避免在 MongoDB 日志文件中创建过多的日志条目。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"200s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology-S-topology-min_heartbeat_frequency_ms",
+ "text" : "min_heartbeat_frequency_ms",
+ "doc" : "控制心跳之间等待的最短时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "topology",
+ "doc" : "MongoDB 的拓扑结构。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-topology",
+ "text" : "topology",
+ "type" : "Struct(topology)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mongodb-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "MongoDB 动作的配置"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mongodb",
+ "text" : "mongodb",
+ "doc" : "MongoDB Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-matrix-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-server",
+ "text" : "server",
+ "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n一个主机条目具有以下格式:Host[:Port]。
\n如果未指定 [:Port],将使用 PostgreSQL 默认端口5432。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-disable_prepared_statements",
+ "text" : "disable_prepared_statements",
+ "doc" : "在连接中禁用预处理语句的使用。\n某些端点,如 PGBouncer 或 Transaction 模式下的 Supabase,\n不支持像处理语句这样的会话功能。 \n 对于此类连接,应启用此选项。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-matrix-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "PostgreSQL 连接器的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-matrix",
+ "text" : "matrix",
+ "doc" : "Matrix Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-elasticsearch-S-config",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-pool_type",
+ "text" : "pool_type",
+ "doc" : "连接池类型。可以是random、hash之一。",
+ "type" : "Enum(random,hash)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-server",
+ "text" : "server",
+ "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。\n一个主机条目有如下形式:`主机[:端口]`。\n如果没有指定 `[:端口]`,则使用 Elasticsearch 默认端口 9200。",
+ "type" : "String",
+ "default" : "\"127.0.0.1:9200\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic-username",
+ "text" : "username",
+ "doc" : "IoTDB REST 接口配置的用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication-S-auth_basic-password",
+ "text" : "password",
+ "doc" : "ElasticSearch REST 连接密码
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_basic",
+ "doc" : "Basic Authentication"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-elasticsearch-S-config-authentication",
+ "text" : "authentication",
+ "doc" : "认证配置",
+ "type" : "OneOf(Struct(auth_basic))"
+ }
+ ],
+ "text" : "config",
+ "doc" : "ElasticSearch 动作的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-elasticsearch",
+ "text" : "elasticsearch",
+ "doc" : "ElasticSearch Connector Config",
+ "type" : "Map($name->Struct(config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-http-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-url",
+ "text" : "url",
+ "doc" : "HTTP 动作的 URL。
\n此路径允许使用带有变量的模板,但变量不能用于方案、主机或端口部分。
\n例如, http://localhost:9901/${topic} 是允许的,但\n http://${host}:9901/message 或 http://localhost:${port}/message \n是不允许的。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-headers",
+ "text" : "headers",
+ "doc" : "HTTP 请求头。
\n允许使用带有变量的模板。",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=5\"}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "Deprecated since 5.0.4.
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-pool_type",
+ "text" : "pool_type",
+ "doc" : "连接池类型。可以是random、hash之一。",
+ "type" : "Enum(random,hash)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-request",
+ "text" : "request",
+ "doc" : "Deprecated since 5.3.2.",
+ "type" : "Map"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-http-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "HTTP 动作的配置"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-http",
+ "text" : "http",
+ "doc" : "HTTP Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_blob_storage-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-account_name",
+ "text" : "account_name",
+ "doc" : "Azure Blob Storage 服务的账户名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-account_key",
+ "text" : "account_key",
+ "doc" : "Azure Blob Storage 服务的访问密钥。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_blob_storage-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "用来连接 Azure Blob Storage 服务的连接器配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_blob_storage",
+ "text" : "azure_blob_storage",
+ "doc" : "Azure Blob Storage Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-oracle-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-server",
+ "text" : "server",
+ "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。
主机名具有以下形式:`Host[:Port]`。
如果未指定 `[:Port]`,则使用 Oracle Database 默认端口 1521。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-sid",
+ "text" : "sid",
+ "doc" : "Oracle Database Sid 名称",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-service_name",
+ "text" : "service_name",
+ "doc" : "Oracle Database 服务名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-role",
+ "text" : "role",
+ "doc" : "选择用于连接到 Oracle 数据库的角色。
- normal: 不使用任何特殊角色
- sysdba: 系统数据库管理员角色,具有高级权限",
+ "type" : "Enum(normal,sysdba)",
+ "default" : "normal"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-oracle-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Oracle 客户端的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-oracle",
+ "text" : "oracle",
+ "doc" : "Oracle Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-cassandra-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-servers",
+ "text" : "servers",
+ "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。
\n主机名具有以下形式:`Host[:Port][,Host2:Port]`。
\n如果未指定 `[:Port]`,则使用 Cassandra 默认端口 9042。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-keyspace",
+ "text" : "keyspace",
+ "doc" : "要连接到的 Keyspace 名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-cassandra-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Cassandra 桥接配置"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-cassandra",
+ "text" : "cassandra",
+ "doc" : "Cassandra Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-opents-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-server",
+ "text" : "server",
+ "doc" : "服务器的地址。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-summary",
+ "text" : "summary",
+ "doc" : "是否返回摘要信息。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-details",
+ "text" : "details",
+ "doc" : "是否返回详细信息。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-opents-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "OpenTSDB 连接器的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-opents",
+ "text" : "opents",
+ "doc" : "OpenTSDB Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-hstreamdb-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-url",
+ "text" : "url",
+ "doc" : "HStreamDB 服务器 URL。使用 gRPC http 服务器地址。",
+ "type" : "String",
+ "default" : "\"http://127.0.0.1:6570\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-grpc_timeout",
+ "text" : "grpc_timeout",
+ "doc" : "HStreamDB gRPC 连接超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-hstreamdb-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "HStreamDB 连接器的配置"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-hstreamdb",
+ "text" : "hstreamdb",
+ "doc" : "HStreamDB Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kinesis-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-aws_access_key_id",
+ "text" : "aws_access_key_id",
+ "doc" : "连接到 Amazon Kinesis 的访问密钥 ID。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-aws_secret_access_key",
+ "text" : "aws_secret_access_key",
+ "doc" : "连接到 Amazon Kinesis 的 AWS 秘密访问密钥。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-endpoint",
+ "text" : "endpoint",
+ "doc" : "Amazon Kinesis 终端节点的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-max_retries",
+ "text" : "max_retries",
+ "doc" : "发送请求时发生错误的最大重试次数。",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kinesis-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Kinesis 客户端的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kinesis",
+ "text" : "kinesis",
+ "doc" : "Kinesis Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-snowflake-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-server",
+ "text" : "server",
+ "doc" : "连接到 Snowflake 计算服务器的地址。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-account",
+ "text" : "account",
+ "doc" : "Snowflake 的账户 ID。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-dsn",
+ "text" : "dsn",
+ "doc" : "与已安装的 Snowflake ODBC 驱动程序关联的数据源名称 (DSN)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-private_key_path",
+ "text" : "private_key_path",
+ "doc" : "用于 ODBC 连接的私钥的完整文件路径。此路径在集群的所有节点上必须相同。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-private_key_password",
+ "text" : "private_key_password",
+ "doc" : "用于解密私钥的密码。如果私钥未加密,请不要设置此值。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-snowflake-S-config_connector-proxy-S-proxy_config",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-proxy-S-proxy_config-host",
+ "text" : "host",
+ "doc" : "用于连接的代理主机地址。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-proxy-S-proxy_config-port",
+ "text" : "port",
+ "doc" : "连接时使用的代理端口。",
+ "type" : "Integer(1..65535)"
+ }
+ ],
+ "text" : "proxy_config",
+ "doc" : "代理配置。目前仅支持普通的 HTTP 代理(不支持 HTTPS)。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-proxy",
+ "text" : "proxy",
+ "doc" : "代理配置。目前仅支持普通的 HTTP 代理(不支持 HTTPS)。",
+ "type" : "OneOf(String(\"none\"),Struct(proxy_config))",
+ "default" : "none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-snowflake-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "连接到 Snowflake 服务的连接器配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-snowflake",
+ "text" : "snowflake",
+ "doc" : "Snowflake Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-tdengine-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-server",
+ "text" : "server",
+ "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。
\n主机名具有以下形式:`Host[:Port]`。
\n如果未指定 `[:Port]`,则使用 TDengine 默认端口 6041。
\n
\n该字段也支持设置一个连接到 TDengine Cloud 的 HTTPS URLs。例如:`https://gw.us-west-2.aws.cloud.tdengine.com `。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-token",
+ "text" : "token",
+ "doc" : "连接 TDengine Cloud 时使用的 Token。
\n如果设置了该值,将会覆盖用户名和密码的认证方式。
\n默认值为空。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-tdengine-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "TDengine 连接器的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-tdengine",
+ "text" : "tdengine",
+ "doc" : "TDengine Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-influxdb-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-server",
+ "text" : "server",
+ "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。
\n主机名具有以下形式:`Host[:Port]`。
\n如果未指定 `[:Port]`,则使用 InfluxDB 默认端口 8086。",
+ "type" : "String",
+ "default" : "\"127.0.0.1:8086\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池的大小,指向桥接目标服务的连接池大小。",
+ "type" : "Integer",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-influxdb_type",
+ "text" : "influxdb_type",
+ "doc" : "InfluxDB HTTP API 协议。支持 Influxdb v1.8 以及之前的版本。",
+ "type" : "String(\"influxdb_api_v1\")",
+ "default" : "influxdb_api_v1"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-database",
+ "text" : "database",
+ "doc" : "InfluxDB 数据库。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-username",
+ "text" : "username",
+ "doc" : "InfluxDB 用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v1-password",
+ "text" : "password",
+ "doc" : "InfluxDB 密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "connector_influxdb_api_v1",
+ "doc" : "InfluxDB HTTP API 协议。支持 Influxdb v1.8 以及之前的版本。"
+ },
+ {
+ "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-influxdb_type",
+ "text" : "influxdb_type",
+ "doc" : "InfluxDB HTTP API V2 协议。支持 Influxdb v2.0 以及之后的版本。",
+ "type" : "String(\"influxdb_api_v2\")",
+ "default" : "influxdb_api_v2"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-bucket",
+ "text" : "bucket",
+ "doc" : "InfluxDB bucket 名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-org",
+ "text" : "org",
+ "doc" : "InfluxDB 组织名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters-S-connector_influxdb_api_v2-token",
+ "text" : "token",
+ "doc" : "InfluxDB token。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "connector_influxdb_api_v2",
+ "doc" : "InfluxDB HTTP API V2 协议。支持 Influxdb v2.0 以及之后的版本。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-parameters",
+ "text" : "parameters",
+ "doc" : "给定版本的 InfluxDB 连接器的参数集,`influxdb_type` 可以是 `influxdb_api_v1` 或 `influxdb_api_v2`。",
+ "type" : "OneOf(Struct(connector_influxdb_api_v1),Struct(connector_influxdb_api_v2))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-influxdb-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "InfluxDB 桥接配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-influxdb",
+ "text" : "influxdb",
+ "doc" : "InfluxDB Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-redis-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-server",
+ "text" : "server",
+ "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-redis_type",
+ "text" : "redis_type",
+ "doc" : "Single 模式。 当 Redis 服务器在 Single 模式下运行时必须设置为 'single' 。",
+ "type" : "String(\"single\")",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-database",
+ "text" : "database",
+ "doc" : "Redis 数据库 ID。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_single_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ }
+ ],
+ "text" : "redis_single_connector",
+ "doc" : "Single 模式下的 Redis 连接器。"
+ },
+ {
+ "hash" : "T-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-servers",
+ "text" : "servers",
+ "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-redis_type",
+ "text" : "redis_type",
+ "doc" : "Sentinel 模式。 当 Redis 服务器在 Senitel 模式下运行时必须设置为 'sentinel' 。",
+ "type" : "String(\"sentinel\")",
+ "default" : "sentinel"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-sentinel",
+ "text" : "sentinel",
+ "doc" : "Redis sentinel 模式下的集群名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-database",
+ "text" : "database",
+ "doc" : "Redis 数据库 ID。",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_sentinel_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ }
+ ],
+ "text" : "redis_sentinel_connector",
+ "doc" : "Sentinel 模式下的 Redis 连接器。"
+ },
+ {
+ "hash" : "T-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-servers",
+ "text" : "servers",
+ "doc" : "集群将要连接的节点列表。 节点之间用逗号分隔,如:Node[,Node]。每个节点的配置为:将要连接的 IPv4 或 IPv6 地址或主机名。主机名具有以下形式:Host[:Port]。如果未指定 [:Port],则使用 Redis 默认端口 6379。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-redis_type",
+ "text" : "redis_type",
+ "doc" : "Cluster 模式。当 Redis 服务器在集群模式下运行时必须设置为'cluster'。",
+ "type" : "String(\"cluster\")",
+ "default" : "cluster"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters-S-redis_cluster_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ }
+ ],
+ "text" : "redis_cluster_connector",
+ "doc" : "集群模式下的 Redis 连接器。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-parameters",
+ "text" : "parameters",
+ "doc" : "特定于某个 Redis 连接器类型的参数集,`redis_type`可以是`single`,`cluster`或`sentinel`之一。",
+ "type" : "OneOf(Struct(redis_single_connector),Struct(redis_sentinel_connector),Struct(redis_cluster_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-redis-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Redis 动作的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-redis",
+ "text" : "redis",
+ "doc" : "Redis Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-pipelining",
+ "text" : "pipelining",
+ "doc" : "正整数,设置最大可发送的异步 HTTP 请求数量。当设置为 1 时,表示每次发送完成 HTTP 请求后都需要等待服务器返回,再继续发送下一个请求。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-max_retries",
+ "text" : "max_retries",
+ "doc" : "请求出错时的最大重试次数。",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "Deprecated since e5.0.1.
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-service_account_json",
+ "text" : "service_account_json",
+ "doc" : "包含将与 PubSub 一起使用的 GCP 服务账户凭证的 JSON。\n当创建 GCP 服务账户时(如 https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount),可以选择下载 JSON 形式的凭证,然后在该配置项中使用。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "GCP PubSub 消费者客户端的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_consumer",
+ "text" : "gcp_pubsub_consumer",
+ "doc" : "GCP PubSub Consumer Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-greptimedb-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-server",
+ "text" : "server",
+ "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机条目的格式如下:主机名[:端口]。
\n如果未指定 [:端口],则使用 GreptimeDB 的默认端口 8086。",
+ "type" : "String",
+ "default" : "\"127.0.0.1:4001\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-dbname",
+ "text" : "dbname",
+ "doc" : "GreptimeDB 数据库",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-username",
+ "text" : "username",
+ "doc" : "GreptimeDB 用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-password",
+ "text" : "password",
+ "doc" : "GreptimeDB 密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-greptimedb-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "GreptimeDB 动作的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-greptimedb",
+ "text" : "greptimedb",
+ "doc" : "GreptimeDB Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-tablestore-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-storage_model_type",
+ "text" : "storage_model_type",
+ "doc" : "存储模型类型。可以是 `timeseries` 或 `order`。",
+ "type" : "Enum(timeseries)",
+ "default" : "timeseries"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-endpoint",
+ "text" : "endpoint",
+ "doc" : "Tablestore 的端点,例如 https://myinstance.cn-hangzhou.ots.aliyuncs.com。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-instance_name",
+ "text" : "instance_name",
+ "doc" : "实例名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-access_key_id",
+ "text" : "access_key_id",
+ "doc" : "访问密钥 ID,例如 NTS**********************
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-access_key_secret",
+ "text" : "access_key_secret",
+ "doc" : "访问密钥,例如 7NR2****************************************
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer",
+ "default" : "8"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-tablestore-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-tablestore-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Tablestore 数据集成的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-tablestore",
+ "text" : "tablestore",
+ "doc" : "Tablestore Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mysql-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-server",
+ "text" : "server",
+ "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n主机条目的格式如下:主机[:端口]。
\n如果未指定[:端口],将使用 MySQL 的默认端口3306。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String",
+ "default" : "root"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mysql-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "MySQL 动作的配置"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-mysql",
+ "text" : "mysql",
+ "doc" : "MySQL Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-bootstrap_hosts",
+ "text" : "bootstrap_hosts",
+ "doc" : "用逗号分隔的 host[:port] 主机列表。默认端口号为 9092。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "建立 TCP 连接时的最大等待时长(若启用认证,这个等待时长也包含完成认证所需时间)。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-min_metadata_refresh_interval",
+ "text" : "min_metadata_refresh_interval",
+ "doc" : "刷新 Kafka broker 和 Kafka 主题元数据段最短时间间隔。设置太小可能会增加 Kafka 压力。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-metadata_request_timeout",
+ "text" : "metadata_request_timeout",
+ "doc" : "刷新元数据时最大等待时长。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password-mechanism",
+ "text" : "mechanism",
+ "doc" : "SASL 认证方法名称。",
+ "type" : "Enum(plain,scram_sha_256,scram_sha_512)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password-username",
+ "text" : "username",
+ "doc" : "SASL 认证的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_username_password-password",
+ "text" : "password",
+ "doc" : "SASL 认证的密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_username_password",
+ "doc" : "基于用户名密码的认证。"
+ },
+ {
+ "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_gssapi_kerberos",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_principal",
+ "text" : "kerberos_principal",
+ "doc" : "SASL GSSAPI 认证方法的 Kerberos 主体,例如 kafka/node1.example.com@EXAMPLE.COM/code>,注意:这里使用的 realm 需要配置在 EMQX 服务器的 /etc/krb5.conf 中。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication-S-auth_gssapi_kerberos-kerberos_keytab_file",
+ "text" : "kerberos_keytab_file",
+ "doc" : "SASL GSSAPI 认证方法的 Kerberos keytab 文件。注意:该文件需要上传到 EMQX 服务器中,且运行 EMQX 服务的系统账户需要有读取权限。",
+ "type" : "String"
+ }
+ ],
+ "text" : "auth_gssapi_kerberos",
+ "doc" : "使用 GSSAPI/Kerberos 认证。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-authentication",
+ "text" : "authentication",
+ "doc" : "认证配置。\n- none:无认证。\n- msk_iam:使用 [MSK IAM 认证](https://docs.aws.amazon.com/msk/latest/developerguide/security-iam.html)。注意:这仅在 EMQX 运行在 EC2 实例上时有效。\n- basic auth:简单的用户名和密码认证。\n- kerberos:使用 Kerberos GSSAPI 认证。",
+ "type" : "OneOf(String(\"none\"),String(\"msk_iam\"),Struct(auth_username_password),Struct(auth_gssapi_kerberos))",
+ "default" : "none"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "TCP socket 的发送缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "TCP socket 的收包缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "设置‘true’让系统内核立即发送。否则当需要发送的内容很少时,可能会有一定延迟(默认 40 毫秒)。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive",
+ "text" : "tcp_keepalive",
+ "doc" : "启用 TCP Keepalive(保持连接)。\n该值由三个以逗号分隔的数字组成,格式为 'Idle,Interval,Probes':\n - Idle:连接空闲多长时间(秒)后,服务器开始发送 Keepalive 探测报文(Linux 默认值 7200)。\n - Interval:每次 TCP Keepalive 探测之间的间隔时间(秒)(Linux 默认值 75)。\n - Probes:如果未从对端收到响应,在放弃连接并关闭之前,最多发送的 TCP Keepalive 探测报文次数(Linux 默认值 9)。\n例如,配置为 \"240,30,5\" 意味着:当连接空闲 240 秒后,EMQX 将开始发送探测报文,每 30 秒发送一次直到收到响应,如果连续 5 没有收到响应,则关闭该连接。\n默认值:'none'。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "socket_opts",
+ "doc" : "更多 Socket 参数设置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-socket_opts",
+ "text" : "socket_opts",
+ "doc" : "更多 Socket 参数设置。",
+ "type" : "Struct(socket_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "TLS 握手的 Server Name Indication (SNI) 设置。
\n- auto:客户端将使用 \"servicebus.windows.net\" 作为 SNI。
\n- disable:如果您希望阻止客户端发送 SNI。
\n- 其他字符串值将按原样发送。",
+ "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)",
+ "default" : "auto"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Kafka 客户端的 TLS/SSL 选项"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-ssl",
+ "text" : "ssl",
+ "type" : "Struct(ssl_client_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_consumer-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Kafka 消费者客户端的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-kafka_consumer",
+ "text" : "kafka_consumer",
+ "doc" : "Kafka Consumer Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-pool_type",
+ "text" : "pool_type",
+ "doc" : "连接池类型。可以是random、hash之一。",
+ "type" : "Enum(random,hash)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "一个正整数。是否连续发送 HTTP 请求,当设置为1时,意味着在发送每个 HTTP 请求后,需要等待服务器返回,然后继续发送下一个请求。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-driver",
+ "text" : "driver",
+ "doc" : "IoTDB 连接器使用的驱动程序,可以是:\n- rest\n- thrift",
+ "type" : "Enum(restapi)",
+ "default" : "restapi"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-base_url",
+ "text" : "base_url",
+ "doc" : "IoTDB REST 服务的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-iotdb_version",
+ "text" : "iotdb_version",
+ "doc" : "IoTDB 版本。",
+ "type" : "Enum(v1.3.x,v1.1.x,v1.0.x,v0.13.x)",
+ "default" : "\"v1.3.x\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_restapi-authentication-S-authentication",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-authentication-S-authentication-username",
+ "text" : "username",
+ "doc" : "在 IoTDB REST/Thrift 接口中配置的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-authentication-S-authentication-password",
+ "text" : "password",
+ "doc" : "在 IoTDB/Thrift REST 接口中配置的密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "authentication",
+ "doc" : "认证配置"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_restapi-authentication",
+ "text" : "authentication",
+ "doc" : "认证配置",
+ "type" : "OneOf(Struct(authentication))",
+ "default" : "auth_basic"
+ }
+ ],
+ "text" : "config_restapi",
+ "doc" : "Apache IoTDB 连接器的配置。"
+ },
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_thrift",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-driver",
+ "text" : "driver",
+ "doc" : "IoTDB 连接器使用的驱动程序,可以是:\n- rest\n- thrift",
+ "type" : "Enum(thrift)",
+ "default" : "restapi"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-server",
+ "text" : "server",
+ "doc" : "IoTDB Thrift 服务器的地址(主机:端口)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-protocol_version",
+ "text" : "protocol_version",
+ "doc" : "IoTDB Thrift 协议的版本。",
+ "type" : "Enum(protocol_v1,protocol_v2,protocol_v3)",
+ "default" : "protocol_v3"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-zoneId",
+ "text" : "zoneId",
+ "doc" : "IoTDB Thrift 会话的时区。",
+ "type" : "String",
+ "default" : "\"Asia/Shanghai\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-pool_size",
+ "text" : "pool_size",
+ "doc" : "IoTDB Thrift 连接池的大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 IoTDB Thrift 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-recv_timeout",
+ "text" : "recv_timeout",
+ "doc" : "IoTDB Thrift 服务器响应的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-username",
+ "text" : "username",
+ "doc" : "在 IoTDB REST/Thrift 接口中配置的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-password",
+ "text" : "password",
+ "doc" : "在 IoTDB/Thrift REST 接口中配置的密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Connector resource options"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-iotdb-S-config_thrift-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_thrift",
+ "doc" : "Apache IoTDB 连接器的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-iotdb",
+ "text" : "iotdb",
+ "doc" : "IoTDB Connector Config",
+ "type" : "Map($name->OneOf(Struct(config_restapi),Struct(config_thrift)))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-bootstrap_hosts",
+ "text" : "bootstrap_hosts",
+ "doc" : "逗号分隔的 Azure Event Hubs Kafka 命名空间主机名 host[:port] ,用于引导客户端。 默认端口号为 9093。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "TCP 连接建立的最大等待时间(包括如果已启用身份认证则包括身份认证时间)
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-min_metadata_refresh_interval",
+ "text" : "min_metadata_refresh_interval",
+ "doc" : "客户端在刷新 Azure Event Hubs Kafka 代理和主题元数据之前必须等待的最小时间间隔。设置太小的值可能会给 Azure Event Hubs 增加额外的负载。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-metadata_request_timeout",
+ "text" : "metadata_request_timeout",
+ "doc" : "从 Azure Event Hubs 获取元数据时的最大等待时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-authentication-S-auth_username_password",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-authentication-S-auth_username_password-password",
+ "text" : "password",
+ "doc" : "用于连接 Azure Event Hubs 的连接字符串。应为命名空间共享访问策略的 \"连接字符串-主键\"。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_username_password",
+ "doc" : "基于用户名/密码进行认证"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-authentication",
+ "text" : "authentication",
+ "doc" : "认证配置",
+ "type" : "Struct(auth_username_password)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "TCP socket 的发送缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "TCP socket 的收包缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "设置‘true’让系统内核立即发送。否则当需要发送的内容很少时,可能会有一定延迟(默认 40 毫秒)。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive",
+ "text" : "tcp_keepalive",
+ "doc" : "启用 TCP Keepalive(保持连接)。\n该值由三个以逗号分隔的数字组成,格式为 'Idle,Interval,Probes':\n - Idle:连接空闲多长时间(秒)后,服务器开始发送 Keepalive 探测报文(Linux 默认值 7200)。\n - Interval:每次 TCP Keepalive 探测之间的间隔时间(秒)(Linux 默认值 75)。\n - Probes:如果未从对端收到响应,在放弃连接并关闭之前,最多发送的 TCP Keepalive 探测报文次数(Linux 默认值 9)。\n例如,配置为 \"240,30,5\" 意味着:当连接空闲 240 秒后,EMQX 将开始发送探测报文,每 30 秒发送一次直到收到响应,如果连续 5 没有收到响应,则关闭该连接。\n默认值:'none'。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "socket_opts",
+ "doc" : "更多 Socket 参数设置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-socket_opts",
+ "text" : "socket_opts",
+ "doc" : "额外的套接字选项。",
+ "type" : "Struct(socket_opts)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-health_check_topic",
+ "text" : "health_check_topic",
+ "doc" : "专用于更精确的连接器健康检查的主题名称。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "String(\"true\")",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "TLS 握手的服务器名称指示(SNI)设置。
\n- auto:客户端将使用\"servicebus.windows.net\"作为SNI。
\n- disable:如果您希望阻止客户端发送SNI。
\n- 其他字符串值将按原样发送。",
+ "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)",
+ "default" : "auto"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "用于 Azure Event Hubs 客户端的 TLS/SSL 选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-ssl",
+ "text" : "ssl",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = true}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Azure Event Hubs 数据桥接配置项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-azure_event_hub_producer",
+ "text" : "azure_event_hub_producer",
+ "doc" : "Azure Event Hub Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-syskeeper_proxy-S-config",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-listen",
+ "text" : "listen",
+ "doc" : "此 Syskeeper 代理服务器的监听地址",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-acceptors",
+ "text" : "acceptors",
+ "doc" : "接受者的数量",
+ "type" : "Integer(0..+inf)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "在创建连接时等待握手的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy-S-config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config",
+ "doc" : "Syskeeper 代理连接器的配置"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-syskeeper_proxy",
+ "text" : "syskeeper_proxy",
+ "doc" : "Syskeeper Proxy Connector Config",
+ "type" : "Map($name->Struct(config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3tables-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-access_key_id",
+ "text" : "access_key_id",
+ "doc" : "S3Tables 存储桶的访问密钥 ID。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-secret_access_key",
+ "text" : "secret_access_key",
+ "doc" : "S3Tables 存储桶的秘密访问密钥。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3tables_arn",
+ "text" : "s3tables_arn",
+ "doc" : "要使用的 S3Tables 存储桶的 ARN。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-access_method",
+ "text" : "access_method",
+ "doc" : "通过 HTTP API 访问存储桶的 HTTP 请求方法。",
+ "type" : "Enum(path,vhost)",
+ "default" : "path"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ipv6_probe",
+ "text" : "ipv6_probe",
+ "doc" : "是否探测 IPv6 支持。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "Deprecated since 5.8.2.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = true}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-headers",
+ "text" : "headers",
+ "doc" : "HTTP 请求头列表。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-max_retries",
+ "text" : "max_retries",
+ "doc" : "如果发送请求时出错,最大重试次数。",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options-S-transport_options-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "transport_options",
+ "doc" : "Options for the HTTP transport layer used by the S3 client"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client-S-s3_client_params-transport_options",
+ "text" : "transport_options",
+ "doc" : "S3 客户端使用的 HTTP 传输层选项。",
+ "type" : "Struct(transport_options)"
+ }
+ ],
+ "text" : "s3_client_params",
+ "doc" : "用于读取和写入 S3Tables 存储桶对象的 S3 连接参数。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-s3_client",
+ "text" : "s3_client",
+ "doc" : "用于读取和写入 S3Tables 存储桶对象的 S3 连接参数。",
+ "type" : "Struct(s3_client_params)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3tables-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3tables-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "S3Tables 表的连接器配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3tables",
+ "text" : "s3tables",
+ "doc" : "S3Tables Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-syskeeper_forwarder-S-config",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-server",
+ "text" : "server",
+ "doc" : "Syskeeper 代理服务器的地址",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-ack_mode",
+ "text" : "ack_mode",
+ "doc" : "指定代理服务器是否应该回复消息转发的确认,可以是:
- need_ack
- no_ack
",
+ "type" : "Enum(need_ack,no_ack)",
+ "default" : "no_ack"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-ack_timeout",
+ "text" : "ack_timeout",
+ "doc" : "等待代理服务器确认的最大时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder-S-config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config",
+ "doc" : "Syskeeper 转发连接器的配置"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-syskeeper_forwarder",
+ "text" : "syskeeper_forwarder",
+ "doc" : "Syskeeper Connector Config",
+ "type" : "Map($name->Struct(config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pulsar-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-servers",
+ "text" : "servers",
+ "doc" : "以逗号分隔的 scheme://host[:port] 格式的 Pulsar URL 列表,支持的 scheme 有 pulsar:// (默认)和pulsar+ssl://。默认的端口是 6650。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_basic",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_basic-username",
+ "text" : "username",
+ "doc" : "基本认证用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_basic-password",
+ "text" : "password",
+ "doc" : "基本认证密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_basic",
+ "doc" : "基本认证的参数。"
+ },
+ {
+ "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_token",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication-S-auth_token-jwt",
+ "text" : "jwt",
+ "doc" : "JWT 认证 token。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_token",
+ "doc" : "Token 认证的参数。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-authentication",
+ "text" : "authentication",
+ "doc" : "认证参数。",
+ "type" : "OneOf(String(\"none\"),Struct(auth_basic),Struct(auth_token))",
+ "default" : "none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "建立 TCP 连接时的最大等待时长(若启用认证,这个等待时长也包含完成认证所需时间)。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "Pulsar 连接器资源选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pulsar-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Pulsar 连接器配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pulsar",
+ "text" : "pulsar",
+ "doc" : "Pulsar Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pgsql-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-server",
+ "text" : "server",
+ "doc" : "用于连接的 IPv4 或 IPv6 地址或主机名。
\n一个主机条目具有以下格式:Host[:Port]。
\n如果未指定 [:Port],将使用 PostgreSQL 默认端口5432。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-disable_prepared_statements",
+ "text" : "disable_prepared_statements",
+ "doc" : "在连接中禁用预处理语句的使用。\n某些端点,如 PGBouncer 或 Transaction 模式下的 Supabase,\n不支持像处理语句这样的会话功能。 \n 对于此类连接,应启用此选项。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pgsql-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "PostgreSQL 连接器的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-pgsql",
+ "text" : "pgsql",
+ "doc" : "PostgreSQL Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-bootstrap_hosts",
+ "text" : "bootstrap_hosts",
+ "doc" : "逗号分隔的 Confluent Kafka 命名空间主机名 host[:port] ,用于引导客户端。 默认端口号为 9092。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "TCP 连接建立的最大等待时间(包括启用认证时的认证时间)。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-min_metadata_refresh_interval",
+ "text" : "min_metadata_refresh_interval",
+ "doc" : "客户端刷新 Confluent Kafka 代理和主题元数据的最短时间间隔。设置过小的值可能会给 Confluent 增加额外的负载。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-metadata_request_timeout",
+ "text" : "metadata_request_timeout",
+ "doc" : "从 Confluent 获取元数据的最大等待时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-authentication-S-auth_username_password",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-authentication-S-auth_username_password-username",
+ "text" : "username",
+ "doc" : "Confluent 键。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-authentication-S-auth_username_password-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ }
+ ],
+ "text" : "auth_username_password",
+ "doc" : "基于用户名/密码的认证。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-authentication",
+ "text" : "authentication",
+ "doc" : "认证配置",
+ "type" : "Struct(auth_username_password)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "TCP socket 的发送缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "TCP socket 的收包缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "设置‘true’让系统内核立即发送。否则当需要发送的内容很少时,可能会有一定延迟(默认 40 毫秒)。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts-S-socket_opts-tcp_keepalive",
+ "text" : "tcp_keepalive",
+ "doc" : "启用 TCP Keepalive(保持连接)。\n该值由三个以逗号分隔的数字组成,格式为 'Idle,Interval,Probes':\n - Idle:连接空闲多长时间(秒)后,服务器开始发送 Keepalive 探测报文(Linux 默认值 7200)。\n - Interval:每次 TCP Keepalive 探测之间的间隔时间(秒)(Linux 默认值 75)。\n - Probes:如果未从对端收到响应,在放弃连接并关闭之前,最多发送的 TCP Keepalive 探测报文次数(Linux 默认值 9)。\n例如,配置为 \"240,30,5\" 意味着:当连接空闲 240 秒后,EMQX 将开始发送探测报文,每 30 秒发送一次直到收到响应,如果连续 5 没有收到响应,则关闭该连接。\n默认值:'none'。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "socket_opts",
+ "doc" : "更多 Socket 参数设置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-socket_opts",
+ "text" : "socket_opts",
+ "doc" : "额外的套接字选项。",
+ "type" : "Struct(socket_opts)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-health_check_topic",
+ "text" : "health_check_topic",
+ "doc" : "专用于更精确的连接器健康检查的主题名称。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "TLS 握手的服务器名称指示(SNI)设置。
\n- auto:客户端将使用\"servicebus.windows.net\"作为 SNI。
\n- disable:如果您不希望客户端发送 SNI。
\n- 其他字符串值将按原样发送。",
+ "type" : "OneOf(String(\"auto\"),String(\"disable\"),String)",
+ "default" : "auto"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Confluent 客户端的 TLS/SSL 选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-ssl",
+ "text" : "ssl",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = true}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-confluent_producer-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Confluent 动作的配置"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-confluent_producer",
+ "text" : "confluent_producer",
+ "doc" : "Confluent Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-rocketmq-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-servers",
+ "text" : "servers",
+ "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。
\n主机名具有以下形式:`Host[:Port]`。
\n如果未指定 `[:Port]`,则使用 RocketMQ 默认端口 9876。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-namespace",
+ "text" : "namespace",
+ "doc" : "如果你正在使用阿里云的 RocketMQ 服务并且启用了命名空间,或者您在自己的 RocketMQ 服务器中配置了命名空间,则必须配置命名空间字段。对于阿里云中的 RocketMQ 服务,命名空间就是实例 ID。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-access_key",
+ "text" : "access_key",
+ "doc" : "RocketMQ 服务器的 `accessKey`。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-secret_key",
+ "text" : "secret_key",
+ "doc" : "RocketMQ 服务器的 `secretKey`。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-security_token",
+ "text" : "security_token",
+ "doc" : "RocketMQ 服务器安全 token
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = false}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-rocketmq-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "RocketMQ 客户端的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-rocketmq",
+ "text" : "rocketmq",
+ "doc" : "RocketMQ Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-disk_log-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-filepath",
+ "text" : "filepath",
+ "doc" : "要写入日志文件的基础路径。实际日志文件的格式为 `filepath.N`, 其中 `N` 的范围为 `1..max_file_number`。当前使用的文件可以通过查找修改时间最新的文件来确定。请注意,EMQX 应用程序用户必须对该目录具有写入权限,因为该目录还包含额外的内部使用文件(扩展名为 .siz 和 .idx)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-max_file_size",
+ "text" : "max_file_size",
+ "doc" : "当前正在写入的日志文件的最大大小。至少会向每个日志文件写入一条日志,因此如果单条日志条目超过该值,则最终文件大小可能会超过此最大值。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-max_file_number",
+ "text" : "max_file_number",
+ "doc" : "最大日志文件数量。当达到最大文件数量且需要进行新一轮日志轮转时,最旧的文件将被截断并用作新的当前日志文件。",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-disk_log-S-config_connector-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-resource_opts-S-resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-resource_opts-S-resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-disk_log-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "磁盘日志连接器的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-disk_log",
+ "text" : "disk_log",
+ "doc" : "Disk Log Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-sqlserver-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-driver",
+ "text" : "driver",
+ "doc" : "SQL Server Driver 名称",
+ "type" : "String",
+ "default" : "\"ms-sql\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-server",
+ "text" : "server",
+ "doc" : "将要连接的 IPv4 或 IPv6 地址,或者主机名。
\n主机名具有以下形式:`Host[:Port]`。
\n如果未指定 `[:Port]`,则使用 SQL Server 默认端口 1433。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String",
+ "default" : "sa"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-auto_reconnect",
+ "text" : "auto_reconnect",
+ "doc" : "Deprecated since v5.0.15.",
+ "type" : "Boolean"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-sqlserver-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "Microsoft SOL Server 连接器的配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-sqlserver",
+ "text" : "sqlserver",
+ "doc" : "Microsoft SQL Server Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-access_key_id",
+ "text" : "access_key_id",
+ "doc" : "S3 桶的访问密钥 ID。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-secret_access_key",
+ "text" : "secret_access_key",
+ "doc" : "S3 桶的密钥访问密钥。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-host",
+ "text" : "host",
+ "doc" : "S3 端点的主机。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-port",
+ "text" : "port",
+ "doc" : "S3 端点的端口。",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-access_method",
+ "text" : "access_method",
+ "doc" : "通过 HTTP API 访问存储桶的 HTTP 请求方法。",
+ "type" : "Enum(path,vhost)",
+ "default" : "path"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ipv6_probe",
+ "text" : "ipv6_probe",
+ "doc" : "是否探测 IPv6 支持。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-enable_pipelining",
+ "text" : "enable_pipelining",
+ "doc" : "Deprecated since 5.8.2.",
+ "type" : "Integer(1..+inf)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl_client_opts)",
+ "default" : "{enable = true}"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-headers",
+ "text" : "headers",
+ "doc" : "HTTP 请求头列表。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-max_retries",
+ "text" : "max_retries",
+ "doc" : "如果发送请求时出错,最大重试次数。",
+ "type" : "Integer(0..+inf)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options-S-transport_options-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "HTTP 请求超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "transport_options",
+ "doc" : "Options for the HTTP transport layer used by the S3 client"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-transport_options",
+ "text" : "transport_options",
+ "doc" : "S3 客户端使用的 HTTP 传输层选项。",
+ "type" : "Struct(transport_options)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts-S-s3_connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "s3_connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(s3_connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "配置连接到兼容 S3 API 存储服务的连接器。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-s3",
+ "text" : "s3",
+ "doc" : "S3 Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-gcp_pubsub_producer-S-config_connector",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接 HTTP 服务器的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-pipelining",
+ "text" : "pipelining",
+ "doc" : "正整数,设置最大可发送的异步 HTTP 请求数量。当设置为 1 时,表示每次发送完成 HTTP 请求后都需要等待服务器返回,再继续发送下一个请求。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-max_retries",
+ "text" : "max_retries",
+ "doc" : "请求出错时的最大重试次数。",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "Deprecated since e5.0.1.
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-service_account_json",
+ "text" : "service_account_json",
+ "doc" : "包含将与 PubSub 一起使用的 GCP 服务账户凭证的 JSON。\n当创建 GCP 服务账户时(如 https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount),可以选择下载 JSON 形式的凭证,然后在该配置项中使用。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts-S-connector_resource_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "connector_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer-S-config_connector-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(connector_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config_connector",
+ "doc" : "GCP PubSub 生产者客户端的具体配置。"
+ }
+ ],
+ "hash" : "V-connectors-S-connectors-gcp_pubsub_producer",
+ "text" : "gcp_pubsub_producer",
+ "doc" : "GCP PubSub Producer Connector Config",
+ "type" : "Map($name->Struct(config_connector))"
+ }
+ ],
+ "text" : "connectors",
+ "doc" : "用于连接到外部系统的连接器。"
+ }
+ ],
+ "hash" : "V-connectors",
+ "text" : "connectors",
+ "type" : "Struct(connectors)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL 模版
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, FROM_UNIXTIME(${timestamp}/1000))\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-parameters-S-action_parameters-undefined_vars_as_null",
+ "text" : "undefined_vars_as_null",
+ "doc" : "写入数据库时,将未定义的变量视为 NULL。\n启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。\n如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "特定于此动作类型的附加参数"
+ }
+ ],
+ "hash" : "V-actions-S-actions-doris-S-doris-parameters",
+ "text" : "parameters",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-doris-S-doris-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-doris-S-doris-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "doris",
+ "doc" : "与 Doris 连接器交互的动作。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-doris",
+ "text" : "doris",
+ "doc" : "Doris Action Config",
+ "type" : "Map($name->Struct(doris))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "可以使用 ${field} 占位符来引用消息与客户端上下文中的变量,请确保对应字段存在且数据格式符合预期。此处不支持 [SQL 预处理](https://docs.emqx.com/zh/enterprise/v5.0/data-integration/data-bridges.html#sql-预处理)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"INSERT INTO messages(data, arrived) VALUES ('${payload}', ${timestamp})\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters-undefined_vars_as_null",
+ "text" : "undefined_vars_as_null",
+ "doc" : "写入数据库时,将未定义的变量视为 NULL。\n启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。\n如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters-S-action_parameters-batch_value_separator",
+ "text" : "batch_value_separator",
+ "doc" : "默认为逗号 ',',适用于 VALUE 格式。您也可以使用其他分隔符, 请参考 [INSERT INTO 语句](https://clickhouse.com/docs/en/sql-reference/statements/insert-into)。",
+ "type" : "String",
+ "default" : "\", \""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "针对动作的详细配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-parameters",
+ "text" : "parameters",
+ "doc" : "针对动作的详细配置。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-clickhouse-S-clickhouse_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "clickhouse_action",
+ "doc" : "动作配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-clickhouse",
+ "text" : "clickhouse",
+ "doc" : "ClickHouse Action Config",
+ "type" : "Map($name->Struct(clickhouse_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-wait_for_publish_confirmations",
+ "text" : "wait_for_publish_confirmations",
+ "doc" : "一个布尔值,指示在使用发布者确认时是否等待 RabbitMQ 确认消息发布。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-publish_confirmation_timeout",
+ "text" : "publish_confirmation_timeout",
+ "doc" : "等待连接建立的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-exchange",
+ "text" : "exchange",
+ "doc" : "消息将被发送到的 RabbitMQ 交换机的名称。支持使用模版(例如:`e-${payload.e}`)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-routing_key",
+ "text" : "routing_key",
+ "doc" : "用于将消息路由到 RabbitMQ 交换机中正确队列的路由键。支持使用模版,(例如:`k-${payload.r}`)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-delivery_mode",
+ "text" : "delivery_mode",
+ "doc" : "发布到 RabbitMQ 的消息的传递模式。非持久化传递模式(1)适用于不需要在 RabbitMQ 重启后保持的消息,而持久化传递模式(2)用于必须在 RabbitMQ 重启后仍然存在的消息。",
+ "type" : "Enum(non_persistent,persistent)",
+ "default" : "non_persistent"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters-S-action_parameters-payload_template",
+ "text" : "payload_template",
+ "doc" : "在发送消息到 RabbitMQ 之前格式化消息 payload 的模板。例如 ${field1.sub_field} 的模板占位符将被相应字段的值替换。如果留空,整个输入消息将被用作 payload,格式化为 JSON 文本。这种行为等同于将 ${.} 指定为 payload 模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "动作配置定义了此动作输出如何将消息发送到远程 RabbitMQ 代理。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-parameters",
+ "text" : "parameters",
+ "doc" : "动作配置定义了此动作输出如何将消息发送到远程 RabbitMQ 代理。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rabbitmq-S-publisher_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "publisher_action",
+ "doc" : "动作的配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rabbitmq",
+ "text" : "rabbitmq",
+ "doc" : "RabbitMQ Action Config",
+ "type" : "Map($name->Struct(publisher_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-topic",
+ "text" : "topic",
+ "doc" : "要转发到远程代理的主题。
\n允许使用带有变量的模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-qos",
+ "text" : "qos",
+ "doc" : "要发送的 MQTT 消息的 QoS 级别。
\n允许使用带有变量的模板。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-retain",
+ "text" : "retain",
+ "doc" : "要发送的 MQTT 消息的'retain'标志。
\n允许使用带有变量的模板。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters-S-action_parameters-payload",
+ "text" : "payload",
+ "doc" : "要发送的 MQTT 消息的有效载荷。
\n允许使用带有变量的模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "动作的具体配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-parameters",
+ "text" : "parameters",
+ "doc" : "动作的具体配置。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mqtt-S-mqtt_publisher_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "mqtt_publisher_action",
+ "doc" : "发布动作的配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mqtt",
+ "text" : "mqtt",
+ "doc" : "MQTT Publisher Action Config",
+ "type" : "Map($name->Struct(mqtt_publisher_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-template",
+ "text" : "template",
+ "doc" : "模板, 默认为空,为空时将会将整个消息存入数据库
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-hash_key",
+ "text" : "hash_key",
+ "doc" : "DynamoDB 哈希键",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-range_key",
+ "text" : "range_key",
+ "doc" : "DynamoDB 范围健",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-table",
+ "text" : "table",
+ "doc" : "DynamoDB 的表。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters-S-action_parameters-undefined_vars_as_null",
+ "text" : "undefined_vars_as_null",
+ "doc" : "写入数据库时,将未定义的变量视为 NULL。\n启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。\n如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "针对动作的详细配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-parameters",
+ "text" : "parameters",
+ "doc" : "针对动作的详细配置。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-dynamo-S-dynamo_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "dynamo_action",
+ "doc" : "DynamoDB 动作的配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-dynamo",
+ "text" : "dynamo",
+ "doc" : "DynamoDB Action Config",
+ "type" : "Map($name->Struct(dynamo_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL 模板
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "特定于 PostgreSQL 动作的参数配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-parameters",
+ "text" : "parameters",
+ "doc" : "特定于 PostgreSQL 动作的参数配置",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-timescale-S-pgsql_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "pgsql_action",
+ "doc" : "PostgreSQL 动作的配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-timescale",
+ "text" : "timescale",
+ "doc" : "Timescale Action Config",
+ "type" : "Map($name->Struct(pgsql_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题数据源由桥接指定,或留空由规则动作指定。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-topic",
+ "text" : "topic",
+ "doc" : "Kafka 主题名称。支持使用模版(例如:`t-${payload.t}`)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message-key",
+ "text" : "key",
+ "doc" : "生成 Kafka 消息 Key 的模版。如果模版生成后为空值,则会使用 Kafka 的 NULL ,而非空字符串。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${.clientid}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message-value",
+ "text" : "value",
+ "doc" : "生成 Kafka 消息 Value 的模版。如果模版生成后为空值,则会使用 Kafka 的 NULL,而非空字符串。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${.}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message-S-kafka_message-timestamp",
+ "text" : "timestamp",
+ "doc" : "生成 Kafka 消息时间戳的模版。该时间必需是一个整型数值(可以是字符串格式)例如 1661326462115 或 '1661326462115'。当所需的输入字段不存在,或不是一个整型时,则会使用当前系统时间。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${.timestamp}\""
+ }
+ ],
+ "text" : "kafka_message",
+ "doc" : "用于生成 Kafka 消息的模版。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-message",
+ "text" : "message",
+ "doc" : "用于生成 Kafka 消息的模版。",
+ "type" : "Struct(kafka_message)"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_linger_time",
+ "text" : "max_linger_time",
+ "doc" : "每个分区生产者为了收集批量消息进行缓冲的最长等待时间。\n默认值为 0,表示不等待。 对于非内存缓冲模式,建议配置至少 5ms 以减少 IOPS(每秒输入输出操作次数)。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_linger_bytes",
+ "text" : "max_linger_bytes",
+ "doc" : "每个分区生产者在发送数据前,为了收集批量消息进行缓冲,最多可以等待的消息字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"10MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_batch_bytes",
+ "text" : "max_batch_bytes",
+ "doc" : "最大消息批量字节数。大多数 Kafka 环境的默认最低值是 1 MB,EMQX 的默认值比 1 MB 更小是因为需要补偿 Kafka 消息编码所需要的额外字节(尤其是当每条消息都很小的情况下)。当单个消息的大小超过该限制时,它仍然会被发送,(相当于该批量中只有单个消息)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"896KB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-compression",
+ "text" : "compression",
+ "doc" : "压缩方法。",
+ "type" : "Enum(no_compression,snappy,gzip)",
+ "default" : "no_compression"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-partition_strategy",
+ "text" : "partition_strategy",
+ "doc" : "设置消息发布时应该如何选择 Kafka 分区。\n\nrandom: 为每个消息随机选择一个分区。\nkey_dispatch: Hash Kafka message key to a partition number",
+ "type" : "Enum(random,key_dispatch)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-required_acks",
+ "text" : "required_acks",
+ "doc" : "设置 Kafka leader 在返回给 EMQX 确认之前需要等待多少个 follower 的确认。\n\nall_isr: 需要所有的在线复制者都确认。\nleader_only: 仅需要分区 leader 确认。\nnone: 无需 Kafka 回复任何确认。",
+ "type" : "Enum(all_isr,leader_only,none)",
+ "default" : "all_isr"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_headers",
+ "text" : "kafka_headers",
+ "doc" : "请提供要用作 Kafka 头部的占位符
\n例如:${pub_props}
\n请注意,占位符的值必须是对象形式的:{\"foo\": \"bar\"}\n或者是键值对的数组形式:[{\"key\": \"foo\", \"value\": \"bar\"}]。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_key",
+ "text" : "kafka_ext_header_key",
+ "doc" : "Kafka 头部的键。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_value",
+ "text" : "kafka_ext_header_value",
+ "doc" : "Kafka 头部的值。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ }
+ ],
+ "text" : "producer_kafka_ext_headers",
+ "doc" : "请提供更多的 Kafka 头部键值对
\n这里的键值对将与 kafka_headers 字段的值合并,然后发送到 Kafka。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_ext_headers",
+ "text" : "kafka_ext_headers",
+ "doc" : "请提供更多的 Kafka 头部键值对
\n这里的键值对将与 kafka_headers 字段的值合并,然后发送到 Kafka。",
+ "type" : "Array(Struct(producer_kafka_ext_headers))"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-kafka_header_value_encode_mode",
+ "text" : "kafka_header_value_encode_mode",
+ "doc" : "Kafka 头部值编码模式
\n - None: 仅将二进制值添加到 Kafka 头部;
\n - JSON: 仅将 JSON 值添加到 Kafka 头部,并在发送前对其进行 JSON 字符串编码。",
+ "type" : "Enum(none,json)",
+ "default" : "none"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-partition_count_refresh_interval",
+ "text" : "partition_count_refresh_interval",
+ "doc" : "配置 Kafka 刷新分区数量的时间间隔。\nEMQX 发现 Kafka 分区数量增加后,会开始按 partition_strategy 配置,把消息发送到新的分区中。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-partitions_limit",
+ "text" : "partitions_limit",
+ "doc" : "限制为给定主题生产数据的分区数量。\n特殊值 all_partitions 用于利用该主题的所有分区。\n将此设置为大于分区总数的值将不会产生任何效果。",
+ "type" : "OneOf(String(\"all_partitions\"),Integer(1..+inf))",
+ "default" : "all_partitions"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "设置 Kafka 生产者(每个分区一个)在收到 Kafka 的确认前最多发送多少个请求(批量)。调大这个值通常可以增加吞吐量,但是,当该值设置大于 1 时存在消息乱序的风险。",
+ "type" : "Integer(1..+inf)",
+ "default" : "10"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-mode",
+ "text" : "mode",
+ "doc" : "消息缓存模式。\nmemory: 所有的消息都缓存在内存里。如果 EMQX 服务重启,缓存的消息会丢失。\ndisk: 缓存到磁盘上。EMQX 重启后会继续发送重启前未发送完成的消息。\nhybrid: 先将消息缓存在内存中,当内存中的消息堆积超过一定限制(配置项 segment_bytes 描述了该限制)后,后续的消息会缓存到磁盘上。与 memory 模式一样,如果 EMQX 服务重启,缓存的消息会丢失。",
+ "type" : "Enum(memory,disk,hybrid)",
+ "default" : "memory"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-per_partition_limit",
+ "text" : "per_partition_limit",
+ "doc" : "为每个 Kafka 分区设置的最大缓存字节数。当超过这个上限之后,老的消息会被丢弃,为新的消息腾出空间。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-segment_bytes",
+ "text" : "segment_bytes",
+ "doc" : "当缓存模式是 disk 或 hybrid 时适用。该配置用于指定缓存到磁盘上的文件的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"10MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-memory_overload_protection",
+ "text" : "memory_overload_protection",
+ "doc" : "缓存模式是 memory 或 hybrid 时适用。当系统处于高内存压力时,从队列中丢弃旧的消息以减缓内存增长。注意,该配置仅在 Linux 系统中有效。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "producer_buffer",
+ "doc" : "配置消息缓存的相关参数。\n\n当 EMQX 需要发送的消息超过 Kafka 处理能力,或者当 Kafka 临时下线时,EMQX 内部会将消息缓存起来。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-buffer",
+ "text" : "buffer",
+ "doc" : "配置消息缓存的相关参数。\n\n当 EMQX 需要发送的消息超过 Kafka 处理能力,或者当 Kafka 临时下线时,EMQX 内部会将消息缓存起来。",
+ "type" : "Struct(producer_buffer)"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "查询模式。可选 'sync/async',默认 'async'。",
+ "type" : "Enum(async,sync)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters-S-producer_kafka_opts-sync_query_timeout",
+ "text" : "sync_query_timeout",
+ "doc" : "该参数定义同步查询的超时限制。仅当桥接查询模式配置为'sync'时才适用。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "producer_kafka_opts",
+ "doc" : "Kafka 生产者参数。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-parameters",
+ "aliases" : [
+ "kafka"
+ ],
+ "text" : "parameters",
+ "doc" : "Kafka 生产者参数。",
+ "type" : "Struct(producer_kafka_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer-S-kafka_producer_action-resource_opts",
+ "text" : "resource_opts",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "kafka_producer_action",
+ "doc" : "Kafka 生产者动作"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kafka_producer",
+ "text" : "kafka_producer",
+ "doc" : "Kafka Producer Action Config",
+ "type" : "Map($name->Struct(kafka_producer_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-parameters-S-action_parameters-write_syntax",
+ "text" : "write_syntax",
+ "doc" : "用于写入数据点的 InfluxDB 行协议配置。这是一种基于文本的格式,提供数据点的测量、标签集、字段集和时间戳,并支持占位符。\n详见 [InfluxDB 1.8 行协议](https://docs.influxdata.com/influxdb/v1.8/write_protocols/line_protocol_tutorial/)
\n简短说明:
\n```\n[,=[,=]] =[,=] []\n```\n请注意,整数值的占位符必须带有后缀 `i`。 例如 `${payload.int_value}i`。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-parameters-S-action_parameters-precision",
+ "text" : "precision",
+ "doc" : "Datalayers 时间精度。",
+ "type" : "Enum(ns,us,ms,s)",
+ "default" : "ms"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "特定于此动作类型的额外参数。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-parameters",
+ "text" : "parameters",
+ "doc" : "特定于此动作类型的额外参数。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-datalayers-S-datalayers_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "datalayers_action",
+ "doc" : "用于与 Datalayers 连接器交互的动作。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-datalayers",
+ "text" : "datalayers",
+ "doc" : "Datalayers Action Config",
+ "type" : "Map($name->Struct(datalayers_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase-parameters-S-parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-parameters-S-parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL 模版。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-parameters-S-parameters-max_retries",
+ "text" : "max_retries",
+ "doc" : "发送请求时发生错误的最大重试次数。",
+ "type" : "Integer(0..+inf)",
+ "default" : "3"
+ }
+ ],
+ "text" : "parameters",
+ "doc" : "动作的参数集。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-parameters",
+ "text" : "parameters",
+ "doc" : "动作的参数集。",
+ "type" : "Struct(parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-couchbase-S-couchbase-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "couchbase",
+ "doc" : "将传入事件上传到 Couchbase 服务的动作。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-couchbase",
+ "text" : "couchbase",
+ "doc" : "Couchbase Action Config",
+ "type" : "Map($name->Struct(couchbase))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-parameters-S-action_parameters-collection",
+ "text" : "collection",
+ "doc" : "数据将存储在其中的集合
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "mqtt"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-parameters-S-action_parameters-payload_template",
+ "text" : "payload_template",
+ "doc" : "用于格式化发送消息的模板。如果未定义,规则引擎将使用 JSON 格式序列化所有可见输入,例如 clientid、主题、有效载荷等。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "特定于此动作类型的附加参数"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-parameters",
+ "text" : "parameters",
+ "doc" : "特定于此动作类型的附加参数",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mongodb-S-mongodb_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "mongodb_action",
+ "doc" : "与 MongoDB 连接器交互的动作"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mongodb",
+ "text" : "mongodb",
+ "doc" : "MongoDB Action Config",
+ "type" : "Map($name->Struct(mongodb_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL 模板
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "特定于 PostgreSQL 动作的参数配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-parameters",
+ "text" : "parameters",
+ "doc" : "特定于 PostgreSQL 动作的参数配置",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-matrix-S-pgsql_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "pgsql_action",
+ "doc" : "PostgreSQL 动作的配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-matrix",
+ "text" : "matrix",
+ "doc" : "Matrix Action Config",
+ "type" : "Map($name->Struct(pgsql_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-action",
+ "text" : "action",
+ "doc" : "插入新的文档记录。",
+ "type" : "String(\"create\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-index",
+ "text" : "index",
+ "doc" : "执行操作的索引名称或索引别名。\n此参数是必需的。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-id",
+ "text" : "id",
+ "doc" : "文档 ID。如果没有指定 ID,将自动生成。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-doc",
+ "text" : "doc",
+ "doc" : "JSON 文档模板,如果留空则为包含所有可用字段的 JSON 文本,如 clientid、topic、payload 等。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-routing",
+ "text" : "routing",
+ "doc" : "用于将操作路由到特定分片的自定义值。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-require_alias",
+ "text" : "require_alias",
+ "doc" : "如果为 true,则请求的操作必须针对一个索引别名。默认为 false。",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-overwrite",
+ "text" : "overwrite",
+ "doc" : "如果指定 _id 的文档已经存在(冲突),将设置为 false,操作将失败。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_create-max_retries",
+ "text" : "max_retries",
+ "doc" : "如果发送请求时出错,最大的重试次数。",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ }
+ ],
+ "text" : "action_create",
+ "doc" : "将一个 JSON 文件添加到指定的索引中,并使其可搜索。\n如果目标是一个索引并且文件已经存在,\n请求会更新该文件并增加其版本。"
+ },
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-action",
+ "text" : "action",
+ "doc" : "删除文档记录。",
+ "type" : "String(\"delete\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-index",
+ "text" : "index",
+ "doc" : "执行操作的索引名称或索引别名。\n此参数是必需的。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-id",
+ "text" : "id",
+ "doc" : "文档 ID。如果没有指定 ID,将自动生成。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-routing",
+ "text" : "routing",
+ "doc" : "用于将操作路由到特定分片的自定义值。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_delete-max_retries",
+ "text" : "max_retries",
+ "doc" : "如果发送请求时出错,最大的重试次数。",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ }
+ ],
+ "text" : "action_delete",
+ "doc" : "从指定的索引中删除一个 JSON 文件。"
+ },
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-action",
+ "text" : "action",
+ "doc" : "更新现有文档或在不存在时插入新文档(当 `doc_as_upsert` 为 `true` 时)。",
+ "type" : "String(\"update\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-index",
+ "text" : "index",
+ "doc" : "执行操作的索引名称或索引别名。\n此参数是必需的。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-id",
+ "text" : "id",
+ "doc" : "文档 ID。如果没有指定 ID,将自动生成。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-doc",
+ "text" : "doc",
+ "doc" : "JSON 文档模板,如果留空则为包含所有可用字段的 JSON 文本,如 clientid、topic、payload 等。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-doc_as_upsert",
+ "text" : "doc_as_upsert",
+ "doc" : "当设置为 `true` 时,文档将被用作 upsert 值——意味着如果不存在则插入,如果存在则更新。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-routing",
+ "text" : "routing",
+ "doc" : "用于将操作路由到特定分片的自定义值。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-require_alias",
+ "text" : "require_alias",
+ "doc" : "如果为 true,则请求的操作必须针对一个索引别名。默认为 false。",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters-S-action_update-max_retries",
+ "text" : "max_retries",
+ "doc" : "如果发送请求时出错,最大的重试次数。",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ }
+ ],
+ "text" : "action_update",
+ "doc" : "使用指定的文件更新一个文件。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-parameters",
+ "text" : "parameters",
+ "doc" : "ElasticSearch 动作参数",
+ "type" : "OneOf(Struct(action_create),Struct(action_delete),Struct(action_update))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-elasticsearch-S-action_config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "action_config",
+ "doc" : "ElasticSearch 动作配置项"
+ }
+ ],
+ "hash" : "V-actions-S-actions-elasticsearch",
+ "text" : "elasticsearch",
+ "doc" : "Elasticsearch 动作",
+ "type" : "Map($action_name->Struct(action_config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-http-S-http_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action-parameters-S-parameters_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-path",
+ "text" : "path",
+ "doc" : "此动作的 URL 路径。
\n此路径将附加到连接器的 url 配置,以形成完整的 URL 地址。\n此选项允许使用带有变量的模板。例如,/room/${room_no}。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-method",
+ "text" : "method",
+ "doc" : "HTTP 请求的方法。所有可用的方法包括:post、put、get、delete。
\n允许使用带有变量的模板。",
+ "type" : "Enum(post,put,get,delete)",
+ "default" : "post"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-headers",
+ "text" : "headers",
+ "doc" : "HTTP 请求头。
\n允许使用带有变量的模板。",
+ "type" : "Map",
+ "default" : "{accept = \"application/json\", cache-control = \"no-cache\", connection = \"keep-alive\", content-type = \"application/json\", keep-alive = \"timeout=5\"}"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-body",
+ "text" : "body",
+ "doc" : "HTTP 请求的主体。
\n如果未提供,主体将是所有可用字段的 JSON 对象。
\n这里的“所有可用字段”是指在触发此 Webhook 时的 MQTT 消息的上下文(当 local_topic 已设置并接收到 MQTT 消息时触发),
或者当此 Webhook 用作规则的动作时,在触发此 Webhook 时的事件上下文。
允许使用带有变量的模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-max_retries",
+ "text" : "max_retries",
+ "doc" : "如果发送请求时出错,最大的重试次数。",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters-S-parameters_opts-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "Deprecated since v5.0.26.
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "parameters_opts",
+ "doc" : "HTTP 动作的参数"
+ }
+ ],
+ "hash" : "V-actions-S-actions-http-S-http_action-parameters",
+ "text" : "parameters",
+ "doc" : "HTTP 动作的参数",
+ "type" : "Struct(parameters_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-http-S-http_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "http_action",
+ "doc" : "HTTP 动作的配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-http",
+ "aliases" : [
+ "webhook"
+ ],
+ "text" : "http",
+ "doc" : "HTTP Action Config",
+ "type" : "Map($name->Struct(http_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-mode",
+ "text" : "mode",
+ "doc" : "启用基于时间的事件聚合,并将其作为单个对象上传到 Azure Blob Storage 服务。",
+ "type" : "String(\"aggregated\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-type",
+ "text" : "type",
+ "doc" : "记录(事件)将被聚合并作为 CSV 文件上传。",
+ "type" : "String(\"csv\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-column_order",
+ "text" : "column_order",
+ "doc" : "事件字段将在生成的 CSV 文件中按此顺序排列为列。
\n无论此设置如何,生成的 CSV 都将包含所有聚合事件的字段,但所有未在此明确提及的列将在此处列出的列之后按字典顺序排列。",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "container_csv",
+ "doc" : "记录(事件)将被聚合并作为 CSV 文件上传。"
+ },
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_json_lines",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_json_lines-type",
+ "text" : "type",
+ "doc" : "记录(事件)将被聚合并且作为 [JSON Lines](https://jsonlines.org/) 文件上传。",
+ "type" : "String(\"json_lines\")"
+ }
+ ],
+ "text" : "container_json_lines",
+ "doc" : "记录(事件)将被聚合并且作为 [JSON Lines](https://jsonlines.org/) 文件上传。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-container",
+ "text" : "container",
+ "doc" : "设置包含聚合事件的上传文件格式的配置。",
+ "type" : "OneOf(Struct(container_csv),Struct(container_json_lines))",
+ "default" : "{type = csv}"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-time_interval",
+ "text" : "time_interval",
+ "doc" : "在上传之前,将事件聚合为单个对象的时间长度。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"1h\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation-S-aggregation-max_records",
+ "text" : "max_records",
+ "doc" : "每个聚合对象允许的记录(事件)数量。每次聚合上传包含的事件不会超过该数量,但可以少于该数量。
\n 如果事件速率足够高,则在同一时间间隔内可能会有多个聚合上传。这些上传将具有不同但连续的序列号,它们将成为 Azure Blob Storage blob 名称的一部分。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1000000"
+ }
+ ],
+ "text" : "aggregation",
+ "doc" : "控制聚合上传过程的参数集。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-aggregation",
+ "text" : "aggregation",
+ "doc" : "控制聚合上传过程的参数集。",
+ "type" : "Struct(aggregation)"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-container",
+ "text" : "container",
+ "doc" : "Azure Blob Storage 容器名称。不支持使用模版。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-aggreg_parameters-blob",
+ "text" : "blob",
+ "doc" : "用于聚合上传的 Azure Blob Storage blob 名称模板。
\n 模板可以包含以下变量的占位符:\n \n ${action}: 动作名称(必需)。${node}: 执行上传的 EMQX 节点名称(必需)。${datetime.{format}}: 聚合上传开始的日期和时间,格式根据 {format} 字符串制定(必需):\n \n ${datetime.rfc3339utc}: RFC3339 格式的 UTC 日期和时间,${datetime.rfc3339}: RFC3339 格式的本地时区日期和时间,${datetime.unix}: Unix 时间戳。
\n ${datetime_until.{format}}:聚合上传结束的日期和时间,包含相同的格式选项。${sequence}:同一时间间隔内聚合上传的序列号(必需)。
\n 所有其他占位符都被视为无效。注意,如果模板中缺少标记为必需的占位符,它们将作为路径后缀添加到 Azure Blob Storage blob 名称中。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ }
+ ],
+ "text" : "aggreg_parameters",
+ "doc" : "配置了聚合上传模式的动作参数集。"
+ },
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-mode",
+ "text" : "mode",
+ "doc" : "启用将事件作为单独对象上传到 Azure Blob Storage 服务。",
+ "type" : "String(\"direct\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-container",
+ "text" : "container",
+ "doc" : "Azure Blob Storage 容器名称。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-blob",
+ "text" : "blob",
+ "doc" : "Azure Blob Storage blob 名称。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters-S-direct_parameters-content",
+ "text" : "content",
+ "doc" : "要上传的 Azure Blob Storage blob 的内容。支持使用模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${.}\""
+ }
+ ],
+ "text" : "direct_parameters",
+ "doc" : "直接上传模式的动作参数集。动作支持 Azure Blob Storage 容器名称、blob 名称和 blob 内容的模板。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-parameters",
+ "text" : "parameters",
+ "doc" : "一系列动作单数。",
+ "type" : "OneOf(Struct(aggreg_parameters),Struct(direct_parameters))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage-S-azure_blob_storage-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "azure_blob_storage",
+ "doc" : "将传入事件上传到 Azure Blob Storage 服务的动作。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_blob_storage",
+ "text" : "azure_blob_storage",
+ "doc" : "Azure Blob Storage Action Config",
+ "type" : "Map($name->Struct(azure_blob_storage))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL 模板。模板字符串可以包含消息元数据和有效载荷字段的占位符。占位符的插入不需要任何检查和特殊格式化,因此必须确保插入的数值格式化和转义正确。模板字符串可以包含占位符模板字符串可以包含消息元数据和有效载荷字段的占位符。这些占位符被插入所以必须确保插入的值的格式正确。因此,确保插入的值格式化和转义正确是非常重要的。模板字符串可以包含占位符模板字符串可以包含消息元数据和有效载荷字段的占位符。这些占位符被插入所以必须确保插入的值的格式正确。确保插入的值被正确地格式化和转义。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msgs(msgid, topic, qos, payload) values (${id}, ${topic}, ${qos}, ${payload})\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "针对动作的详细配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-parameters",
+ "text" : "parameters",
+ "doc" : "针对动作的详细配置。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-oracle-S-oracle_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "oracle_action",
+ "doc" : "Oracle 动作的配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-oracle",
+ "text" : "oracle",
+ "doc" : "Oracle Action Config",
+ "type" : "Map($name->Struct(oracle_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-parameters-S-action_parameters-cql",
+ "text" : "cql",
+ "doc" : "CQL 模板
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"insert into mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, ${timestamp})\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "动作的具体配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-parameters",
+ "text" : "parameters",
+ "doc" : "动作的具体配置",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-cassandra-S-cassandra_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "cassandra_action",
+ "doc" : "动作配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-cassandra",
+ "text" : "cassandra",
+ "doc" : "Cassandra Action Config",
+ "type" : "Map($name->Struct(cassandra_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-timestamp",
+ "text" : "timestamp",
+ "doc" : "秒级或毫秒级时间戳,支持 ${var} 格式的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-metric",
+ "text" : "metric",
+ "doc" : "度量的名称,应为时间序列数据的唯一标识符,支持 ${var} 格式的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-tags",
+ "text" : "tags",
+ "doc" : "标签。仅支持使用占位符从变量或标签映射中提取标签。",
+ "type" : "OneOf(Map,String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-value",
+ "text" : "value",
+ "doc" : "数据点的值,支持 ${var} 格式的占位符。它代表实际的测量或观察值。",
+ "type" : "OneOf(Integer,Float,String)"
+ }
+ ],
+ "text" : "action_parameters_data",
+ "doc" : "OpenTSDB 动作参数数据。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents-S-action_config-parameters-S-action_parameters-data",
+ "text" : "data",
+ "doc" : "OpenTSDB 动作参数数据。",
+ "type" : "Array(Struct(action_parameters_data))",
+ "default" : "[]"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "OpenTSDB 动作参数。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents-S-action_config-parameters",
+ "text" : "parameters",
+ "doc" : "OpenTSDB 动作参数。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents-S-action_config-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents-S-action_config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "action_config",
+ "doc" : "OpenTSDB 桥接配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-opents",
+ "text" : "opents",
+ "doc" : "OpenTSDB Action Config",
+ "type" : "Map($name->Struct(action_config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-stream",
+ "text" : "stream",
+ "doc" : "HStreamDB 流名称",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-partition_key",
+ "text" : "partition_key",
+ "doc" : "HStreamDB 分区键。支持占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-grpc_flush_timeout",
+ "text" : "grpc_flush_timeout",
+ "doc" : "将 gRPC 调用刷新到 HStreamDB 服务器的时间间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-record_template",
+ "text" : "record_template",
+ "doc" : "要转发到 HStreamDB 的 HStream 记录模板。支持占位符。
\n注意:当您使用'原始记录'模板(这意味着数据不是有效的 JSON)时,您应该在 HStream 中使用 'read' 或 'subscription' 来获取数据。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-aggregation_pool_size",
+ "text" : "aggregation_pool_size",
+ "doc" : "Record 聚合池的大小。更大的聚合池可以提升并行处理能力,但可能会因为批处理变小而导致效率降低。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-max_batches",
+ "text" : "max_batches",
+ "doc" : "刷新队列中未确认批次的最大数量。",
+ "type" : "Integer(1..+inf)",
+ "default" : "500"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-writer_pool_size",
+ "text" : "writer_pool_size",
+ "doc" : "写入池大小。更大的池规模可能增加并行化和并发写入操作,可能提升吞吐量。但需权衡内存消耗和资源竞争。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-batch_size",
+ "text" : "batch_size",
+ "doc" : "单个请求中可以发送的最大插入数据子句数量。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters-S-action_parameters-batch_interval",
+ "text" : "batch_interval",
+ "doc" : "两次连续(批处理)请求之间允许的最大间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"500ms\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "针对动作的详细配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-parameters",
+ "text" : "parameters",
+ "doc" : "针对动作的详细配置。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-hstreamdb-S-hstreamdb_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "hstreamdb_action",
+ "doc" : "HStreamDB 动作的配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-hstreamdb",
+ "text" : "hstreamdb",
+ "doc" : "HStreamDB Action Config",
+ "type" : "Map($name->Struct(hstreamdb_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters-payload_template",
+ "text" : "payload_template",
+ "doc" : "用于格式化传出消息的模板。如果未定义,将以 JSON 格式发送所有可用的上下文。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${.}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters-stream_name",
+ "text" : "stream_name",
+ "doc" : "消息将要被发布到的 Amazon Kinesis 流。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters-S-action_parameters-partition_key",
+ "text" : "partition_key",
+ "doc" : "与发布消息关联的 Amazon Kinesis 分区键。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "针对动作的详细配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-parameters",
+ "text" : "parameters",
+ "doc" : "针对动作的详细配置。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..500)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kinesis-S-kinesis_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "kinesis_action",
+ "doc" : "Kinesis 动作的配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-kinesis",
+ "text" : "kinesis",
+ "doc" : "Kinesis Action Config",
+ "type" : "Map($name->Struct(kinesis_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-mode",
+ "text" : "mode",
+ "doc" : "启用基于时间的事件聚合,并将其作为一个对象上传到 Snowflake。每个集群节点独立进行此聚合。",
+ "type" : "String(\"aggregated\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-type",
+ "text" : "type",
+ "doc" : "记录(事件)将被聚合并作为 CSV 文件上传。",
+ "type" : "String(\"csv\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container-S-container_csv-column_order",
+ "text" : "column_order",
+ "doc" : "事件字段将在生成的 CSV 文件中按此顺序排列为列。
\n无论此设置如何,生成的 CSV 都将包含所有聚合事件的字段,但所有未在此明确提及的列将在此处列出的列之后按字典顺序排列。",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "container_csv",
+ "doc" : "记录(事件)将被聚合并作为 CSV 文件上传。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-container",
+ "text" : "container",
+ "doc" : "设置包含聚合事件的上传文件格式的配置。",
+ "type" : "OneOf(Struct(container_csv))",
+ "default" : "{type = csv}"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-time_interval",
+ "text" : "time_interval",
+ "doc" : "每个节点在上传之前,将事件聚合到单个文件中的时间间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"1h\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation-S-aggregation-max_records",
+ "text" : "max_records",
+ "doc" : "每个聚合文件允许的最大记录数(事件数)。 每次聚合上传将包含不超过该数量的事件,但可能会少于该数量。
\n 如果事件速率较高,在同一时间间隔内可能会进行多次聚合上传。这些上传将具有不同但连续的序列号,且该序列号将作为 Snowflake 阶段文件名的一部分。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1000000"
+ }
+ ],
+ "text" : "aggregation",
+ "doc" : "控制聚合过程的一组参数。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-aggregation",
+ "text" : "aggregation",
+ "doc" : "控制聚合过程的一组参数。",
+ "type" : "Struct(aggregation)"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-private_key",
+ "text" : "private_key",
+ "doc" : "为管道用户配置的私钥。支持以下输入格式:\n- 明文密钥:直接以字符串形式输入 PEM 格式的私钥内容。\n- 文件路径:指定包含私钥的文件路径。确保路径以 file:// 开头。文件路径必须在集群的所有节点上相同。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-private_key_password",
+ "text" : "private_key_password",
+ "doc" : "用于解密私钥的密码。如果私钥未加密,请不要设置此值。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-database",
+ "text" : "database",
+ "doc" : "包含 Snowflake 资源的数据库名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-schema",
+ "text" : "schema",
+ "doc" : "包含 Snowflake 资源的 Schema 名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-stage",
+ "text" : "stage",
+ "doc" : "用于将数据文件加载到 Snowflake 的 Stage 名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pipe",
+ "text" : "pipe",
+ "doc" : "用于将数据导入表的管道名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pipe_user",
+ "text" : "pipe_user",
+ "doc" : "具有使用 Pipe 权限的角色的用户名。最低要求的权限是 operate 和 monitor。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-connect_timeout",
+ "text" : "connect_timeout",
+ "doc" : "连接到 HTTP 服务器时的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pipelining",
+ "text" : "pipelining",
+ "doc" : "一个正整数。表示是否连续发送 HTTP 请求。设置为 1 时,表示每次发送 HTTP 请求后,需等待服务器返回再发送下一个请求.",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-pool_size",
+ "text" : "pool_size",
+ "doc" : "连接池大小",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-max_retries",
+ "text" : "max_retries",
+ "doc" : "发送 HTTP 请求时出现错误的最大重试次数。",
+ "type" : "Integer(0..+inf)",
+ "default" : "3"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-max_inactive",
+ "text" : "max_inactive",
+ "doc" : "HTTP 驱动程序在没有任何活动的情况下等待重新连接的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy-S-proxy_config",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy-S-proxy_config-host",
+ "text" : "host",
+ "doc" : "用于连接的代理主机地址。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy-S-proxy_config-port",
+ "text" : "port",
+ "doc" : "连接时使用的代理端口。",
+ "type" : "Integer(1..65535)"
+ }
+ ],
+ "text" : "proxy_config",
+ "doc" : "代理配置。目前仅支持普通的 HTTP 代理(不支持 HTTPS)。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters-S-aggreg_parameters-proxy",
+ "text" : "proxy",
+ "doc" : "代理配置。目前仅支持普通的 HTTP 代理(不支持 HTTPS)。",
+ "type" : "OneOf(String(\"none\"),Struct(proxy_config))",
+ "default" : "none"
+ }
+ ],
+ "text" : "aggreg_parameters",
+ "doc" : "在聚合模式下执行动作的一组参数。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-parameters",
+ "text" : "parameters",
+ "doc" : "一组动作参数",
+ "type" : "OneOf(Struct(aggreg_parameters))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake-S-snowflake-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "snowflake",
+ "doc" : "将接收的事件上传到 Snowflake 的动作。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-snowflake",
+ "text" : "snowflake",
+ "doc" : "Snowflake Action Config",
+ "type" : "Map($name->Struct(snowflake))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters-database",
+ "text" : "database",
+ "doc" : "数据库名字。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL 模板
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(ts, msgid, mqtt_topic, qos, payload, arrived) values (${ts}, '${id}', '${topic}', ${qos}, '${payload}', ${timestamp})\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters-S-action_parameters-undefined_vars_as_null",
+ "text" : "undefined_vars_as_null",
+ "doc" : "写入数据库时,将未定义的变量视为 NULL。\n启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。\n如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "TDengine 动作的参数。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-parameters",
+ "text" : "parameters",
+ "doc" : "TDengine 动作的参数。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tdengine-S-action_config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "action_config",
+ "doc" : "TDengine 桥接配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tdengine",
+ "text" : "tdengine",
+ "doc" : "TDengine Action Config",
+ "type" : "Map($name->Struct(action_config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-parameters-S-action_parameters-write_syntax",
+ "text" : "write_syntax",
+ "doc" : "使用 InfluxDB API Line Protocol 写入 InfluxDB 的数据,支持占位符
\n参考 [InfluxDB 2.3 Line Protocol](https://docs.influxdata.com/influxdb/v2.3/reference/syntax/line-protocol/) 及\n[InfluxDB 1.8 Line Protocol](https://docs.influxdata.com/influxdb/v1.8/write_protocols/line_protocol_tutorial/)
\nTLDR:
\n\n```\n[,=[,=]] =[,=] []\n```\n注意,整形数值占位符后需要添加一个字符 `i` 类型标识。例如 `${payload.int_value}i`
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-parameters-S-action_parameters-precision",
+ "text" : "precision",
+ "doc" : "InfluxDB 时间精度。",
+ "type" : "Enum(ns,us,ms,s)",
+ "default" : "ms"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "此动作类型特定的额外参数"
+ }
+ ],
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-parameters",
+ "text" : "parameters",
+ "doc" : "此动作类型特定的额外参数",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-influxdb-S-influxdb_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "influxdb_action",
+ "doc" : "与 InfluxDB 连接器交互的动作"
+ }
+ ],
+ "hash" : "V-actions-S-actions-influxdb",
+ "text" : "influxdb",
+ "doc" : "InfluxDB Action Config",
+ "type" : "Map($name->Struct(influxdb_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-parameters-S-action_parameters-command_template",
+ "text" : "command_template",
+ "doc" : "用于导出消息的 Redis 命令模板。每个列表元素代表一个命令名称或其参数。\n例如,要将有效负载推送到 Redis 列表中的键 msgs,元素应该如下所示:\nrpush,msgs,${payload}。",
+ "type" : "Array(String)"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "动作的参数。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-redis-S-redis_action-parameters",
+ "text" : "parameters",
+ "doc" : "动作的参数。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-redis-S-redis_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "这个参数定义了批处理计数的上限。\n将这个值设置为1将有效地禁用批处理,因为它表示每个批处理将只处理一个项目。\n关于 Redis 集群模式的注意事项:\n在 Redis 集群模式的情况下不支持批处理。\n因此,batch_size 总是设置为1,\n反映了该模式对于批处理操作固有的限制。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在低消息速率下积累批处理时的最大等待间隔,以实现更高效的资源使用。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-redis-S-redis_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "redis_action",
+ "doc" : "与 Redis 连接器交互的动作。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-redis",
+ "text" : "redis",
+ "doc" : "Redis Action Config",
+ "type" : "Map($name->Struct(redis_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-parameters-S-action_parameters-write_syntax",
+ "text" : "write_syntax",
+ "doc" : "GreptimeDB gRPC 协议写入数据点的配置。写入语法是一种文本格式,提供了数据点的测量、标签集、字段集和时间戳,并支持占位符,与 InfluxDB 行协议相同。\n参见 [InfluxDB 2.3 行协议](https://docs.influxdata.com/influxdb/v2.3/reference/syntax/line-protocol/) 和\n[GreptimeDB 1.8 行协议](https://docs.influxdata.com/influxdb/v1.8/write_protocols/line_protocol_tutorial/)
\n简而言之:
\n```\n[,=[,=]] =[,=] []\n```\n请注意,整数值的占位符必须用后缀 `i` 注释。例如 `${payload.int_value}i`。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-parameters-S-action_parameters-precision",
+ "text" : "precision",
+ "doc" : "GreptimeDB 的时间精度。",
+ "type" : "Enum(ns,us,ms,s)",
+ "default" : "ms"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "针对这个动作类型的更多参数。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-parameters",
+ "text" : "parameters",
+ "doc" : "针对这个动作类型的更多参数。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-greptimedb-S-greptimedb_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "greptimedb_action",
+ "doc" : "与一个 GreptimeDB 连接器交互的动作。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-greptimedb",
+ "text" : "greptimedb",
+ "doc" : "GreptimeDB Action Config",
+ "type" : "Map($name->Struct(greptimedb_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-storage_model_type",
+ "text" : "storage_model_type",
+ "doc" : "存储模型类型。可以是 `timeseries` 或 `order`。",
+ "type" : "Enum(timeseries)",
+ "default" : "timeseries"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-table_name",
+ "text" : "table_name",
+ "doc" : "序列表名称。 可以是静态值或占位符,如 `${payload.table_name}`。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-measurement",
+ "text" : "measurement",
+ "doc" : "度量名称。可以是静态值或占位符,如 `${payload.measurement}`。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-tags",
+ "text" : "tags",
+ "doc" : "标签。标签键和值可以是静态字符串或占位符,如 `${payload.tag_key}` 和 `${payload.tag_value}`。",
+ "type" : "Map",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-fields-S-tablestore_fields",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-fields-S-tablestore_fields-column",
+ "text" : "column",
+ "doc" : "字段的列名。可以是静态值或占位符,如 `${payload.column}`。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-fields-S-tablestore_fields-value",
+ "text" : "value",
+ "doc" : "字段的值。可以是静态值或占位符,如 `${payload.value}`。",
+ "type" : "OneOf(Boolean,Number,String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-fields-S-tablestore_fields-isint",
+ "text" : "isint",
+ "doc" : "是否尝试将数值写为 `integer` 类型。默认为 `false`,表示将整数写为浮动数。\n可以是静态值或占位符,如 `${payload.is_int}`。",
+ "type" : "OneOf(Boolean,String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-fields-S-tablestore_fields-isbinary",
+ "text" : "isbinary",
+ "doc" : "是否尝试将二进制值写为 `binary` 类型。默认为 `false`,表示将二进制值写为字符串。\n可以是静态值或占位符,如 `${payload.is_binary}`。",
+ "type" : "OneOf(Boolean,String)"
+ }
+ ],
+ "text" : "tablestore_fields",
+ "doc" : "Tablestore 字段。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-fields",
+ "text" : "fields",
+ "doc" : "字段。字段列和字段值可以是静态值或占位符,如 `${payload.column_name}` 和 `${payload.column_value}`。",
+ "type" : "Array(Struct(tablestore_fields))"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-data_source",
+ "text" : "data_source",
+ "doc" : "数据源。可以是静态值或占位符,如 `${payload.data_source}`。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-timestamp",
+ "text" : "timestamp",
+ "doc" : "字段的微秒时间戳。\n可以是静态值或占位符,如 `${payload.microsecond_timestamp}`。\n如果未提供或设置为 `NOW`,则 EMQX 写入 Tablestore 时的毫秒时间戳将被使用。",
+ "type" : "OneOf(Integer,String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters-S-action_parameters-meta_update_model",
+ "text" : "meta_update_model",
+ "doc" : "时间序列元数据的更新模式。可以是以下之一:\n- MUM_NORMAL: 正常模式。当以此模式发送消息时,如果时间序列元数据不存在,Tablestore 将动态创建元数据。\n- MUM_IGNORE: 不更新元数据。当以此模式发送消息时,Tablestore 将不会尝试创建时间序列元数据。\n默认为 MUM_NORMAL。",
+ "type" : "Enum(MUM_IGNORE,MUM_NORMAL)",
+ "default" : "MUM_NORMAL"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "与此动作类型相关的附加参数。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-parameters",
+ "text" : "parameters",
+ "doc" : "与此动作类型相关的附加参数。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore-S-tablestore_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "tablestore_action",
+ "doc" : "与 Tablestore 连接器交互的动作。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-tablestore",
+ "text" : "tablestore",
+ "doc" : "Tablestore Action Config",
+ "type" : "Map($name->Struct(tablestore_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL 模版
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, FROM_UNIXTIME(${timestamp}/1000))\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-parameters-S-action_parameters-undefined_vars_as_null",
+ "text" : "undefined_vars_as_null",
+ "doc" : "写入数据库时,将未定义的变量视为 NULL。\n启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。\n如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "特定于此动作类型的附加参数"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-parameters",
+ "text" : "parameters",
+ "doc" : "特定于此动作类型的附加参数",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mysql-S-mysql_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "mysql_action",
+ "doc" : "与 MySQL 连接器交互的动作"
+ }
+ ],
+ "hash" : "V-actions-S-actions-mysql",
+ "text" : "mysql",
+ "doc" : "与 MySQL 连接器交互的动作",
+ "type" : "Map($name->Struct(mysql_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-is_aligned",
+ "text" : "is_aligned",
+ "doc" : "是否对齐时间序列。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-device_id",
+ "text" : "device_id",
+ "doc" : "IoTDB 的设备 ID(DeviceID)。可以使用一个占位符。如果留空则 MQTT 消息体中必须有一个 `device_id` 字段,\n或者 EMQX 规则引擎的 SQL 必须输出一个 `device_id` 字段。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-timestamp",
+ "text" : "timestamp",
+ "doc" : "时间戳。支持格式为 ${var} 的占位符,最终值可以是:\n\n- now: 使用当前时间(毫秒)\n- now_ms: 同上\n- now_us: 使用当前时间(微秒)\n- now_ns: 使用当前时间(纳秒)\n- 任何整数: 直接使用该值作为时间戳\n- 占位符: 使用 payload 中的值作为时间戳",
+ "type" : "OneOf(Enum(now,now_ms,now_ns,now_us),String)",
+ "default" : "now"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-measurement",
+ "text" : "measurement",
+ "doc" : "也称 Measurement,支持使用 ${var} 格式的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-data_type",
+ "text" : "data_type",
+ "doc" : "数据类型,可以是:\n\n- test\n- boolean\n- int32\n- int64\n- float\n- double",
+ "type" : "Enum(text,boolean,int32,int64,float,double)"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data-S-action_parameters_data-value",
+ "text" : "value",
+ "doc" : "值。支持格式为 ${var} 的占位符
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ }
+ ],
+ "text" : "action_parameters_data",
+ "doc" : "IoTDB 动作参数数据"
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-data",
+ "text" : "data",
+ "doc" : "IoTDB 动作参数数据",
+ "type" : "Array(Struct(action_parameters_data))"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters-S-action_parameters-max_retries",
+ "text" : "max_retries",
+ "doc" : "如果发送请求时出错,最大的重试次数。",
+ "type" : "Integer(0..+inf)",
+ "default" : "2"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "IoTDB 动作参数"
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-parameters",
+ "text" : "parameters",
+ "doc" : "IoTDB 动作参数",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "动作资源选项"
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb-S-action_config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "action_config",
+ "doc" : "IoTDB 数据桥接配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-iotdb",
+ "text" : "iotdb",
+ "doc" : "IoTDB Action Config",
+ "type" : "Map($name->Struct(action_config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-local_topic",
+ "text" : "local_topic",
+ "doc" : "将 MQTT 主题或主题过滤器作为数据源(动作输入)。如果使用规则动作作为数据源,则应将此配置保留为空,否则消息将在 Azure Event Hubs 中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-topic",
+ "text" : "topic",
+ "doc" : "Event Hubs 的名称。支持使用模版(例如:`t-${payload.t}`)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-key",
+ "text" : "key",
+ "doc" : "用于呈现 Azure Event Hubs 消息键的模版。如果模板呈现为空值(即在规则引擎上下文中没有此类数据字段),则使用 Azure Event Hubs 的 NULL(而不是空字符串)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${.clientid}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-value",
+ "text" : "value",
+ "doc" : "用于呈现 Azure Event Hubs 消息值的模版。如果模板呈现为空值(即在规则引擎上下文中没有此类数据字段),则使用 Azure Event Hubs 的 NULL(而不是空字符串)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${.}\""
+ }
+ ],
+ "text" : "kafka_message",
+ "doc" : "呈现 Azure Event Hubs 消息的模版。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-message",
+ "text" : "message",
+ "doc" : "呈现 Azure Event Hubs 消息的模版。",
+ "type" : "Struct(kafka_message)"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_time",
+ "text" : "max_linger_time",
+ "doc" : "每个分区生产者为了收集批量消息进行缓冲的最长等待时间。\n默认值为 0,表示不等待。 对于非内存缓冲模式,建议配置至少 5ms 以减少 IOPS(每秒输入输出操作次数)。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_bytes",
+ "text" : "max_linger_bytes",
+ "doc" : "每个分区生产者在发送数据前,为了收集批量消息进行缓冲,最多可以等待的消息字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"10MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_batch_bytes",
+ "text" : "max_batch_bytes",
+ "doc" : "在 Azure Event Hubs 消息批次中收集的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"896KB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-partition_strategy",
+ "text" : "partition_strategy",
+ "doc" : "分区策略是用来指导生产者如何将消息分配到Azure Event Hubs的各个分区。\n\nrandom: 为每条消息随机选择一个分区。\nkey_dispatch: 根据 Azure Event Hubs 消息键的哈希值将消息分配到分区,确保拥有相同键的消息能够一致地被分配到特定分区。",
+ "type" : "Enum(random,key_dispatch)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-required_acks",
+ "text" : "required_acks",
+ "doc" : "Azure Event Hubs 分区领导者的确认标准。它确定了在向 EMQX Azure Event Hubs 生产者回送确认前,需要从追随者分区获得的确认等级。\n\nall_isr:要求所有同步副本进行确认。\nleader_only:仅要求分区领导者的确认。",
+ "type" : "Enum(all_isr,leader_only)",
+ "default" : "all_isr"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_headers",
+ "text" : "kafka_headers",
+ "doc" : "为Azure Event Hubs头部提供一个占位符。例如:${pub_props}。
\n注意,占位符的值必须是一个对象:\n{\"foo\": \"bar\"}\n或者是一组键值对:\n[{\"key\": \"foo\", \"value\": \"bar\"}]
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_key",
+ "text" : "kafka_ext_header_key",
+ "doc" : "Kafka 头部的键。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_value",
+ "text" : "kafka_ext_header_value",
+ "doc" : "Kafka 头部的值。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ }
+ ],
+ "text" : "producer_kafka_ext_headers",
+ "doc" : "请提供更多的 Kafka 头部键值对
\n这里的键值对将与 kafka_headers 字段的值合并,然后发送到 Kafka。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers",
+ "text" : "kafka_ext_headers",
+ "doc" : "请提供更多的 Azure Event Hubs 标头键值对
这里的键值对将与kafka_headers字段的值合并,然后发送到 Azure Event Hubs。",
+ "type" : "Array(Struct(producer_kafka_ext_headers))"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-kafka_header_value_encode_mode",
+ "text" : "kafka_header_value_encode_mode",
+ "doc" : "Azure Event Hubs 头部值的编码模式。
\n - None: 仅将二进制值添加到 Azure Event Hubs 头部;
\n - JSON: 仅将 JSON 值添加到 Azure Event Hubs 头部,并在发送前将其编码为 JSON 字符串。",
+ "type" : "Enum(none,json)",
+ "default" : "none"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-partition_count_refresh_interval",
+ "text" : "partition_count_refresh_interval",
+ "doc" : "Azure Event Hubs 生产者发现分区数量增加的时间间隔。\n在 Azure Event Hubs 中增加分区数量后,EMQX 将开始根据partition_strategy\n在分发消息时考虑新发现的分区。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-partitions_limit",
+ "text" : "partitions_limit",
+ "doc" : "限制为给定主题产生数据的分区数量。\n特殊值 all_partitions 用于利用主题的所有分区。\n设置的值大于分区总数时无效。",
+ "type" : "OneOf(String(\"all_partitions\"),Integer(1..+inf))",
+ "default" : "all_partitions"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "Azure Event Hubs 生产者在接收到 Azure Event Hubs 的确认之前,每个分区允许发送的批次的最大数量。较高的值通常意味着更好的吞吐量。然而,当这个值大于1时,可能会有消息重新排序的风险。",
+ "type" : "Integer(1..+inf)",
+ "default" : "10"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-mode",
+ "text" : "mode",
+ "doc" : "消息缓存模式。\nmemory: 所有的消息都缓存在内存里。如果 EMQX 服务重启,缓存的消息会丢失。\ndisk: 缓存到磁盘上。EMQX 重启后会继续发送重启前未发送完成的消息。\nhybrid: 先将消息缓存在内存中,当内存中的消息堆积超过一定限制(配置项 segment_bytes 描述了该限制)后,后续的消息会缓存到磁盘上。与 memory 模式一样,如果 EMQX 服务重启,缓存的消息会丢失。",
+ "type" : "Enum(memory,disk,hybrid)",
+ "default" : "memory"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-per_partition_limit",
+ "text" : "per_partition_limit",
+ "doc" : "为每个 Kafka 分区设置的最大缓存字节数。当超过这个上限之后,老的消息会被丢弃,为新的消息腾出空间。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-segment_bytes",
+ "text" : "segment_bytes",
+ "doc" : "当缓存模式是 disk 或 hybrid 时适用。该配置用于指定缓存到磁盘上的文件的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"10MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-memory_overload_protection",
+ "text" : "memory_overload_protection",
+ "doc" : "缓存模式是 memory 或 hybrid 时适用。当系统处于高内存压力时,从队列中丢弃旧的消息以减缓内存增长。注意,该配置仅在 Linux 系统中有效。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "producer_buffer",
+ "doc" : "配置消息缓存的相关参数。\n\n当 EMQX 需要发送的消息超过 Kafka 处理能力,或者当 Kafka 临时下线时,EMQX 内部会将消息缓存起来。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-buffer",
+ "text" : "buffer",
+ "doc" : "配置生产者消息缓冲区。\n\n告诉 Azure Event Hubs 生产者,在 EMQX 需要发送的消息多于 Azure Event Hubs 能够处理的消息时,或者 Azure Event Hubs 宕机时,如何缓冲消息。",
+ "type" : "Struct(producer_buffer)"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "查询模式。可选'sync/async',默认为'async'。",
+ "type" : "Enum(async,sync)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters-S-producer_kafka_opts-sync_query_timeout",
+ "text" : "sync_query_timeout",
+ "doc" : "此参数定义同步查询的超时限制。仅当桥接查询模式配置为 'sync' 时适用。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "producer_kafka_opts",
+ "doc" : "Azure Event Hubs 生产者配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-parameters",
+ "aliases" : [
+ "kafka"
+ ],
+ "text" : "parameters",
+ "doc" : "Azure Event Hubs 生产者配置",
+ "type" : "Struct(producer_kafka_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-resource_opts",
+ "text" : "resource_opts",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-azure_event_hub_producer-S-actions-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "actions",
+ "doc" : "一个动作的配置项"
+ }
+ ],
+ "hash" : "V-actions-S-actions-azure_event_hub_producer",
+ "text" : "azure_event_hub_producer",
+ "doc" : "Azure Event Hub Actions Config",
+ "type" : "Map($name->Struct(actions))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-time_interval",
+ "text" : "time_interval",
+ "doc" : "事件将在每个节点上聚合到一个文件中的时间量,然后再上传。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"120s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-max_records",
+ "text" : "max_records",
+ "doc" : "每个聚合文件允许的记录(事件)数量。每次聚合上传将包含不超过该数量的事件,但可能包含更少。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100000"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-container-S-container_avro",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-container-S-container_avro-type",
+ "text" : "type",
+ "doc" : "使用 Avro 编码数据文件。",
+ "type" : "String(\"avro\")"
+ }
+ ],
+ "text" : "container_avro",
+ "doc" : "使用 Avro 编码数据文件。"
+ },
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-container-S-container_parquet",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-container-S-container_parquet-type",
+ "text" : "type",
+ "doc" : "使用 Parquet 编码数据文件。",
+ "type" : "String(\"parquet\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-container-S-container_parquet-max_row_group_bytes",
+ "text" : "max_row_group_bytes",
+ "doc" : "超过该大小时刷新行组。行组刷新的实际触发使用缓冲数据大小的估计值,因为实际输出可能与原始输入数据大小不同。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"128MB\""
+ }
+ ],
+ "text" : "container_parquet",
+ "doc" : "使用 Parquet 编码数据文件。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation-S-aggregation-container",
+ "text" : "container",
+ "doc" : "用于配置数据文件格式的选项。",
+ "type" : "OneOf(Struct(container_avro),Struct(container_parquet))",
+ "default" : "{type = avro}"
+ }
+ ],
+ "text" : "aggregation",
+ "doc" : "管理聚合过程的参数集。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-aggregation",
+ "text" : "aggregation",
+ "doc" : "管理聚合过程的参数集。",
+ "type" : "Struct(aggregation)"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-namespace",
+ "text" : "namespace",
+ "doc" : "要使用的命名空间,其部分由点连接。例如:`my.namespace`。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-table",
+ "text" : "table",
+ "doc" : "与此动作一起使用的表。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-s3-S-s3_upload",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-s3-S-s3_upload-min_part_size",
+ "text" : "min_part_size",
+ "doc" : "多部分上传的最小部分大小。
\n上传的数据将在内存中累积,直到达到此大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"5mb\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-s3-S-s3_upload-max_part_size",
+ "text" : "max_part_size",
+ "doc" : "多部分上传的最大部分大小。
\nS3 上传器不会尝试上传超过此大小的部分。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"5gb\""
+ }
+ ],
+ "text" : "s3_upload",
+ "doc" : "控制 S3 上传的参数集。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters-S-action_parameters-s3",
+ "text" : "s3",
+ "doc" : "控制 S3 上传的参数集。",
+ "type" : "Struct(s3_upload)",
+ "default" : "{max_part_size = \"5gb\", min_part_size = \"5mb\"}"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "动作的参数集。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-parameters",
+ "text" : "parameters",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "10000"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables-S-s3tables-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "s3tables",
+ "doc" : "将传入事件附加到 S3Tables 的动作。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3tables",
+ "text" : "s3tables",
+ "doc" : "S3Tables Action Config",
+ "type" : "Map($name->Struct(s3tables))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters-target_topic",
+ "text" : "target_topic",
+ "doc" : "被转发消息的主题
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${topic}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters-target_qos",
+ "text" : "target_qos",
+ "doc" : "被转发消息的服务质量 (QoS),-1 表示与原始主题相同",
+ "type" : "Integer(0..2)"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters-S-parameters-template",
+ "text" : "template",
+ "doc" : "模版
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ }
+ ],
+ "text" : "parameters",
+ "doc" : "Syskeeper 动作的参数"
+ }
+ ],
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-parameters",
+ "text" : "parameters",
+ "doc" : "Syskeeper 动作的参数",
+ "type" : "Struct(parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-start_after_created",
+ "text" : "start_after_created",
+ "doc" : "是否在创建资源后立即启动资源。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-start_timeout",
+ "text" : "start_timeout",
+ "doc" : "在回复资源创建请求前等待资源进入健康状态的时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-auto_restart_interval",
+ "text" : "auto_restart_interval",
+ "doc" : "Deprecated since 5.1.0.",
+ "type" : "OneOf(String(\"infinity\"),Duration)"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-enable_queue",
+ "text" : "enable_queue",
+ "doc" : "Deprecated since v5.0.14.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts-S-creation_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "creation_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-syskeeper_forwarder-S-config-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(creation_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "config",
+ "doc" : "Syskeeper 动作的配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-syskeeper_forwarder",
+ "text" : "syskeeper_forwarder",
+ "doc" : "Syskeeper Forwarder Action Config",
+ "type" : "Map($name->Struct(config))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message-S-producer_pulsar_message",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message-S-producer_pulsar_message-key",
+ "text" : "key",
+ "doc" : "渲染 Pulsar 消息键的模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${.clientid}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message-S-producer_pulsar_message-value",
+ "text" : "value",
+ "doc" : "渲染 Pulsar 消息值的模版。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${.}\""
+ }
+ ],
+ "text" : "producer_pulsar_message",
+ "doc" : "渲染 Pulsar 消息的模版。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-message",
+ "text" : "message",
+ "doc" : "渲染 Pulsar 消息的模版。",
+ "type" : "Struct(producer_pulsar_message)"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-sync_timeout",
+ "text" : "sync_timeout",
+ "doc" : "同步发布时等待从 Pulsar 接收回执的最大等待时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "生产者在必须等待回执之前可以发送到每个分区的最大消息批次数。\n设置更高的数字可以提高吞吐量。",
+ "type" : "Integer(1..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-pulsar_topic",
+ "text" : "pulsar_topic",
+ "doc" : "Pulsar 主题名称",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-batch_size",
+ "text" : "batch_size",
+ "doc" : "在一个 Pulsar 消息中批处理的单个请求的最大数量。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-compression",
+ "text" : "compression",
+ "doc" : "压缩方法。",
+ "type" : "Enum(no_compression,snappy,zlib)",
+ "default" : "no_compression"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-send_buffer",
+ "text" : "send_buffer",
+ "doc" : "TCP socket 的发送缓存调优。默认值是针对高吞吐量的一个推荐值。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-retention_period",
+ "text" : "retention_period",
+ "doc" : "当没有连接到 Pulsar 代理时,信息将被缓冲的时间。 较长的时间意味着将使用更多的内存/磁盘",
+ "type" : "OneOf(String(\"infinity\"),Duration)",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-max_batch_bytes",
+ "text" : "max_batch_bytes",
+ "doc" : "最大消息批量字节数。大多数 Pulsar 环境的默认最低值是 5 MB,EMQX 的默认值比 5 MB 更小是因为需要补偿 Pulsar 消息编码所需要的额外字节(尤其是当每条消息都很小的情况下)。当单个消息的大小超过该限制时,它仍然会被发送,(相当于该批量中只有单个消息)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"900KB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-strategy",
+ "text" : "strategy",
+ "doc" : "设置消息发布时应该如何选择 Pulsar 分区。\n\nrandom: 为每个消息随机选择一个分区。\nroundrobin: 依次为每条信息挑选可用的生产商。\nkey_dispatch: 将一批信息中的第一条信息的 Pulsar 信息密钥哈希到一个分区编号。",
+ "type" : "Enum(random,roundrobin,key_dispatch)",
+ "default" : "random"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-mode",
+ "text" : "mode",
+ "doc" : "消息缓存模式。\nmemory: 所有的消息都缓存在内存里。如果 EMQX 服务重启,缓存的消息会丢失。\ndisk: 缓存到磁盘上。EMQX 重启后会继续发送重启前未发送完成的消息。\nhybrid: 先将消息缓存在内存中,当内存中的消息堆积超过一定限制(配置项 segment_bytes 描述了该限制)后,后续的消息会缓存到磁盘上。与 memory 模式一样,如果 EMQX 服务重启,缓存的消息会丢失。",
+ "type" : "Enum(memory,disk,hybrid)",
+ "default" : "memory"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-per_partition_limit",
+ "text" : "per_partition_limit",
+ "doc" : "为每个 Pulsar 分区设置的最大缓存字节数。当超过这个上限之后,老的消息会被丢弃,为新的消息腾出空间。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-segment_bytes",
+ "text" : "segment_bytes",
+ "doc" : "当缓存模式是 disk 或 hybrid 时适用。该配置用于指定缓存到磁盘上的文件的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"100MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer-S-producer_buffer-memory_overload_protection",
+ "text" : "memory_overload_protection",
+ "doc" : "缓存模式是 memory 或 hybrid 时适用。当系统处于高内存压力时,从队列中丢弃旧的消息以减缓内存增长。注意,该配置仅在 Linux 系统中有效。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "producer_buffer",
+ "doc" : "配置消息缓存的相关参数。\n\n当 EMQX 需要发送的消息超过 Pulsar 处理能力,或者当 Pulsar 临时下线时,EMQX 内部会将消息缓存起来。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters-S-action_parameters-buffer",
+ "text" : "buffer",
+ "doc" : "配置消息缓存的相关参数。\n\n当 EMQX 需要发送的消息超过 Pulsar 处理能力,或者当 Pulsar 临时下线时,EMQX 内部会将消息缓存起来。",
+ "type" : "Struct(producer_buffer)"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "针对动作的详细配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-parameters",
+ "text" : "parameters",
+ "doc" : "针对动作的详细配置。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "Deprecated since 5.8.1.",
+ "type" : "OneOf(Duration,String(\"infinity\"))"
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar-S-publisher_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "publisher_action",
+ "doc" : "发布消息到 Pulsar 主题。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pulsar",
+ "text" : "pulsar",
+ "doc" : "Pulsar Action Config",
+ "type" : "Map($name->Struct(publisher_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL 模板
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload, arrived) values (${id}, ${topic}, ${qos}, ${payload}, TO_TIMESTAMP((${timestamp} :: bigint)/1000))\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "特定于 PostgreSQL 动作的参数配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-parameters",
+ "text" : "parameters",
+ "doc" : "特定于 PostgreSQL 动作的参数配置",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pgsql-S-pgsql_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "pgsql_action",
+ "doc" : "PostgreSQL 动作的配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-pgsql",
+ "text" : "pgsql",
+ "doc" : "PostgreSQL Action Config",
+ "type" : "Map($name->Struct(pgsql_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-local_topic",
+ "text" : "local_topic",
+ "doc" : "将 MQTT 主题或主题过滤器作为数据源(动作输入)。如果使用规则动作作为数据源,则应将此配置保留为空,否则消息将在 Confluent 中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-topic",
+ "text" : "topic",
+ "doc" : "事件中心名称。支持使用模版(例如:`t-${payload.t}`)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-key",
+ "text" : "key",
+ "doc" : "用于呈现 Confluent 消息键的模版。如果模板呈现为空值(即在规则引擎上下文中没有此类数据字段),则使用 Confluent 的 NULL(而不是空字符串)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${.clientid}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message-S-kafka_message-value",
+ "text" : "value",
+ "doc" : "用于呈现 Confluent 消息键的模版。如果模板呈现为空值(即在规则引擎上下文中没有此类数据字段),则使用 Confluent 的 NULL(而不是空字符串)。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${.}\""
+ }
+ ],
+ "text" : "kafka_message",
+ "doc" : "呈现 Confluent 消息的模版。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-message",
+ "text" : "message",
+ "doc" : "呈现 Confluent 消息的模版。",
+ "type" : "Struct(kafka_message)"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_time",
+ "text" : "max_linger_time",
+ "doc" : "每个分区生产者为了收集批量消息进行缓冲的最长等待时间。\n默认值为 0,表示不等待。 对于非内存缓冲模式,建议配置至少 5ms 以减少 IOPS(每秒输入输出操作次数)。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_linger_bytes",
+ "text" : "max_linger_bytes",
+ "doc" : "每个分区生产者在发送数据前,为了收集批量消息进行缓冲,最多可以等待的消息字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"10MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_batch_bytes",
+ "text" : "max_batch_bytes",
+ "doc" : "最大 Confluent 消息批量字节数。大多数 Kafka 环境的默认最低值是 1 MB,EMQX 的默认值比 1 MB 更小是因为需要补偿 Kafka 消息编码所需要的额外字节(尤其是当每条消息都很小的情况下)。当单个消息的大小超过该限制时,它仍然会被发送,(相当于该批量中只有单个消息)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"896KB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-compression",
+ "text" : "compression",
+ "doc" : "压缩方法。",
+ "type" : "Enum(no_compression,snappy,gzip)",
+ "default" : "no_compression"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-partition_strategy",
+ "text" : "partition_strategy",
+ "doc" : "分区策略是用来指导生产者如何将消息分配到 Confluent 的各个分区。\n\nrandom: 为每条消息随机选择一个分区。\nkey_dispatch: 根据 Confluent 消息键的哈希值将消息分配到分区,确保拥有相同键的消息能够一致地被分配到特定分区。",
+ "type" : "Enum(random,key_dispatch)",
+ "default" : "random"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-required_acks",
+ "text" : "required_acks",
+ "doc" : "Confluent 分区领导者的确认标准。它确定了在向 EMQX Confluent 生产者回送确认前,需要从追随者分区获得的确认等级。\n\nall_isr:要求所有同步副本进行确认。\nleader_only:仅要求分区领导者的确认。",
+ "type" : "Enum(all_isr,leader_only,none)",
+ "default" : "all_isr"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_headers",
+ "text" : "kafka_headers",
+ "doc" : "提供用作 Confluent 头部的占位符
\n例如${pub_props}
\n注意,占位符的值必须是对象:\n{\"foo\": \"bar\"}\n或键值对数组:\n[{\"key\": \"foo\", \"value\": \"bar\"}]
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_key",
+ "text" : "kafka_ext_header_key",
+ "doc" : "Kafka 头部的键。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers-S-producer_kafka_ext_headers-kafka_ext_header_value",
+ "text" : "kafka_ext_header_value",
+ "doc" : "Kafka 头部的值。支持格式为 ${var} 的占位符。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ }
+ ],
+ "text" : "producer_kafka_ext_headers",
+ "doc" : "请提供更多的 Kafka 头部键值对
\n这里的键值对将与 kafka_headers 字段的值合并,然后发送到 Kafka。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_ext_headers",
+ "text" : "kafka_ext_headers",
+ "doc" : "请提供更多的 Confluent 头部键值对
\n这里的键值对将与kafka_headers字段的值结合后发送给 Confluent。",
+ "type" : "Array(Struct(producer_kafka_ext_headers))"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-kafka_header_value_encode_mode",
+ "text" : "kafka_header_value_encode_mode",
+ "doc" : "Confluent 头部值编码模式
\n - None:仅向 Confluent 头部添加二进制值;
\n - JSON:仅向 Confluent 头部添加 JSON 值,并在发送前将其编码为 JSON 字符串。",
+ "type" : "Enum(none,json)",
+ "default" : "none"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-partition_count_refresh_interval",
+ "text" : "partition_count_refresh_interval",
+ "doc" : "Confluent 生产者发现分区数量增加的时间间隔。\n在 Confluent 中增加分区数量后,EMQX 将开始根据partition_strategy\n在分发消息时考虑新发现的分区。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-partitions_limit",
+ "text" : "partitions_limit",
+ "doc" : "限制为给定主题产生数据的分区数量。\n特殊值 all_partitions 用于利用主题的所有分区。\n设置的值如果大于分区总数则无效。",
+ "type" : "OneOf(String(\"all_partitions\"),Integer(1..+inf))",
+ "default" : "all_partitions"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-max_inflight",
+ "text" : "max_inflight",
+ "doc" : "Confluent 生产者在接收到 Confluent 的确认之前,每个分区允许发送的批次的最大数量。较高的值通常意味着更好的吞吐量。然而,当这个值大于1时,可能会有消息重新排序的风险。",
+ "type" : "Integer(1..+inf)",
+ "default" : "10"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-mode",
+ "text" : "mode",
+ "doc" : "消息缓存模式。\nmemory: 所有的消息都缓存在内存里。如果 EMQX 服务重启,缓存的消息会丢失。\ndisk: 缓存到磁盘上。EMQX 重启后会继续发送重启前未发送完成的消息。\nhybrid: 先将消息缓存在内存中,当内存中的消息堆积超过一定限制(配置项 segment_bytes 描述了该限制)后,后续的消息会缓存到磁盘上。与 memory 模式一样,如果 EMQX 服务重启,缓存的消息会丢失。",
+ "type" : "Enum(memory,disk,hybrid)",
+ "default" : "memory"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-per_partition_limit",
+ "text" : "per_partition_limit",
+ "doc" : "为每个 Kafka 分区设置的最大缓存字节数。当超过这个上限之后,老的消息会被丢弃,为新的消息腾出空间。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-segment_bytes",
+ "text" : "segment_bytes",
+ "doc" : "当缓存模式是 disk 或 hybrid 时适用。该配置用于指定缓存到磁盘上的文件的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"10MB\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer-S-producer_buffer-memory_overload_protection",
+ "text" : "memory_overload_protection",
+ "doc" : "缓存模式是 memory 或 hybrid 时适用。当系统处于高内存压力时,从队列中丢弃旧的消息以减缓内存增长。注意,该配置仅在 Linux 系统中有效。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "producer_buffer",
+ "doc" : "配置消息缓存的相关参数。\n\n当 EMQX 需要发送的消息超过 Kafka 处理能力,或者当 Kafka 临时下线时,EMQX 内部会将消息缓存起来。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-buffer",
+ "text" : "buffer",
+ "doc" : "配置生产者消息缓冲区。\n\n在 EMQX 有更多消息需要发送而 Confluent 跟不上时,或者 Confluent 宕机时,告诉 Confluent 生产者如何缓冲消息。",
+ "type" : "Struct(producer_buffer)"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "查询模式。可选'sync/async',默认'async'。",
+ "type" : "Enum(async,sync)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters-S-producer_kafka_opts-sync_query_timeout",
+ "text" : "sync_query_timeout",
+ "doc" : "此参数定义同步查询的超时限制。仅在动作查询模式配置为'sync'时适用。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ }
+ ],
+ "text" : "producer_kafka_opts",
+ "doc" : "Confluent 生产者配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-parameters",
+ "aliases" : [
+ "kafka"
+ ],
+ "text" : "parameters",
+ "doc" : "Confluent 生产者配置。",
+ "type" : "Struct(producer_kafka_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-resource_opts-S-resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-resource_opts-S-resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-resource_opts-S-resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ }
+ ],
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-resource_opts",
+ "text" : "resource_opts",
+ "type" : "Struct(resource_opts)",
+ "default" : "{}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-confluent_producer-S-actions-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ }
+ ],
+ "text" : "actions",
+ "doc" : "动作的配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-confluent_producer",
+ "text" : "confluent_producer",
+ "doc" : "Confluent Actions Config",
+ "type" : "Map($name->Struct(actions))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-template",
+ "text" : "template",
+ "doc" : "模板, 默认为空,为空时将会将整个消息转发给 RocketMQ。
\n 模板可以是任意带有占位符的合法字符串, 例如:
${id}, ${username}, ${clientid}, ${timestamp}
\n {\"id\" : ${id}, \"username\" : ${username}}
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-strategy",
+ "text" : "strategy",
+ "doc" : "生产者键派发策略,默认为 `roundrobin`,也支持占位符,如:`clientid`、`messageid`、`username`。",
+ "type" : "OneOf(String(\"roundrobin\"),String)",
+ "default" : "roundrobin"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-topic",
+ "text" : "topic",
+ "doc" : "RocketMQ 主题
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "TopicTest"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-sync_timeout",
+ "text" : "sync_timeout",
+ "doc" : "RocketMQ 驱动同步调用的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "RocketMQ 主题路由更新间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters-S-action_parameters-send_buffer",
+ "text" : "send_buffer",
+ "doc" : "RocketMQ 驱动的套字节发送消息的缓冲区大小
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1024KB\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "针对动作的详细配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-parameters",
+ "text" : "parameters",
+ "doc" : "针对动作的详细配置。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rocketmq-S-rocketmq_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "rocketmq_action",
+ "doc" : "RocketMQ 动作的配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-rocketmq",
+ "text" : "rocketmq",
+ "doc" : "RocketMQ Action Config",
+ "type" : "Map($name->Struct(rocketmq_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-parameters-S-action_parameters-write_mode",
+ "text" : "write_mode",
+ "doc" : "日志是同步写入还是异步写入磁盘。",
+ "type" : "Enum(sync,async)",
+ "default" : "sync"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-parameters-S-action_parameters-template",
+ "text" : "template",
+ "doc" : "要写入的 JSON 对象的内容,支持使用模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${.}\""
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "该操作的一组参数。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-parameters",
+ "text" : "parameters",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-disk_log-S-disk_log-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "disk_log",
+ "doc" : "将接收到的事件追加到本地循环日志文件(JSON 行格式)中的操作。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-disk_log",
+ "text" : "disk_log",
+ "doc" : "Disk Log Action Config",
+ "type" : "Map($name->Struct(disk_log))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-parameters-S-action_parameters-sql",
+ "text" : "sql",
+ "doc" : "SQL 模板
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"insert into t_mqtt_msg(msgid, topic, qos, payload) values ( ${id}, ${topic}, ${qos}, ${payload} )\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-parameters-S-action_parameters-undefined_vars_as_null",
+ "text" : "undefined_vars_as_null",
+ "doc" : "写入数据库时,将未定义的变量视为 NULL。\n启用此选项时,如果模板中使用了未定义的变量(如 ${var}),它们将被替换为 \"NULL\",而不是字符串 \"undefined\"。如果此选项未启用(默认),则可能插入字符串 \"undefined\"。\n如果可能,此选项应始终设置为 `true`;默认值 `false` 仅用于确保向后兼容性。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "针对动作的详细配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-parameters",
+ "text" : "parameters",
+ "doc" : "针对动作的详细配置。",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-sqlserver-S-sqlserver_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "sqlserver_action",
+ "doc" : "Microsoft SOL Server 动作的配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-sqlserver",
+ "text" : "sqlserver",
+ "doc" : "Microsoft SOL Server 动作的配置。",
+ "type" : "Map($name->Struct(sqlserver_action))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-mode",
+ "text" : "mode",
+ "doc" : "启用基于时间的传入事件聚合,并将它们作为一个单独的对象上传到 S3 服务。",
+ "type" : "String(\"aggregated\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-container_csv",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-container_csv-type",
+ "text" : "type",
+ "doc" : "记录(事件)将被聚合并作为 CSV 文件上传。",
+ "type" : "String(\"csv\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-container_csv-column_order",
+ "text" : "column_order",
+ "doc" : "事件字段将在生成的 CSV 文件中按此顺序排列为列。
\n无论此设置如何,生成的 CSV 都将包含所有聚合事件的字段,但所有未在此明确提及的列将在此处列出的列之后按字典顺序排列。",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "container_csv",
+ "doc" : "记录(事件)将被聚合并作为 CSV 文件上传。"
+ },
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-container_json_lines",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container-S-container_json_lines-type",
+ "text" : "type",
+ "doc" : "记录(事件)将被聚合并且作为 [JSON Lines](https://jsonlines.org/) 文件上传。",
+ "type" : "String(\"json_lines\")"
+ }
+ ],
+ "text" : "container_json_lines",
+ "doc" : "记录(事件)将被聚合并且作为 [JSON Lines](https://jsonlines.org/) 文件上传。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-container",
+ "text" : "container",
+ "doc" : "规定包含聚合事件的上传文件格式的设置。",
+ "type" : "OneOf(Struct(container_csv),Struct(container_json_lines))",
+ "default" : "{type = csv}"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation-S-s3_aggregation",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation-S-s3_aggregation-time_interval",
+ "text" : "time_interval",
+ "doc" : "上传前,事件将在单个对象中聚合的时间长度。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"30m\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation-S-s3_aggregation-max_records",
+ "text" : "max_records",
+ "doc" : "每个聚合对象可以包含的最大记录(事件)数量。虽然每次上传不会超过这个限制,但可能包含较少的事件。如果事件发生率很高,在同一时间间隔内可能会有多次聚合上传,这些上传将具有不同但连续的序列号,这些序列号将成为 S3 对象键的一部分。",
+ "type" : "Integer(1..+inf)",
+ "default" : "\"100000\""
+ }
+ ],
+ "text" : "s3_aggregation",
+ "doc" : "管理聚合过程的参数集。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-aggregation",
+ "text" : "aggregation",
+ "doc" : "管理聚合过程的参数集。",
+ "type" : "Struct(s3_aggregation)"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-bucket",
+ "text" : "bucket",
+ "doc" : "S3 桶的名称。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-key",
+ "text" : "key",
+ "doc" : "聚合上传的 S3 对象键模板。
\n此模板可以包含以下变量的占位符:\n\n${action}: 操作的名称(必须)。${node}: 执行上传的 EMQX 节点的名称(必需)。${datetime.{format}}: 聚合开始的日期和时间,按照 {format} 字符串格式化(必需),包括:\n \n ${datetime.rfc3339utc}: 使用 RFC3339 格式化的 UTC 日期和时间。${datetime.rfc3339}: 使用 RFC3339 格式化的本地时区日期和时间。${datetime.unix}: Unix 时间戳。
\n${datetime_until.{format}}: 聚合结束的日期和时间,使用相同的格式化选项。${sequence}: 同一时间间隔内聚合上传的序列号(必需)。
\n所有其他占位符均被视为无效。请注意,标记为必需的占位符如果在模板中缺失,将作为路径后缀添加到 S3 对象键中。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-acl",
+ "text" : "acl",
+ "doc" : "上传对象使用的 ACL。",
+ "type" : "Enum(private,public_read,public_read_write,authenticated_read,bucket_owner_read,bucket_owner_full_control)"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-headers",
+ "text" : "headers",
+ "doc" : "包含在 S3 对象上传请求中的 HTTP 请求头,用于指定 S3 对象的内容类型、内容编码以及其他属性。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-min_part_size",
+ "text" : "min_part_size",
+ "doc" : "多部分上传的最小部分大小。
\n上传的数据将在内存中累积,直到达到此大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"5mb\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_aggregated_upload_parameters-max_part_size",
+ "text" : "max_part_size",
+ "doc" : "多部分上传的最大部分大小。
\nS3 上传器不会尝试上传超过此大小的部分。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"5gb\""
+ }
+ ],
+ "text" : "s3_aggregated_upload_parameters",
+ "doc" : "聚合上传操作的参数集。"
+ },
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-bucket",
+ "text" : "bucket",
+ "doc" : "S3 桶的名称。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-key",
+ "text" : "key",
+ "doc" : "S3 对象的键。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-acl",
+ "text" : "acl",
+ "doc" : "上传对象使用的 ACL。",
+ "type" : "Enum(private,public_read,public_read_write,authenticated_read,bucket_owner_read,bucket_owner_full_control)"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-headers",
+ "text" : "headers",
+ "doc" : "包含在 S3 对象上传请求中的 HTTP 请求头,用于指定 S3 对象的内容类型、内容编码以及其他属性。",
+ "type" : "Map"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-mode",
+ "text" : "mode",
+ "doc" : "启用将事件作为单独的对象上传到 S3 服务。",
+ "type" : "String(\"direct\")",
+ "default" : "direct"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters-S-s3_direct_upload_parameters-content",
+ "text" : "content",
+ "doc" : "S3 对象的内容。支持模板。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${.}\""
+ }
+ ],
+ "text" : "s3_direct_upload_parameters",
+ "doc" : "上传操作的一组参数。操作支持在 S3 存储桶名称、对象键和对象内容中使用模板。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-parameters",
+ "text" : "parameters",
+ "doc" : "将传入事件上传到 S3 API 兼容服务的操作。",
+ "type" : "OneOf(Struct(s3_aggregated_upload_parameters),Struct(s3_direct_upload_parameters))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts-S-s3_upload_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "s3_upload_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3-S-s3-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(s3_upload_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "s3",
+ "doc" : "将传入事件上传到 S3 API 兼容服务的操作。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-s3",
+ "text" : "s3",
+ "doc" : "S3 Upload Action Config",
+ "type" : "Map($name->Struct(s3))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-local_topic",
+ "text" : "local_topic",
+ "doc" : "MQTT 主题或主题过滤器作为数据源(动作输入)。 如果规则动作用作数据源,则应将此配置留空,否则消息将在远程系统中重复。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template-S-key_value_pair",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template-S-key_value_pair-key",
+ "text" : "key",
+ "doc" : "键
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template-S-key_value_pair-value",
+ "text" : "value",
+ "doc" : "值
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ }
+ ],
+ "text" : "key_value_pair",
+ "doc" : "键值对"
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-attributes_template",
+ "text" : "attributes_template",
+ "doc" : "格式化出站消息属性的模板。未定义的值将被呈现为空字符串值。属性映射中的空键将被移除。",
+ "type" : "Array(Struct(key_value_pair))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-ordering_key_template",
+ "text" : "ordering_key_template",
+ "doc" : "格式化出站消息排序键的模板。未定义的值将被呈现为空字符串值。如果此值为空,则不会将其添加到消息中。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-payload_template",
+ "text" : "payload_template",
+ "doc" : "用于格式化外发信息的模板。 如果未定义,将以 JSON 格式发送所有可用的上下文。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters-S-action_parameters-pubsub_topic",
+ "text" : "pubsub_topic",
+ "doc" : "要发布消息的 GCP PubSub 主题。",
+ "type" : "String"
+ }
+ ],
+ "text" : "action_parameters",
+ "doc" : "动作的具体配置。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-parameters",
+ "text" : "parameters",
+ "doc" : "动作的配置",
+ "type" : "Struct(action_parameters)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_reference",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_reference-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"reference\")"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_reference-type",
+ "text" : "type",
+ "doc" : "回退操作的类型。",
+ "type" : "OneOf(String(\"doris\"),String(\"clickhouse\"),String(\"rabbitmq\"),String(\"mqtt\"),String(\"dynamo\"),String(\"timescale\"),String(\"kafka_producer\"),String(\"datalayers\"),String(\"couchbase\"),String(\"mongodb\"),String(\"matrix\"),String(\"elasticsearch\"),String(\"http\"),String(\"azure_blob_storage\"),String(\"oracle\"),String(\"cassandra\"),String(\"opents\"),String(\"hstreamdb\"),String(\"kinesis\"),String(\"snowflake\"),String(\"tdengine\"),String(\"influxdb\"),String(\"redis\"),String(\"greptimedb\"),String(\"tablestore\"),String(\"mysql\"),String(\"iotdb\"),String(\"azure_event_hub_producer\"),String(\"s3tables\"),String(\"syskeeper_forwarder\"),String(\"pulsar\"),String(\"pgsql\"),String(\"confluent_producer\"),String(\"rocketmq\"),String(\"disk_log\"),String(\"sqlserver\"),String(\"s3\"),String(\"gcp_pubsub_producer\"))"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_reference-name",
+ "text" : "name",
+ "doc" : "回退操作的名称。",
+ "type" : "String"
+ }
+ ],
+ "text" : "fallback_action_reference",
+ "doc" : "如果此操作的查询失败,将触发的回退操作。 触发主操作的相同消息上下文将被原样发送到回退操作。"
+ },
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-kind",
+ "text" : "kind",
+ "doc" : "回退操作的类别。",
+ "type" : "String(\"republish\")"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-topic",
+ "text" : "topic",
+ "doc" : "重新发布消息的目标主题。\n允许使用带有变量的模板,请参阅“republish_args”的描述。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-qos",
+ "text" : "qos",
+ "doc" : "要重新发布的消息的 qos。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${qos}。 如果从规则的选择结果中没有找到变量 ${qos},则使用 0。",
+ "type" : "OneOf(Integer(0..2),String)",
+ "default" : "\"${qos}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-retain",
+ "text" : "retain",
+ "doc" : "要重新发布的消息的“保留”标志。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${retain}。 如果从所选结果中未找到变量 ${retain},则使用 false。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "\"${retain}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-payload",
+ "text" : "payload",
+ "doc" : "要重新发布的消息的有效负载。允许使用带有变量的模板,请参阅“republish_args”的描述。\n默认为 ${payload}。 如果从所选结果中未找到变量 ${payload},则使用字符串 \"undefined\"。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${payload}\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Payload-Format-Indicator",
+ "text" : "Payload-Format-Indicator",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Message-Expiry-Interval",
+ "text" : "Message-Expiry-Interval",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Content-Type",
+ "text" : "Content-Type",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Response-Topic",
+ "text" : "Response-Topic",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties-S-republish_mqtt_properties-Correlation-Data",
+ "text" : "Correlation-Data",
+ "doc" : "在消息重发布时可设置的 MQTT 属性。",
+ "type" : "String"
+ }
+ ],
+ "text" : "republish_mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-mqtt_properties",
+ "text" : "mqtt_properties",
+ "doc" : "从消息中应该获取哪个变量作为消息的 MQTT 发布属性。\n可以使用像${.payload.content_type}这样的占位符。",
+ "type" : "Struct(republish_mqtt_properties)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-user_properties",
+ "text" : "user_properties",
+ "doc" : "指定使用哪个变量来填充 MQTT 消息的 User-Property 列表。这个变量的值必须是一个 map 类型。\n可以设置成 ${pub_props.'User-Property'} 或者\n使用 SELECT *,pub_props.'User-Property' as user_properties 来把源 MQTT 消息\n的 User-Property 列表用于填充。\n也可以使用 map_put 函数来添加新的 User-Property,\nmap_put('my-prop-name', 'my-prop-value', user_properties) as user_properties\n注意:MQTT 协议允许一个消息中出现多次同一个 property 名,但是 EMQX 的规则引擎不允许。
用于`${.path.to.var}`样式值插值的字符串,其中开头的点是可选的。语法`${.}`表示取值整个对象(包含所有字段)。",
+ "type" : "String",
+ "default" : "\"${user_properties}\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args-S-republish_args-direct_dispatch",
+ "text" : "direct_dispatch",
+ "doc" : "启用直接分发到订阅者,而无需启动新的消息发布事件。\n当设置为 `true` 时,可以防止同一动作递归处理消息,适用于输出消息不需要进一步处理的情况。\n\n然而,启用此功能有几个限制:\n\n- 此动作的输出消息不会被保留。\n- 它不会触发基于此动作的输出主题运行的其他规则。\n- 它不会激活选择 `$events/message_publish` 的规则。\n- 它不会触发使用 `'message.publish'` 钩子的插件。\n- 不会收集此动作输出消息的主题指标。\n- 不会应用消息 schema 验证(EMQX Enterprise 的功能)。\n- 不会应用消息转换过程(EMQX Enterprise 的功能)。",
+ "type" : "OneOf(Boolean,String)",
+ "default" : "false"
+ }
+ ],
+ "text" : "republish_args",
+ "doc" : "内置 'republish' 动作的参数。\n可以在参数中使用变量。\n变量是规则中选择的字段。 例如规则 SQL 定义如下:\n\n SELECT clientid, qos, payload FROM \"t/1\"\n\n然后有 3 个变量可用:clientid、qos 和 payload。 如果我们将参数设置为:\n\n {\n topic = \"t/${clientid}\"\n qos = \"${qos}\"\n payload = \"msg: ${payload}\"\n }\n\n当收到一条消息 payload = `hello`, qos = 1, clientid = `Steve` 时,将重新发布一条新的 MQTT 消息到主题 `t/Steve`\n消息内容为 payload = `msg: hello`, and `qos = 1"
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions-S-fallback_action_republish-args",
+ "text" : "args",
+ "type" : "Struct(republish_args)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "fallback_action_republish",
+ "doc" : "回退操作的消息重发布。其工作方式与规则引擎中的重发布规则操作相同。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-fallback_actions",
+ "text" : "fallback_actions",
+ "doc" : "如果此操作的查询失败,将触发的回退操作列表。",
+ "type" : "Array(OneOf(Struct(fallback_action_reference),Struct(fallback_action_republish)))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-worker_pool_size",
+ "text" : "worker_pool_size",
+ "doc" : "缓存队列 worker 数量。仅对 egress 类型的桥接有意义。当桥接仅有 ingress 方向时,可设置为 0,否则必须大于 0。",
+ "type" : "Integer(1..1024)",
+ "default" : "16"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-query_mode",
+ "text" : "query_mode",
+ "doc" : "请求模式。可选 '同步/异步',默认为'异步'模式。",
+ "type" : "Enum(sync,async)",
+ "default" : "async"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-inflight_window",
+ "aliases" : [
+ "async_inflight_window"
+ ],
+ "text" : "inflight_window",
+ "doc" : "请求飞行队列窗口大小。当请求模式为异步时,如果需要严格保证来自同一 MQTT 客户端的消息有序,则必须将此值设为 1。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-batch_size",
+ "text" : "batch_size",
+ "doc" : "最大批量请求大小。如果设为 1,则无批处理。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-batch_time",
+ "text" : "batch_time",
+ "doc" : "在较低消息率情况下尝试累积批量输出时的最大等待间隔,以提高资源的利用率。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts-S-action_resource_opts-max_buffer_bytes",
+ "aliases" : [
+ "max_queue_bytes"
+ ],
+ "text" : "max_buffer_bytes",
+ "doc" : "每个缓存 worker 允许使用的最大字节数。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"256MB\""
+ }
+ ],
+ "text" : "action_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer-S-producer_action-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(action_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "producer_action",
+ "doc" : "动作的配置"
+ }
+ ],
+ "hash" : "V-actions-S-actions-gcp_pubsub_producer",
+ "text" : "gcp_pubsub_producer",
+ "doc" : "GCP PubSub Producer Action Config",
+ "type" : "Map($name->Struct(producer_action))"
+ }
+ ],
+ "text" : "actions",
+ "doc" : "数据桥接的配置信息"
+ }
+ ],
+ "hash" : "V-actions",
+ "text" : "actions",
+ "type" : "Struct(actions)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-rabbitmq-S-subscriber_source",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters-queue",
+ "text" : "queue",
+ "doc" : "RabbitMQ 代理的队列名称。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters-wait_for_publish_confirmations",
+ "text" : "wait_for_publish_confirmations",
+ "doc" : "一个布尔值,指示在使用发布者确认时是否等待 RabbitMQ 确认消息发布。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters-S-source_parameters-no_ack",
+ "text" : "no_ack",
+ "doc" : "在从 RabbitMQ 代理消费消息时是否使用 no_ack 模式。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "source_parameters",
+ "doc" : "Source 配置定义了此数据输入如何从远程 RabbitMQ 代理接收消息。"
+ }
+ ],
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-parameters",
+ "text" : "parameters",
+ "doc" : "Source 配置定义了此数据输入如何从远程 RabbitMQ 代理接收消息。",
+ "type" : "Struct(source_parameters)"
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts-S-source_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts-S-source_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts-S-source_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts-S-source_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ }
+ ],
+ "text" : "source_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-sources-S-sources-rabbitmq-S-subscriber_source-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(source_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "subscriber_source",
+ "doc" : "Source 配置"
+ }
+ ],
+ "hash" : "V-sources-S-sources-rabbitmq",
+ "text" : "rabbitmq",
+ "doc" : "MQTT Subscriber Source Config",
+ "type" : "Map($name->Struct(subscriber_source))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-no_local",
+ "text" : "no_local",
+ "doc" : "在订阅远程主题时是否设置 no-local 标志。如果设置为 true,并且你使用相同的连接器向你也订阅的主题发布消息,则此设置可防止服务器将你自己发布的消息转发回你。仅在使用 MQTT 协议版本 5 时生效。请注意,如果你使用的工作线程池大小大于 1,你仍然会收到重复的消息。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-topic",
+ "text" : "topic",
+ "doc" : "从远程代理接收消息的主题",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters-S-ingress_parameters-qos",
+ "text" : "qos",
+ "doc" : "订阅远程代理时要使用的 QoS 级别.",
+ "type" : "Integer(0..2)",
+ "default" : "1"
+ }
+ ],
+ "text" : "ingress_parameters",
+ "doc" : "Source 的具体配置"
+ }
+ ],
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-parameters",
+ "text" : "parameters",
+ "type" : "Struct(ingress_parameters)"
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts-S-source_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ }
+ ],
+ "text" : "source_resource_opts",
+ "doc" : "资源启动相关的选项。"
+ }
+ ],
+ "hash" : "V-sources-S-sources-mqtt-S-mqtt_subscriber_source-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(source_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "mqtt_subscriber_source",
+ "doc" : "订阅 Source 的配置。"
+ }
+ ],
+ "hash" : "V-sources-S-sources-mqtt",
+ "text" : "mqtt",
+ "doc" : "MQTT Subscriber Source Config",
+ "type" : "Map($name->Struct(mqtt_subscriber_source))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-gcp_pubsub_consumer-S-consumer_source",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters-S-source_parameters",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters-S-source_parameters-topic",
+ "text" : "topic",
+ "doc" : "要发布消息的 GCP PubSub 主题。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters-S-source_parameters-pull_max_messages",
+ "text" : "pull_max_messages",
+ "doc" : "从 GCP PubSub 中在一个拉取请求里检索的最大消息数。 实际数量可能小于指定的值。",
+ "type" : "Integer(1..+inf)",
+ "default" : "100"
+ }
+ ],
+ "text" : "source_parameters",
+ "doc" : "针对 Source 的详细配置。"
+ }
+ ],
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-parameters",
+ "text" : "parameters",
+ "doc" : "Source 配置。",
+ "type" : "Struct(source_parameters)"
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts-S-source_resource_opts-request_ttl",
+ "aliases" : [
+ "request_timeout"
+ ],
+ "text" : "request_ttl",
+ "doc" : "从请求进入缓冲区的时刻开始,如果请求在指定的时间内仍然停留在缓冲区中,或者已经发送但没有及时收到响应或确认,该请求将被视为过期。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"45s\""
+ }
+ ],
+ "text" : "source_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer-S-consumer_source-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(source_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "consumer_source",
+ "doc" : "Source 配置。"
+ }
+ ],
+ "hash" : "V-sources-S-sources-gcp_pubsub_consumer",
+ "text" : "gcp_pubsub_consumer",
+ "doc" : "GCP PubSub Consumer Source Config",
+ "type" : "Map($name->Struct(consumer_source))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-kafka_consumer-S-consumer_source",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-topic",
+ "text" : "topic",
+ "doc" : "指定从哪个 Kafka 主题消费消息。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-group_id",
+ "text" : "group_id",
+ "doc" : "用于此 Source 的消费者组标识符。如果省略,将自动生成一个基于 Source 名称的标识符。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-max_wait_time",
+ "text" : "max_wait_time",
+ "doc" : "等待 Kafka broker 发送拉取响应的最长时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"1s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-max_batch_bytes",
+ "text" : "max_batch_bytes",
+ "doc" : "设置每次从 Kafka 拉取数据的字节数。\n消息由消费者批量拉取,如果第一个非空\n分区中的第一个记录批次大于此值,记录批次仍将被返回,以确保\n消费者能够继续进程。因此,这不是绝对的最大值。设置为 1 可实现最低延迟。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"896KB\""
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-offset_reset_policy",
+ "text" : "offset_reset_policy",
+ "doc" : "如不存在偏移量历史记录或历史记录失效,消费者应使用哪个偏移量开始消费。",
+ "type" : "Enum(latest,earliest)",
+ "default" : "latest"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-offset_commit_interval_seconds",
+ "text" : "offset_commit_interval_seconds",
+ "doc" : "指定 Kafka 消费组偏移量提交的时间间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-key_encoding_mode",
+ "text" : "key_encoding_mode",
+ "doc" : "通过 MQTT 转发之前,如何处理 Kafka 消息的 Key。none 使用 Kafka 消息中的 Key 原始值,不进行编码。 注意:在这种情况下,Key 必须是一个有效的 UTF-8 字符串。\nbase64 对收到的密钥或值使用 base-64 编码。",
+ "type" : "Enum(none,base64)",
+ "default" : "none"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters-S-source_parameters-value_encoding_mode",
+ "text" : "value_encoding_mode",
+ "doc" : "通过 MQTT 转发之前,如何处理 Kafka 消息的 Value。none 使用 Kafka 消息中的 Value 原始值,不进行编码。 注意:在这种情况下,Value 必须是一个有效的 UTF-8 字符串。\nbase64 对收到的 Value 使用 base-64 编码。",
+ "type" : "Enum(none,base64)",
+ "default" : "none"
+ }
+ ],
+ "text" : "source_parameters",
+ "doc" : "针对 Source 的详细配置。"
+ }
+ ],
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-parameters",
+ "text" : "parameters",
+ "doc" : "Source 配置。",
+ "type" : "Struct(source_parameters)"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-connector",
+ "text" : "connector",
+ "doc" : "由动作指定的连接器名称,用于选择外部资源。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-tags",
+ "text" : "tags",
+ "doc" : "连接器的标签",
+ "type" : "Array(String)"
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-description",
+ "text" : "description",
+ "doc" : "描述性文本。",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts-S-source_resource_opts",
+ "fields" : [
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_interval",
+ "text" : "health_check_interval",
+ "doc" : "健康检查间隔。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_interval_jitter",
+ "text" : "health_check_interval_jitter",
+ "doc" : "一个均匀的随机延迟将被添加到健康检查间隔中,以便来自同一 Connector 的动作和源在不同的时刻开始它们的健康检查。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0ms\""
+ },
+ {
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts-S-source_resource_opts-health_check_timeout",
+ "text" : "health_check_timeout",
+ "doc" : "健康检查超时。如果健康检查调用返回结果的时间超过此时间,则资源被视为断开连接。",
+ "type" : "OneOf(Duration,String(\"infinity\"))",
+ "default" : "\"60s\""
+ }
+ ],
+ "text" : "source_resource_opts",
+ "doc" : "资源相关的选项。"
+ }
+ ],
+ "hash" : "V-sources-S-sources-kafka_consumer-S-consumer_source-resource_opts",
+ "text" : "resource_opts",
+ "doc" : "资源相关的选项。",
+ "type" : "Struct(source_resource_opts)",
+ "default" : "{}"
+ }
+ ],
+ "text" : "consumer_source",
+ "doc" : "Source 配置。"
+ }
+ ],
+ "hash" : "V-sources-S-sources-kafka_consumer",
+ "text" : "kafka_consumer",
+ "doc" : "Kafka Consumer Source Config",
+ "type" : "Map($name->Struct(consumer_source))"
+ }
+ ],
+ "text" : "sources",
+ "doc" : "Source 的配置。"
+ }
+ ],
+ "hash" : "V-sources",
+ "text" : "sources",
+ "type" : "Struct(sources)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-retainer-S-retainer",
+ "fields" : [
+ {
+ "hash" : "V-retainer-S-retainer-msg_expiry_interval",
+ "text" : "msg_expiry_interval",
+ "doc" : "消息保留时间。0 代表永久保留
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0s\""
+ },
+ {
+ "hash" : "V-retainer-S-retainer-msg_expiry_interval_override",
+ "text" : "msg_expiry_interval_override",
+ "doc" : "如果设置了此值,它将优先于任何在保留的 MQTT 消息中指定的 `Message-Expiry-Interval` 属性,从而允许消息在必要时更早过期。此覆盖设置仅适用于垃圾回收过程:它不会影响正在写入的消息的过期时间,也不会影响在迭代过程中已经写入的消息的过期时间。因此,当覆盖时,可能会被垃圾回收的消息在订阅保留主题时仍然可见。",
+ "type" : "OneOf(String(\"disabled\"),Duration)",
+ "default" : "disabled"
+ },
+ {
+ "hash" : "V-retainer-S-retainer-allow_never_expire",
+ "text" : "allow_never_expire",
+ "doc" : "如果为 true,设置为永不过期的保留消息(即 `Message-Expiry-Interval = 0`)将不会受到过期时间覆盖的影响。此配置仅在 `msg_expiry_interval_override` 设置时生效。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-retainer-S-retainer-msg_clear_interval",
+ "text" : "msg_clear_interval",
+ "doc" : "消息清理间隔。0 代表不进行清理
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"0s\""
+ },
+ {
+ "hash" : "V-retainer-S-retainer-max_payload_size",
+ "text" : "max_payload_size",
+ "doc" : "允许存储的保留消息的最大大小。EMQX 将拒绝存储超过此大小的保留消息,并输出包含关键字 'retain_failed_for_payload_size_exceeded_limit' 的错误日志。\n\n0 表示保留消息大小不受限制。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-retainer-S-retainer-stop_publish_clear_msg",
+ "text" : "stop_publish_clear_msg",
+ "doc" : "当 PUBLISH 消息的保留标志被设置且有效载荷为空时,是否继续发布消息。\n参见:\nhttp://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc398718038",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-retainer-S-retainer-delivery_rate",
+ "aliases" : [
+ "deliver_rate"
+ ],
+ "text" : "delivery_rate",
+ "doc" : "发送保留消息的最大速率",
+ "type" : "String",
+ "default" : "\"1000/s\""
+ },
+ {
+ "hash" : "V-retainer-S-retainer-max_publish_rate",
+ "text" : "max_publish_rate",
+ "doc" : "发布保留消息的最大速率。超过该限制发布的消息会被传递,但不会作为保留消息存储。",
+ "type" : "String",
+ "default" : "\"1000/s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-retainer-S-retainer-backend-S-mnesia_config",
+ "fields" : [
+ {
+ "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-type",
+ "text" : "type",
+ "doc" : "后端类型",
+ "type" : "String(\"built_in_database\")",
+ "default" : "built_in_database"
+ },
+ {
+ "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-storage_type",
+ "text" : "storage_type",
+ "doc" : "选择消息是存放在磁盘还是内存中",
+ "type" : "Enum(ram,disc)",
+ "default" : "ram"
+ },
+ {
+ "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-max_retained_messages",
+ "text" : "max_retained_messages",
+ "doc" : "消息保留的数量上限。0 表示无限",
+ "type" : "Integer(0..+inf)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-retainer-S-retainer-backend-S-mnesia_config-index_specs",
+ "text" : "index_specs",
+ "doc" : "Retainer index specifications: list of arrays of positive ascending integers. Each array specifies an index. Numbers in an index specification are 1-based word positions in topics. Words from specified positions will be used for indexing.
For example, it is good to have [2, 4] index to optimize +/X/+/Y/... topic wildcard subscriptions.",
+ "type" : "Array(Integer)",
+ "default" : "[[1, 2, 3], [1, 3], [2, 3], [3]]"
+ }
+ ],
+ "text" : "mnesia_config",
+ "doc" : "Configuration of the internal database storing retained messages."
+ }
+ ],
+ "hash" : "V-retainer-S-retainer-backend",
+ "text" : "backend",
+ "doc" : "保留消息的存储后端",
+ "type" : "Struct(mnesia_config)"
+ }
+ ],
+ "text" : "retainer",
+ "doc" : "Configuration related to handling `PUBLISH` packets with a `retain` flag set to 1."
+ }
+ ],
+ "hash" : "V-retainer",
+ "text" : "retainer",
+ "type" : "Struct(retainer)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-telemetry-S-telemetry",
+ "fields" : [
+ {
+ "hash" : "V-telemetry-S-telemetry-enable",
+ "text" : "enable",
+ "doc" : "设置为 `false` 可以关闭数据发送。",
+ "type" : "Boolean"
+ }
+ ],
+ "text" : "telemetry",
+ "doc" : "是否启用遥测功能,以允许 EMQX 收集相关的使用信息,并将其共享给 EMQ,用于提升您的产品体验。\nEMQX 在任何情况下都不会收集您的个人信息,例如 MAC 地址、IP 地址或发送的消息内容。\n\n详情请参阅:https://docs.emqx.com/zh/emqx/latest/telemetry/telemetry.html。"
+ }
+ ],
+ "hash" : "V-telemetry",
+ "text" : "telemetry",
+ "type" : "Struct(telemetry)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-delayed-S-delayed",
+ "fields" : [
+ {
+ "hash" : "V-delayed-S-delayed-max_delayed_messages",
+ "text" : "max_delayed_messages",
+ "doc" : "延迟消息的数量上限(0 代表不限数量)",
+ "type" : "Integer",
+ "default" : "0"
+ }
+ ],
+ "text" : "delayed",
+ "doc" : "Settings for the delayed module."
+ }
+ ],
+ "hash" : "V-delayed",
+ "text" : "delayed",
+ "type" : "Struct(delayed)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-plugins-S-plugins",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-plugins-S-plugins-states-S-state",
+ "fields" : [
+ {
+ "hash" : "V-plugins-S-plugins-states-S-state-name_vsn",
+ "text" : "name_vsn",
+ "doc" : "插件的名称{name}-{version}。
\n它应该与插件的发布包名称一致,如 my_plugin-0.1.0。",
+ "type" : "String"
+ }
+ ],
+ "text" : "state",
+ "doc" : "描述插件的状态"
+ }
+ ],
+ "hash" : "V-plugins-S-plugins-states",
+ "text" : "states",
+ "doc" : "一组插件的状态。插件将按照定义的顺序启动",
+ "type" : "Array(Struct(state))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-plugins-S-plugins-install_dir",
+ "text" : "install_dir",
+ "doc" : "插件安装包的目录,出于安全考虑,该目录应该值允许 emqx,或用于运行 EMQX 服务的用户拥有写入权限。",
+ "type" : "String",
+ "default" : "plugins"
+ },
+ {
+ "hash" : "V-plugins-S-plugins-check_interval",
+ "text" : "check_interval",
+ "doc" : "Deprecated since 5.0.24.
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration"
+ }
+ ],
+ "text" : "plugins",
+ "doc" : "管理 EMQX 插件。
\n插件可以是 EMQX 安装包中的一部分,也可以是一个独立的安装包。
\n独立安装的插件称为“外部插件”。"
+ }
+ ],
+ "hash" : "V-plugins",
+ "text" : "plugins",
+ "type" : "Struct(plugins)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-listeners-S-listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-http-S-http",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-bind",
+ "text" : "bind",
+ "doc" : "将监听器绑定到指定的地址和端口号,例如 127.0.0.1:18083。\n如果仅配置端口号(例如 18083),则相当于绑定到所有地址 0.0.0.0。\n如果 bind 设置为 0,则禁用监听器。",
+ "type" : "String",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-num_acceptors",
+ "text" : "num_acceptors",
+ "doc" : "TCP 协议的 Socket acceptor 池大小, 通常配置为 CPU 核数",
+ "type" : "Integer",
+ "default" : "4"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-max_connections",
+ "text" : "max_connections",
+ "doc" : "同时处理的最大连接数。",
+ "type" : "Integer",
+ "default" : "512"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-backlog",
+ "text" : "backlog",
+ "doc" : "排队等待连接的队列的最大长度。",
+ "type" : "Integer",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "发送响应内容的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-inet6",
+ "text" : "inet6",
+ "doc" : "启用 IPv6, 如果机器不支持 IPv6,请关闭此选项,否则会导致 Dashboard 无法使用。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-ipv6_v6only",
+ "text" : "ipv6_v6only",
+ "doc" : "当开启 inet6 功能的同时禁用 IPv4-to-IPv6 映射。该配置仅在 inet6 功能开启时有效。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http-S-http-proxy_header",
+ "text" : "proxy_header",
+ "doc" : "启用 Proxy Protocol 以提取客户端连接的原始信息,要求使用了代理服务器并且代理服务器也启用 Proxy Protocol。注意:一旦开启了这个功能,就无法再处理普通的 HTTP 请求。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "http",
+ "doc" : "Dashboard 监听器的配置(plaintext)。"
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-http",
+ "text" : "http",
+ "doc" : "HTTP 监听器的设置。",
+ "type" : "Struct(http)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-https-S-https",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-bind",
+ "text" : "bind",
+ "doc" : "将监听器绑定到指定的地址和端口号,例如 127.0.0.1:18083。\n如果仅配置端口号(例如 18083),则相当于绑定到所有地址 0.0.0.0。\n如果 bind 设置为 0,则禁用监听器。",
+ "type" : "String",
+ "default" : "0"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options-S-ssl_options-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ssl_options",
+ "doc" : "Dashboard 监听器的 SSL/TLS 选项。"
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "Dashboard 监听器的 SSL/TLS 选项。",
+ "type" : "Struct(ssl_options)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-num_acceptors",
+ "text" : "num_acceptors",
+ "doc" : "TCP 协议的 Socket acceptor 池大小, 通常配置为 CPU 核数",
+ "type" : "Integer",
+ "default" : "4"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-max_connections",
+ "text" : "max_connections",
+ "doc" : "同时处理的最大连接数。",
+ "type" : "Integer",
+ "default" : "512"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-backlog",
+ "text" : "backlog",
+ "doc" : "排队等待连接的队列的最大长度。",
+ "type" : "Integer",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "发送响应内容的超时时间。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-inet6",
+ "text" : "inet6",
+ "doc" : "启用 IPv6, 如果机器不支持 IPv6,请关闭此选项,否则会导致 Dashboard 无法使用。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-ipv6_v6only",
+ "text" : "ipv6_v6only",
+ "doc" : "当开启 inet6 功能的同时禁用 IPv4-to-IPv6 映射。该配置仅在 inet6 功能开启时有效。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https-S-https-proxy_header",
+ "text" : "proxy_header",
+ "doc" : "启用 Proxy Protocol 以提取客户端连接的原始信息,要求使用了代理服务器并且代理服务器也启用 Proxy Protocol。注意:一旦开启了这个功能,就无法再处理普通的 HTTP 请求。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "https",
+ "doc" : "Dashboard 监听器的配置(TLS)。"
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-listeners-S-listeners-https",
+ "text" : "https",
+ "type" : "Struct(https)"
+ }
+ ],
+ "text" : "listeners",
+ "doc" : "Dashboard 监听器配置。"
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-listeners",
+ "text" : "listeners",
+ "doc" : "Dashboard 监听器设置。监听器必须有唯一的端口号和 IP 地址的组合。\n例如,可以通过指定 IP 地址 0.0.0.0 来监听机器上给定端口上的所有配置的 IP 地址。\n或者,可以为每个监听器指定唯一的 IP 地址,但使用相同的端口。",
+ "type" : "Struct(listeners)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-default_password",
+ "text" : "default_password",
+ "doc" : "用于初始化 admin 用户数据库记录的密码。\n注意:在初始化(第一次启动)后更改默认密码将不起作用。\n一旦初始化完成,默认密码 public 必须尽快通过 Dashboard 或 CLI 更改。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret",
+ "default" : "public"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-hwmark_expire_time",
+ "text" : "hwmark_expire_time",
+ "doc" : "指定高水位线指标的过期间隔,例如会话历史高水位线 (`sessions_hist_hwmark`)。\n高水位线在配置的持续时间内有效。\n当它过期时,系统会扫描到目前为止记录的值,并将高水位线更新为观察到的最高值。\n注意:时间不得超过 7 天 (`7d`)
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"7d\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-token_expired_time",
+ "text" : "token_expired_time",
+ "doc" : "登录成功返回的 JWT token 过期时间,默认为 60 分钟。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"60m\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-password_expired_time",
+ "text" : "password_expired_time",
+ "doc" : "用户密码的过期时间。默认值 `0` 表示密码永不过期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "0"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-cors",
+ "text" : "cors",
+ "doc" : "CORS(Cross-Origin Resource Sharing,跨域资源共享)允许服务器响应来自任何来源(域名、协议或端口)的请求,启用后允许另一个域名下的服务直接通过 JavaScript 调用 EMQX REST API。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-swagger_support",
+ "text" : "swagger_support",
+ "doc" : "启用或禁用对 Swagger API 文档的支持。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-default_mfa-S-mfa_settings",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-default_mfa-S-mfa_settings-mechanism",
+ "text" : "mechanism",
+ "doc" : "多重身份认证(MFA)机制。",
+ "type" : "Enum(totp)"
+ }
+ ],
+ "text" : "mfa_settings",
+ "doc" : "多重身份认证(MFA)设置。"
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-default_mfa",
+ "text" : "default_mfa",
+ "doc" : "Dashboard 的默认多重身份认证(MFA)设置。\n当设置为 `none` 时,可在 Dashboard 为每个用户单独启用 MFA。\n如果设置为 `{mechanism = totp}`,用户在首次登录时将自动初始化一个随机的 TOTP 密钥。",
+ "type" : "OneOf(String(\"none\"),Struct(mfa_settings))",
+ "default" : "none"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-sso-S-sso",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-enable",
+ "text" : "enable",
+ "doc" : "是否启用该后端",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "Enum(ldap)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-query_timeout",
+ "text" : "query_timeout",
+ "doc" : "LDAP 查询超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-server",
+ "text" : "server",
+ "doc" : "要连接的 IPv4 或 IPv6 地址或主机名。
\n主机名条目的格式为:`主机[:端口]`。
\n如果 `[:端口]` 未指定, 将使用 LDAP 默认端口 389。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-pool_size",
+ "text" : "pool_size",
+ "doc" : "桥接远端服务时使用的连接池大小。",
+ "type" : "Integer(1..+inf)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-username",
+ "text" : "username",
+ "doc" : "内部数据库的用户名。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-password",
+ "text" : "password",
+ "doc" : "内部数据库密码。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-request_timeout",
+ "text" : "request_timeout",
+ "doc" : "设置每个单独请求所使用的最大时间(以毫秒为单位)。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"10s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl-S-ssl-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。"
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-ssl",
+ "text" : "ssl",
+ "doc" : "启用 SSL 连接。",
+ "type" : "Struct(ssl)",
+ "default" : "{enable = false}"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-base_dn",
+ "text" : "base_dn",
+ "doc" : "与基本对象条目(或根)相关的名称。\n搜索用户的起点。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap-S-ldap-filter",
+ "text" : "filter",
+ "doc" : "LDAP 中匹配用户的过滤器默认为 `(&(objectClass=person)(uid=${username}))`。 对于 Active Directory,默认过滤器是 `(&(objectClass=user)(sAMAccountName=${username}))`。更多详细内容,请参考 [LDAP Filters](https://ldap.com/ldap-filters/)。",
+ "type" : "String",
+ "default" : "\"(& (objectClass=person) (uid=${username}))\""
+ }
+ ],
+ "text" : "ldap",
+ "doc" : "LDAP(轻量目录访问协议)是一种用于通过网络访问和管理目录信息服务的协议。它可以用作单点登录(SSO)提供商,通过绑定到 LDAP 服务器来认证用户。"
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-ldap",
+ "text" : "ldap",
+ "type" : "Struct(ldap)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-enable",
+ "text" : "enable",
+ "doc" : "是否启用该后端",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "Enum(oidc)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-issuer",
+ "text" : "issuer",
+ "doc" : "OIDC 发行者的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-clientid",
+ "text" : "clientid",
+ "doc" : "此后端的 clientId。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-secret",
+ "text" : "secret",
+ "doc" : "客户端密钥。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-scopes",
+ "text" : "scopes",
+ "doc" : "范围,默认值是 `[\"openid\"]`.",
+ "type" : "Array(String)",
+ "default" : "[openid]"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-name_var",
+ "text" : "name_var",
+ "doc" : "将 OIDC 用户信息映射到 Dashboard 名称的模板,默认值是 `${sub}`。",
+ "type" : "String",
+ "default" : "\"${sub}\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-dashboard_addr",
+ "text" : "dashboard_addr",
+ "doc" : "EMQX Dashboard 的地址。",
+ "type" : "String",
+ "default" : "\"http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-session_expiry",
+ "text" : "session_expiry",
+ "doc" : "OIDC `state` 的有效时间范围,默认为 `30s`,如果授权服务器返回的代码响应超过此时间范围,将视为无效。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-require_pkce",
+ "text" : "require_pkce",
+ "doc" : "获取 token 时是否需要 PKCE。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-preferred_auth_methods",
+ "text" : "preferred_auth_methods",
+ "doc" : "设置有效的身份验证方法及其优先级。",
+ "type" : "Array(Enum(private_key_jwt,client_secret_jwt,client_secret_post,client_secret_basic,none))",
+ "default" : "[client_secret_post, client_secret_basic, none]"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-provider",
+ "text" : "provider",
+ "doc" : "支持 OIDC 协议的身份服务提供商。",
+ "type" : "Enum(okta,generic)",
+ "default" : "generic"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-fallback_methods",
+ "text" : "fallback_methods",
+ "doc" : "一些身份提供商在提供商配置中没有提供所有方法项,将此值设置为这些项的回退。",
+ "type" : "Array(String)",
+ "default" : "[RS256]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks-S-client_file_jwks",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks-S-client_file_jwks-type",
+ "text" : "type",
+ "doc" : "JWKS 的来源类型。",
+ "type" : "Enum(file)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks-S-client_file_jwks-file",
+ "text" : "file",
+ "doc" : "JWKS 的内容。",
+ "type" : "String"
+ }
+ ],
+ "text" : "client_file_jwks",
+ "doc" : "从文件中设置 JWKS。"
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc-S-oidc-client_jwks",
+ "text" : "client_jwks",
+ "doc" : "在此处设置 JWK 或 JWKS 以启用 `private_key_jwt` 授权或 `DPoP` 扩展。",
+ "type" : "OneOf(String(\"none\"),Struct(client_file_jwks))",
+ "default" : "none"
+ }
+ ],
+ "text" : "oidc",
+ "doc" : "OpenID Connect(OIDC)是建立在 OAuth 2.0 协议之上的身份层。它允许客户端根据授权服务器执行的身份验证来验证最终用户的身份。"
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-oidc",
+ "text" : "oidc",
+ "type" : "Struct(oidc)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-dashboard-S-dashboard-sso-S-sso-saml-S-saml",
+ "fields" : [
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-enable",
+ "text" : "enable",
+ "doc" : "是否启用该后端",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-backend",
+ "text" : "backend",
+ "doc" : "后端类型。",
+ "type" : "Enum(saml)"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-dashboard_addr",
+ "text" : "dashboard_addr",
+ "doc" : "EMQX Dashboard 的地址。",
+ "type" : "String",
+ "default" : "\"https://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-idp_metadata_url",
+ "text" : "idp_metadata_url",
+ "doc" : "身份提供商的元数据地址。",
+ "type" : "String",
+ "default" : "\"https://idp.example.com\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-sp_sign_request",
+ "text" : "sp_sign_request",
+ "doc" : "是否签署 SAML 请求。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-sp_public_key",
+ "text" : "sp_public_key",
+ "doc" : "SP 的公钥。",
+ "type" : "String",
+ "default" : "\"Pub Key\""
+ },
+ {
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml-S-saml-sp_private_key",
+ "text" : "sp_private_key",
+ "doc" : "SP 的私钥。",
+ "type" : "String"
+ }
+ ],
+ "text" : "saml",
+ "doc" : "saml"
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-sso-S-sso-saml",
+ "text" : "saml",
+ "type" : "Struct(saml)"
+ }
+ ],
+ "text" : "sso",
+ "doc" : "Dashboard 单点登录(SSO)。"
+ }
+ ],
+ "hash" : "V-dashboard-S-dashboard-sso",
+ "text" : "sso",
+ "type" : "Struct(sso)"
+ }
+ ],
+ "text" : "dashboard",
+ "doc" : "EMQX Dashboard 配置。"
+ }
+ ],
+ "hash" : "V-dashboard",
+ "text" : "dashboard",
+ "type" : "Struct(dashboard)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-heartbeat",
+ "text" : "heartbeat",
+ "doc" : "CoAP 网关要求客户端的最小心跳间隔时间。\n当 connection_required 开启后,该参数用于检查客户端连接是否存活
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-connection_required",
+ "text" : "connection_required",
+ "doc" : "是否开启连接模式。\n连接模式是非标准协议的功能。它维护 CoAP 客户端上线、认证、和连接状态的保持",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-notify_type",
+ "text" : "notify_type",
+ "doc" : "投递给 CoAP 客户端的通知消息类型。当客户端 Observe 一个资源(或订阅某个主题)时,网关会向客户端推送新产生的消息。其消息类型可设置为:
\n\n - non: 不需要客户端返回确认消息;
\n - con: 需要客户端返回一个确认消息;
\n - qos: 取决于消息的 QoS 等级; QoS 0 会以 `non` 类型下发,QoS 1/2 会以 `con` 类型下发",
+ "type" : "Enum(non,con,qos)",
+ "default" : "qos"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-subscribe_qos",
+ "text" : "subscribe_qos",
+ "doc" : "客户端订阅请求的默认 QoS 等级。\n当 CoAP 客户端发起订阅请求时,如果未携带 `qos` 参数则会使用该默认值。默认值可设置为:
\n - qos0、 qos1、qos2: 设置为固定的 QoS 等级
\n - coap: 依据订阅操作的 CoAP 报文类型来动态决定
\n * 当订阅请求为 `non-confirmable` 类型时,取值为 qos0
\n * 当订阅请求为 `confirmable` 类型时,取值为 qos1",
+ "type" : "Enum(qos0,qos1,qos2,coap)",
+ "default" : "coap"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-publish_qos",
+ "text" : "publish_qos",
+ "doc" : "客户端发布请求的默认 QoS 等级。\n当 CoAP 客户端发起发布请求时,如果未携带 `qos` 参数则会使用该默认值。默认值可设置为:
\n\n - qos0、qos1、qos2: 设置为固定的 QoS 等级
\n - coap: 依据发布操作的 CoAP 报文类型来动态决定
\n * 当发布请求为 `non-confirmable` 类型时,取值为 qos0
\n * 当发布请求为 `confirmable` 类型时,取值为 qos1",
+ "type" : "Enum(qos0,qos1,qos2,coap)",
+ "default" : "coap"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "请求的内容。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "回复的内容。",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-health_check",
+ "text" : "health_check",
+ "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "允许重用本地处于 TIME_WAIT 的端口号。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp-S-udp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "udp_listener",
+ "doc" : "Settings for UDP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-udp",
+ "text" : "udp",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(udp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "请求的内容。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "回复的内容。",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check",
+ "text" : "health_check",
+ "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "允许重用本地处于 TIME_WAIT 的端口号。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"dtlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "是否为该监听器启用 CRL 检查。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "dtls_opts",
+ "doc" : "Settings for DTLS protocol."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options",
+ "text" : "dtls_options",
+ "doc" : "DTLS Socket 配置",
+ "type" : "Struct(dtls_opts)"
+ }
+ ],
+ "text" : "dtls_listener",
+ "doc" : "Settings for DTLS listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners-S-udp_listeners-dtls",
+ "text" : "dtls",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(dtls_listener))"
+ }
+ ],
+ "text" : "udp_listeners",
+ "doc" : "Settings for the UDP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-listeners",
+ "text" : "listeners",
+ "type" : "Struct(udp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "是否开启客户端统计",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "username 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "password 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "clientid 重写模板",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap-S-coap-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo 重写。",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "coap",
+ "doc" : "The CoAP protocol gateway provides EMQX with the access capability of the CoAP protocol.\nIt allows publishing, subscribing, and receiving messages to EMQX in accordance\nwith a certain defined CoAP message format."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-coap",
+ "text" : "coap",
+ "type" : "Struct(coap)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-bind",
+ "text" : "bind",
+ "doc" : "服务监听地址和端口。",
+ "type" : "String"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options-S-ssl_server_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ssl_server_opts",
+ "doc" : "SSL configuration for the server."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server-S-exproto_grpc_server-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "服务 SSL 配置。",
+ "type" : "Struct(ssl_server_opts)"
+ }
+ ],
+ "text" : "exproto_grpc_server",
+ "doc" : "Settings for the exproto gRPC server."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-server",
+ "text" : "server",
+ "doc" : "配置 ExProto 网关需要启动的 ConnectionAdapter 服务。\n该服务用于提供客户端的认证、发布、订阅和数据下行等功能。",
+ "type" : "Struct(exproto_grpc_server)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-address",
+ "text" : "address",
+ "doc" : "对端 gRPC 服务器地址。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-service_name",
+ "text" : "service_name",
+ "doc" : "用于处理连接事件的服务名称\n在初始版本中,我们期望使用流来提高 ConnectionHandler 中请求的效率。\n但不幸的是,不同流之间的事件顺序混乱。\n这导致 OnSocketCreated 事件可能会\n在 OnReceivedBytes 之后到达。\n因此,自 v5.0.25 起,我们添加了 `ConnectionUnaryHandler` 服务,并强制在其中使用了 Unary,以避免顺序问题。",
+ "type" : "OneOf(String(\"ConnectionHandler\"),String(\"ConnectionUnaryHandler\"))",
+ "default" : "ConnectionUnaryHandler"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-enable",
+ "text" : "enable",
+ "doc" : "启用 TLS。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-middlebox_comp_mode",
+ "text" : "middlebox_comp_mode",
+ "doc" : "配置 TLS-1.3 连接的中间盒兼容模式。\n\n大量中间盒在协商 TLS-1.3 连接时表现不佳。通过将 TLS-1.3 握手调整为类似于 TLS-1.2 握手的方式,可以增加通过这些中间盒建立连接的机会。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options-S-ssl_client_opts-server_name_indication",
+ "text" : "server_name_indication",
+ "doc" : "指定要在 TLS 服务器名称指示扩展中使用的主机名。
\n例如,当连接到 \"server.example.net\" 时,接受连接并执行 TLS 握手的真正服务器可能与 TLS 客户端最初连接到的主机不同,\n例如,当连接到 IP 地址时,或者当主机具有多个可解析的 DNS 记录时
\n如果未指定,它将默认为使用的主机名字符串\n建立连接,除非使用 IP 地址
\n然后,主机名也用于对等机的主机名验证证书
\n特殊值 disable 阻止发送服务器名称指示扩展,并禁用主机名验证检查。",
+ "type" : "OneOf(String(\"disable\"),String)"
+ }
+ ],
+ "text" : "ssl_client_opts",
+ "doc" : "Socket options for SSL clients."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler-S-exproto_grpc_handler-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "gRPC 客户端的 SSL 配置。",
+ "type" : "Struct(ssl_client_opts)"
+ }
+ ],
+ "text" : "exproto_grpc_handler",
+ "doc" : "Settings for the exproto gRPC connection handler."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-handler",
+ "text" : "handler",
+ "doc" : "配置 ExProto 网关需要请求的 ConnectionHandler 服务地址。\n该服务用于给 ExProto 提供客户端的 Socket 事件处理、字节解码、订阅消息接收等功能。",
+ "type" : "Struct(exproto_grpc_handler)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp-S-tcp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "tcp_listener",
+ "doc" : "Settings for TCP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-tcp",
+ "text" : "tcp",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(tcp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "是否为该监听器启用 CRL 检查。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "listener_ssl_opts",
+ "doc" : "Socket options for SSL connections."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl-S-ssl_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL Socket 配置。",
+ "type" : "Struct(listener_ssl_opts)"
+ }
+ ],
+ "text" : "ssl_listener",
+ "doc" : "Settings for SSL listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-ssl",
+ "text" : "ssl",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(ssl_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "请求的内容。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "回复的内容。",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-health_check",
+ "text" : "health_check",
+ "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "允许重用本地处于 TIME_WAIT 的端口号。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp-S-udp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "udp_listener",
+ "doc" : "Settings for UDP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-udp",
+ "text" : "udp",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(udp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "请求的内容。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "回复的内容。",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-health_check",
+ "text" : "health_check",
+ "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "允许重用本地处于 TIME_WAIT 的端口号。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"dtlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "是否为该监听器启用 CRL 检查。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "dtls_opts",
+ "doc" : "Settings for DTLS protocol."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls-S-dtls_listener-dtls_options",
+ "text" : "dtls_options",
+ "doc" : "DTLS Socket 配置",
+ "type" : "Struct(dtls_opts)"
+ }
+ ],
+ "text" : "dtls_listener",
+ "doc" : "Settings for DTLS listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners-S-tcp_udp_listeners-dtls",
+ "text" : "dtls",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(dtls_listener))"
+ }
+ ],
+ "text" : "tcp_udp_listeners",
+ "doc" : "Settings for TCP and UDP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-listeners",
+ "text" : "listeners",
+ "type" : "Struct(tcp_udp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "是否开启客户端统计",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "username 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "password 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "clientid 重写模板",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto-S-exproto-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo 重写。",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "exproto",
+ "doc" : "Settings for EMQX extension protocol (exproto)."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-exproto",
+ "text" : "exproto",
+ "type" : "Struct(exproto)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String",
+ "default" : "\"gbt32960/${clientid}/\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "重新发送时间间隔
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"8s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-max_retry_times",
+ "text" : "max_retry_times",
+ "doc" : "最大重新发送次数",
+ "type" : "Integer(0..+inf)",
+ "default" : "3"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-message_queue_len",
+ "text" : "message_queue_len",
+ "doc" : "最大消息队列长度",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "tcp_listener",
+ "doc" : "Settings for TCP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-tcp",
+ "text" : "tcp",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(tcp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "是否为该监听器启用 CRL 检查。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "listener_ssl_opts",
+ "doc" : "Socket options for SSL connections."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL Socket 配置。",
+ "type" : "Struct(listener_ssl_opts)"
+ }
+ ],
+ "text" : "ssl_listener",
+ "doc" : "Settings for SSL listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners-S-tcp_listeners-ssl",
+ "text" : "ssl",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(ssl_listener))"
+ }
+ ],
+ "text" : "tcp_listeners",
+ "doc" : "Settings for the TCP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-listeners",
+ "text" : "listeners",
+ "type" : "Struct(tcp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "是否开启客户端统计",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "username 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "password 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "clientid 重写模板",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960-S-gbt32960-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo 重写。",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "gbt32960",
+ "doc" : "The GBT-32960 gateway"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-gbt32960",
+ "text" : "gbt32960",
+ "type" : "Struct(gbt32960)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-frame-S-jt808_frame",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-frame-S-jt808_frame-max_length",
+ "text" : "max_length",
+ "doc" : "JT/T 808 帧的最大长度。",
+ "type" : "Integer(0..+inf)",
+ "default" : "8192"
+ }
+ ],
+ "text" : "jt808_frame",
+ "doc" : "Limits for the JT/T 808 frames."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-frame",
+ "text" : "frame",
+ "type" : "Struct(jt808_frame)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true-allow_anonymous",
+ "text" : "allow_anonymous",
+ "doc" : "允许匿名访问 JT/T 808 网关。registry_url.descJT/T 808 设备注册中心 URL。authentication_url.descJT/T 808 设备身份验证中心 URL。jt808_up_topic.descJT/T 808 协议上行消息的主题。jt808_dn_topic.descJT/T 808 协议下行消息的主题。",
+ "type" : "OneOf(String(\"true\"))"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true-registry",
+ "text" : "registry",
+ "doc" : "JT/T 808 设备注册中心的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_true-authentication",
+ "text" : "authentication",
+ "doc" : "JT/T 808 设备认证中心的 URL。",
+ "type" : "String"
+ }
+ ],
+ "text" : "anonymous_true",
+ "doc" : "允许匿名访问 JT/T 808 网关。registry_url.descJT/T 808 设备注册中心 URL。authentication_url.descJT/T 808 设备身份验证中心 URL。jt808_up_topic.descJT/T 808 协议上行消息的主题。jt808_dn_topic.descJT/T 808 协议下行消息的主题。"
+ },
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false-allow_anonymous",
+ "text" : "allow_anonymous",
+ "doc" : "允许匿名访问 JT/T 808 网关。registry_url.descJT/T 808 设备注册中心 URL。authentication_url.descJT/T 808 设备身份验证中心 URL。jt808_up_topic.descJT/T 808 协议上行消息的主题。jt808_dn_topic.descJT/T 808 协议下行消息的主题。",
+ "type" : "OneOf(String(\"false\"))"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false-registry",
+ "text" : "registry",
+ "doc" : "JT/T 808 设备注册中心的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth-S-anonymous_false-authentication",
+ "text" : "authentication",
+ "doc" : "JT/T 808 设备认证中心的 URL。",
+ "type" : "String"
+ }
+ ],
+ "text" : "anonymous_false",
+ "doc" : "允许匿名访问 JT/T 808 网关。registry_url.descJT/T 808 设备注册中心 URL。authentication_url.descJT/T 808 设备身份验证中心 URL。jt808_up_topic.descJT/T 808 协议上行消息的主题。jt808_dn_topic.descJT/T 808 协议下行消息的主题。"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-auth",
+ "text" : "auth",
+ "doc" : "JT/T 808 网关的认证设置。",
+ "type" : "OneOf(Struct(anonymous_true),Struct(anonymous_false))"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-up_topic",
+ "text" : "up_topic",
+ "doc" : "JT/T 808 协议上行消息的主题。",
+ "type" : "String",
+ "default" : "\"jt808/${clientid}/${phone}/up\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-dn_topic",
+ "text" : "dn_topic",
+ "doc" : "JT/T 808 协议下行消息的主题。",
+ "type" : "String",
+ "default" : "\"jt808/${clientid}/${phone}/dn\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto-S-jt808_proto-ignore_unsupported_frames",
+ "text" : "ignore_unsupported_frames",
+ "doc" : "是否忽略不支持的 JT/T 808 数据帧。
\n- true,网关会记录不支持的帧并忽略。
\n- false,网关在收到不支持的帧时将断开客户端连接。
\n默认值为 true。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "jt808_proto",
+ "doc" : "The JT/T 808 protocol options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-proto",
+ "text" : "proto",
+ "type" : "Struct(jt808_proto)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String",
+ "default" : "\"jt808/${clientid}/\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-retry_interval",
+ "text" : "retry_interval",
+ "doc" : "重发时间间隔
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"8s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-max_retry_times",
+ "text" : "max_retry_times",
+ "doc" : "最大重发次数",
+ "type" : "Integer(0..+inf)",
+ "default" : "3"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-message_queue_len",
+ "text" : "message_queue_len",
+ "doc" : "最大消息队列长度",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "tcp_listener",
+ "doc" : "Settings for TCP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-tcp",
+ "text" : "tcp",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(tcp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "是否为该监听器启用 CRL 检查。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "listener_ssl_opts",
+ "doc" : "Socket options for SSL connections."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL Socket 配置。",
+ "type" : "Struct(listener_ssl_opts)"
+ }
+ ],
+ "text" : "ssl_listener",
+ "doc" : "Settings for SSL listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners-S-tcp_listeners-ssl",
+ "text" : "ssl",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(ssl_listener))"
+ }
+ ],
+ "text" : "tcp_listeners",
+ "doc" : "Settings for the TCP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-listeners",
+ "text" : "listeners",
+ "type" : "Struct(tcp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "是否开启客户端统计",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "username 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "password 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "clientid 重写模板",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808-S-jt808-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo 重写。",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "jt808",
+ "doc" : "The JT/T 808 protocol gateway provides EMQX with the ability to access JT/T 808 protocol devices."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-jt808",
+ "text" : "jt808",
+ "type" : "Struct(jt808)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-xml_dir",
+ "text" : "xml_dir",
+ "doc" : "LwM2M Resource 定义的 XML 文件目录路径。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-lifetime_min",
+ "text" : "lifetime_min",
+ "doc" : "允许 LwM2M 客户端允许设置的心跳最小值。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-lifetime_max",
+ "text" : "lifetime_max",
+ "doc" : "允许 LwM2M 客户端允许设置的心跳最大值。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"86400s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-qmode_time_window",
+ "text" : "qmode_time_window",
+ "doc" : "在 QMode 模式下,LwM2M 网关认为网络链接有效的时间窗口的值。\n例如,在收到客户端的更新信息后,在这个时间窗口内的任何信息都会直接发送到 LwM2M 客户端,而超过这个时间窗口的所有信息都会暂时储存在内存中。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"22s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-auto_observe",
+ "text" : "auto_observe",
+ "doc" : "自动 Observe REGISTER 数据包的 Object 列表。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-update_msg_publish_condition",
+ "text" : "update_msg_publish_condition",
+ "doc" : "发布 UPDATE 事件消息的策略。
\n - always: 只要收到 UPDATE 请求,就发送更新事件。
\n - contains_object_list: 仅当 UPDATE 请求携带 Object 列表时才发送更新事件。",
+ "type" : "Enum(always,contains_object_list)",
+ "default" : "contains_object_list"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator-topic",
+ "text" : "topic",
+ "doc" : "主题名称",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command-S-translator-qos",
+ "text" : "qos",
+ "doc" : "QoS 等级",
+ "type" : "Integer(0..2)",
+ "default" : "0"
+ }
+ ],
+ "text" : "translator",
+ "doc" : "MQTT topic that corresponds to a particular type of event."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-command",
+ "text" : "command",
+ "doc" : "下行命令主题。\n对于每个成功上线的新 LwM2M 客户端,网关会创建一个订阅关系来接收下行消息并将其发送给客户端",
+ "type" : "Struct(translator)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator-topic",
+ "text" : "topic",
+ "doc" : "主题名称",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response-S-translator-qos",
+ "text" : "qos",
+ "doc" : "QoS 等级",
+ "type" : "Integer(0..2)",
+ "default" : "0"
+ }
+ ],
+ "text" : "translator",
+ "doc" : "MQTT topic that corresponds to a particular type of event."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-response",
+ "text" : "response",
+ "doc" : "用于网关发布来自 LwM2M 客户端的确认事件的主题。",
+ "type" : "Struct(translator)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator-topic",
+ "text" : "topic",
+ "doc" : "主题名称",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify-S-translator-qos",
+ "text" : "qos",
+ "doc" : "QoS 等级",
+ "type" : "Integer(0..2)",
+ "default" : "0"
+ }
+ ],
+ "text" : "translator",
+ "doc" : "MQTT topic that corresponds to a particular type of event."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-notify",
+ "text" : "notify",
+ "doc" : "用于发布来自 LwM2M 客户端的通知事件的主题。\n在成功 Observe 到 LwM2M 客户端的资源后,如果客户端报告任何资源状态的变化,网关将通过该主题发送通知事件",
+ "type" : "Struct(translator)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator-topic",
+ "text" : "topic",
+ "doc" : "主题名称",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register-S-translator-qos",
+ "text" : "qos",
+ "doc" : "QoS 等级",
+ "type" : "Integer(0..2)",
+ "default" : "0"
+ }
+ ],
+ "text" : "translator",
+ "doc" : "MQTT topic that corresponds to a particular type of event."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-register",
+ "text" : "register",
+ "doc" : "用于发布来自 LwM2M 客户端的注册事件的主题。",
+ "type" : "Struct(translator)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator-topic",
+ "text" : "topic",
+ "doc" : "主题名称",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update-S-translator-qos",
+ "text" : "qos",
+ "doc" : "QoS 等级",
+ "type" : "Integer(0..2)",
+ "default" : "0"
+ }
+ ],
+ "text" : "translator",
+ "doc" : "MQTT topic that corresponds to a particular type of event."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators-S-lwm2m_translators-update",
+ "text" : "update",
+ "doc" : "用于发布来自 LwM2M 客户端的更新事件的主题。",
+ "type" : "Struct(translator)"
+ }
+ ],
+ "text" : "lwm2m_translators",
+ "doc" : "MQTT topics that correspond to LwM2M events."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-translators",
+ "text" : "translators",
+ "doc" : "LwM2M 网关订阅/发布消息的主题映射配置。",
+ "type" : "Struct(lwm2m_translators)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String",
+ "default" : "\"lwm2m/${endpoint_name}/\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "请求的内容。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "回复的内容。",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-health_check",
+ "text" : "health_check",
+ "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "允许重用本地处于 TIME_WAIT 的端口号。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp-S-udp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "udp_listener",
+ "doc" : "Settings for UDP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-udp",
+ "text" : "udp",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(udp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "请求的内容。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "回复的内容。",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check",
+ "text" : "health_check",
+ "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "允许重用本地处于 TIME_WAIT 的端口号。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"dtlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "是否为该监听器启用 CRL 检查。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "dtls_opts",
+ "doc" : "Settings for DTLS protocol."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options",
+ "text" : "dtls_options",
+ "doc" : "DTLS Socket 配置",
+ "type" : "Struct(dtls_opts)"
+ }
+ ],
+ "text" : "dtls_listener",
+ "doc" : "Settings for DTLS listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners-S-udp_listeners-dtls",
+ "text" : "dtls",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(dtls_listener))"
+ }
+ ],
+ "text" : "udp_listeners",
+ "doc" : "Settings for the UDP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-listeners",
+ "text" : "listeners",
+ "type" : "Struct(udp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "是否开启客户端统计",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "username 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "password 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "clientid 重写模板",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m-S-lwm2m-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo 重写。",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "lwm2m",
+ "doc" : "The LwM2M protocol gateway."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-lwm2m",
+ "text" : "lwm2m",
+ "type" : "Struct(lwm2m)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-gateway_id",
+ "text" : "gateway_id",
+ "doc" : "MQTT-SN 网关 ID。\n当 broadcast 打开时,MQTT-SN 网关会使用该 ID 来广播 ADVERTISE 消息",
+ "type" : "Integer",
+ "default" : "1"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-broadcast",
+ "text" : "broadcast",
+ "doc" : "是否周期性广播 ADVERTISE 消息",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-enable_qos3",
+ "text" : "enable_qos3",
+ "doc" : "是否允许无连接的客户端发送 QoS 等于 -1 的消息。\n该功能主要用于支持轻量的 MQTT-SN 客户端实现,它不会向网关建立连接,注册主题,也不会发起订阅;它只使用 QoS 为 -1 来发布消息",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-subs_resume",
+ "text" : "subs_resume",
+ "doc" : "在会话被重用后,网关是否主动向客户端注册对已订阅主题名称",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined-id",
+ "text" : "id",
+ "doc" : "主题 ID。范围:1-65535",
+ "type" : "Integer(1..1024)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined-S-mqttsn_predefined-topic",
+ "text" : "topic",
+ "doc" : "主题名称。注:不支持通配符",
+ "type" : "String"
+ }
+ ],
+ "text" : "mqttsn_predefined",
+ "doc" : "The pre-defined topic name corresponding to the pre-defined topic\nID of N.\n\nNote: the pre-defined topic ID of 0 is reserved."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-predefined",
+ "text" : "predefined",
+ "doc" : "预定义主题列表。\n预定义的主题列表,是一组 主题 ID 和 主题名称 的映射关系。使用预先定义的主题列表,可以减少 MQTT-SN 客户端和网关对于固定主题的注册请求",
+ "type" : "Array(Struct(mqttsn_predefined))",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "请求的内容。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "回复的内容。",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-health_check",
+ "text" : "health_check",
+ "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "允许重用本地处于 TIME_WAIT 的端口号。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp-S-udp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "udp_listener",
+ "doc" : "Settings for UDP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-udp",
+ "text" : "udp",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(udp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-request",
+ "text" : "request",
+ "doc" : "请求的内容。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check-S-udp_health_check-reply",
+ "text" : "reply",
+ "doc" : "回复的内容。",
+ "type" : "String"
+ }
+ ],
+ "text" : "udp_health_check",
+ "doc" : "UDP health check"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-health_check",
+ "text" : "health_check",
+ "doc" : "一些云平台使用“请求-回复”机制来检查 UDP 端口是否健康,这里可以配置这对内容。",
+ "type" : "Struct(udp_health_check)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为 Socket 指定 {active, N} 选项。\n参见:https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "Socket 在内核空间接收缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "Socket 在内核空间发送缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "Socket 在用户空间的缓冲区大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options-S-udp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "允许重用本地处于 TIME_WAIT 的端口号。",
+ "type" : "Boolean",
+ "default" : "true"
+ }
+ ],
+ "text" : "udp_opts",
+ "doc" : "Settings for UDP sockets."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-udp_options",
+ "text" : "udp_options",
+ "type" : "Struct(udp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"dtlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options-S-dtls_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "是否为该监听器启用 CRL 检查。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "dtls_opts",
+ "doc" : "Settings for DTLS protocol."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls-S-dtls_listener-dtls_options",
+ "text" : "dtls_options",
+ "doc" : "DTLS Socket 配置",
+ "type" : "Struct(dtls_opts)"
+ }
+ ],
+ "text" : "dtls_listener",
+ "doc" : "Settings for DTLS listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners-S-udp_listeners-dtls",
+ "text" : "dtls",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(dtls_listener))"
+ }
+ ],
+ "text" : "udp_listeners",
+ "doc" : "Settings for the UDP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-listeners",
+ "text" : "listeners",
+ "type" : "Struct(udp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "是否开启客户端统计",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "username 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "password 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "clientid 重写模板",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn-S-mqttsn-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo 重写。",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "mqttsn",
+ "doc" : "The MQTT-SN (MQTT for Sensor Networks) protocol gateway."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-mqttsn",
+ "text" : "mqttsn",
+ "type" : "Struct(mqttsn)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String",
+ "default" : "\"ocpp/\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-default_heartbeat_interval",
+ "text" : "default_heartbeat_interval",
+ "doc" : "默认的心跳时间间隔
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration(s)",
+ "default" : "\"60s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-heartbeat_checking_times_backoff",
+ "text" : "heartbeat_checking_times_backoff",
+ "doc" : "用于心跳检查次数的退避时间",
+ "type" : "Integer",
+ "default" : "1"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-topic",
+ "text" : "topic",
+ "doc" : "上传流呼叫请求消息主题。",
+ "type" : "String",
+ "default" : "\"cp/${cid}\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-topic_override_mapping",
+ "text" : "topic_override_mapping",
+ "doc" : "通过消息名称进行的上传流主题覆盖映射。",
+ "type" : "Map($name->String)",
+ "default" : "{}"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-reply_topic",
+ "text" : "reply_topic",
+ "doc" : "上传流回复消息主题。",
+ "type" : "String",
+ "default" : "\"cp/${cid}/Reply\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream-S-upstream-error_topic",
+ "text" : "error_topic",
+ "doc" : "上传流错误主题。",
+ "type" : "String",
+ "default" : "\"cp/${cid}/Reply\""
+ }
+ ],
+ "text" : "upstream",
+ "doc" : "Upload stream topic to notify third-party system what's messages/events reported by Charge Point. Available placeholders:\n- cid: Charge Point ID\n- clientid: Equal to Charge Point ID\n- action: Message Name in OCPP"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-upstream",
+ "text" : "upstream",
+ "type" : "Struct(upstream)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-dnstream-S-dnstream",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-dnstream-S-dnstream-topic",
+ "text" : "topic",
+ "doc" : "用于接收来自第三方系统的请求/控制消息的下载流主题。\n此值是每个连接的充电桩都订阅的通配符主题名称。",
+ "type" : "String",
+ "default" : "\"cs/${cid}\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-dnstream-S-dnstream-max_mqueue_len",
+ "text" : "max_mqueue_len",
+ "doc" : "下载流消息传递的最大消息队列长度。",
+ "type" : "Integer",
+ "default" : "100"
+ }
+ ],
+ "text" : "dnstream",
+ "doc" : "Download stream topic to forward the system message to device. Available placeholders:\n- cid: Charge Point ID\n- clientid: Equal to Charge Point ID\n- action: Message Name in OCPP"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-dnstream",
+ "text" : "dnstream",
+ "type" : "Struct(dnstream)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-message_format_checking",
+ "text" : "message_format_checking",
+ "doc" : "是否启用消息格式合法性检查。\nEMQX 会根据 json-schema 中定义的格式检查上传流和下载流的消息格式。\n当检查失败时,EMQX 将回复相应的答复消息。\n\n检查策略可以是以下值之一:\n- all:检查所有消息\n- upstream_only:仅检查上传流消息\n- dnstream_only:仅检查下载流消息\n- disable:不检查任何消息",
+ "type" : "OneOf(String(\"all\"),String(\"upstream_only\"),String(\"dnstream_only\"),String(\"disable\"))",
+ "default" : "disable"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-json_schema_dir",
+ "text" : "json_schema_dir",
+ "doc" : "OCPP 消息定义的 JSON Schema 目录。\n默认值:${application}/priv/schemas",
+ "type" : "String",
+ "default" : "\"${application_priv}/schemas\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-json_schema_id_prefix",
+ "text" : "json_schema_id_prefix",
+ "doc" : "OCPP 消息 Schema 的 ID 前缀。",
+ "type" : "String",
+ "default" : "\"urn:OCPP:1.6:2019:12:\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-path",
+ "text" : "path",
+ "doc" : "WebSocket 的M QTT 协议路径。因此,EMQX Broker 的 WebSocket 地址是:ws://{ip}:{port}/mqtt",
+ "type" : "String",
+ "default" : "\"/ocpp\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-piggyback",
+ "text" : "piggyback",
+ "doc" : "WebSocket 消息是否允许包含多个 MQTT 数据包。",
+ "type" : "Enum(single,multiple)",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-compress",
+ "text" : "compress",
+ "doc" : "如果设置为true,将使用zlib压缩 WebSocket 消息。
\ndeflate_opts下的配置项属于与压缩相关的参数配置。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "等待 WebSocket 升级请求的超时时间。超时后,连接将被关闭。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"7200s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-max_frame_size",
+ "text" : "max_frame_size",
+ "doc" : "单个 MQTT 数据包的最大长度。",
+ "type" : "OneOf(String(\"infinity\"),Integer)",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-fail_if_no_subprotocol",
+ "text" : "fail_if_no_subprotocol",
+ "doc" : "如果设置为true,当客户端不携带Sec-WebSocket-Protocol字段时,服务器将返回错误。\n
注意:小程序需要禁用此验证。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-supported_subprotocols",
+ "text" : "supported_subprotocols",
+ "doc" : "逗号分隔的支持的子协议列表。",
+ "type" : "String",
+ "default" : "\"ocpp1.6, ocpp2.0\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-check_origin_enable",
+ "text" : "check_origin_enable",
+ "doc" : "如果设置为true,将验证origin HTTP 请求头是否在check_origins参数中配置的允许来源列表中。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-allow_origin_absence",
+ "text" : "allow_origin_absence",
+ "doc" : "如果设置为false,且check_origin_enable为true,服务器将拒绝没有origin HTTP 请求头的请求。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-check_origins",
+ "text" : "check_origins",
+ "doc" : "允许来源的列表。
参见check_origin_enable。",
+ "type" : "String",
+ "default" : "\"http://localhost:18083, http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-proxy_address_header",
+ "text" : "proxy_address_header",
+ "doc" : "用于传递客户端 IP 地址信息的 HTTP 请求头。\n当 EMQX 集群部署在负载均衡器后面时相关。",
+ "type" : "String",
+ "default" : "\"x-forwarded-for\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-proxy_port_header",
+ "text" : "proxy_port_header",
+ "doc" : "用于传递客户端端口信息的 HTTP 请求头。\n当 EMQX 集群部署在负载均衡器后面时相关。",
+ "type" : "String",
+ "default" : "\"x-forwarded-port\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-level",
+ "text" : "level",
+ "doc" : "压缩级别",
+ "type" : "Enum(none,default,best_compression,best_speed)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-mem_level",
+ "text" : "mem_level",
+ "doc" : "指定压缩状态的大小
\n较低的值会减少每个连接的内存使用。",
+ "type" : "Integer(1..9)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-strategy",
+ "text" : "strategy",
+ "doc" : "指定压缩策略。",
+ "type" : "Enum(default,filtered,huffman_only,rle)",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_context_takeover",
+ "text" : "server_context_takeover",
+ "doc" : "接管意味着在服务器消息之间保留压缩状态。",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_context_takeover",
+ "text" : "client_context_takeover",
+ "doc" : "接管意味着在客户端消息之间保留压缩状态。",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_max_window_bits",
+ "text" : "server_max_window_bits",
+ "doc" : "指定服务器压缩上下文的大小。",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_max_window_bits",
+ "text" : "client_max_window_bits",
+ "doc" : "指定客户端压缩上下文的大小。",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ }
+ ],
+ "text" : "deflate_opts",
+ "doc" : "Compression options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts",
+ "text" : "deflate_opts",
+ "type" : "Struct(deflate_opts)"
+ }
+ ],
+ "text" : "websocket",
+ "doc" : "Websocket options"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws-S-ws_listener-websocket",
+ "text" : "websocket",
+ "type" : "Struct(websocket)"
+ }
+ ],
+ "text" : "ws_listener",
+ "doc" : "Websocket listener"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-ws",
+ "text" : "ws",
+ "doc" : "WebSocket 监听器。",
+ "type" : "Map($name->Struct(ws_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "listener_wss_opts",
+ "doc" : "Socket options for WebSocket/SSL connections."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL Socket 配置。",
+ "type" : "Struct(listener_wss_opts)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-path",
+ "text" : "path",
+ "doc" : "WebSocket 的M QTT 协议路径。因此,EMQX Broker 的 WebSocket 地址是:ws://{ip}:{port}/mqtt",
+ "type" : "String",
+ "default" : "\"/ocpp\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-piggyback",
+ "text" : "piggyback",
+ "doc" : "WebSocket 消息是否允许包含多个 MQTT 数据包。",
+ "type" : "Enum(single,multiple)",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-compress",
+ "text" : "compress",
+ "doc" : "如果设置为true,将使用zlib压缩 WebSocket 消息。
\ndeflate_opts下的配置项属于与压缩相关的参数配置。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "等待 WebSocket 升级请求的超时时间。超时后,连接将被关闭。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"7200s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-max_frame_size",
+ "text" : "max_frame_size",
+ "doc" : "单个 MQTT 数据包的最大长度。",
+ "type" : "OneOf(String(\"infinity\"),Integer)",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-fail_if_no_subprotocol",
+ "text" : "fail_if_no_subprotocol",
+ "doc" : "如果设置为true,当客户端不携带Sec-WebSocket-Protocol字段时,服务器将返回错误。\n
注意:小程序需要禁用此验证。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-supported_subprotocols",
+ "text" : "supported_subprotocols",
+ "doc" : "逗号分隔的支持的子协议列表。",
+ "type" : "String",
+ "default" : "\"ocpp1.6, ocpp2.0\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-check_origin_enable",
+ "text" : "check_origin_enable",
+ "doc" : "如果设置为true,将验证origin HTTP 请求头是否在check_origins参数中配置的允许来源列表中。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-allow_origin_absence",
+ "text" : "allow_origin_absence",
+ "doc" : "如果设置为false,且check_origin_enable为true,服务器将拒绝没有origin HTTP 请求头的请求。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-check_origins",
+ "text" : "check_origins",
+ "doc" : "允许来源的列表。
参见check_origin_enable。",
+ "type" : "String",
+ "default" : "\"http://localhost:18083, http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-proxy_address_header",
+ "text" : "proxy_address_header",
+ "doc" : "用于传递客户端 IP 地址信息的 HTTP 请求头。\n当 EMQX 集群部署在负载均衡器后面时相关。",
+ "type" : "String",
+ "default" : "\"x-forwarded-for\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-proxy_port_header",
+ "text" : "proxy_port_header",
+ "doc" : "用于传递客户端端口信息的 HTTP 请求头。\n当 EMQX 集群部署在负载均衡器后面时相关。",
+ "type" : "String",
+ "default" : "\"x-forwarded-port\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-level",
+ "text" : "level",
+ "doc" : "压缩级别",
+ "type" : "Enum(none,default,best_compression,best_speed)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-mem_level",
+ "text" : "mem_level",
+ "doc" : "指定压缩状态的大小
\n较低的值会减少每个连接的内存使用。",
+ "type" : "Integer(1..9)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-strategy",
+ "text" : "strategy",
+ "doc" : "指定压缩策略。",
+ "type" : "Enum(default,filtered,huffman_only,rle)",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_context_takeover",
+ "text" : "server_context_takeover",
+ "doc" : "接管意味着在服务器消息之间保留压缩状态。",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_context_takeover",
+ "text" : "client_context_takeover",
+ "doc" : "接管意味着在客户端消息之间保留压缩状态。",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_max_window_bits",
+ "text" : "server_max_window_bits",
+ "doc" : "指定服务器压缩上下文的大小。",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_max_window_bits",
+ "text" : "client_max_window_bits",
+ "doc" : "指定客户端压缩上下文的大小。",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ }
+ ],
+ "text" : "deflate_opts",
+ "doc" : "Compression options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts",
+ "text" : "deflate_opts",
+ "type" : "Struct(deflate_opts)"
+ }
+ ],
+ "text" : "websocket",
+ "doc" : "Websocket options"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss-S-wss_listener-websocket",
+ "text" : "websocket",
+ "type" : "Struct(websocket)"
+ }
+ ],
+ "text" : "wss_listener",
+ "doc" : "Websocket over TLS listener"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners-S-ws_listeners-wss",
+ "text" : "wss",
+ "doc" : "WebSocket over TLS 监听器。",
+ "type" : "Map($name->Struct(wss_listener))"
+ }
+ ],
+ "text" : "ws_listeners",
+ "doc" : "Websocket listeners"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-listeners",
+ "text" : "listeners",
+ "type" : "Struct(ws_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "是否开启客户端统计",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "username 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "password 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "clientid 重写模板",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp-S-ocpp-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo 重写。",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "ocpp",
+ "doc" : "The OCPP gateway"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-ocpp",
+ "text" : "ocpp",
+ "type" : "Struct(ocpp)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_headers",
+ "text" : "max_headers",
+ "doc" : "头部的最大数量",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_headers_length",
+ "text" : "max_headers_length",
+ "doc" : "允许的 Header 字符串的最大长度",
+ "type" : "Integer(0..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame-S-stomp_frame-max_body_length",
+ "text" : "max_body_length",
+ "doc" : "每个 Stomp 数据包允许的 Body 的最大字节数",
+ "type" : "Integer",
+ "default" : "65536"
+ }
+ ],
+ "text" : "stomp_frame",
+ "doc" : "Size limits for the STOMP frames."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-frame",
+ "text" : "frame",
+ "type" : "Struct(stomp_frame)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp-S-tcp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "tcp_listener",
+ "doc" : "Settings for TCP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-tcp",
+ "text" : "tcp",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(tcp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-gc_after_handshake",
+ "text" : "gc_after_handshake",
+ "doc" : "内存使用调优。如果启用,将在 TLS/SSL 握手完成后立即执行垃圾回收。TLS/SSL 握手建立后立即进行 GC。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-enable_ocsp_stapling",
+ "text" : "enable_ocsp_stapling",
+ "doc" : "是否为监听器启用 OCSP Stapling 功能。 如果设置为 true,需要定义 OCSP Responder 的 URL 和证书签发者的 PEM 文件路径。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-responder_url",
+ "text" : "responder_url",
+ "doc" : "用于检查服务器证书的 OCSP Responder 的 URL。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-issuer_pem",
+ "text" : "issuer_pem",
+ "doc" : "服务器证书的 OCSP 签发者的 PEM 编码证书。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_interval",
+ "text" : "refresh_interval",
+ "doc" : "为服务器刷新 OCSP 响应的周期。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5m\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp-S-ocsp-refresh_http_timeout",
+ "text" : "refresh_http_timeout",
+ "doc" : "检查 OCSP 响应时,HTTP 请求的超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "ocsp",
+ "doc" : "Per listener OCSP Stapling configuration."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-ocsp",
+ "text" : "ocsp",
+ "type" : "Struct(ocsp)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options-S-listener_ssl_opts-enable_crl_check",
+ "text" : "enable_crl_check",
+ "doc" : "是否为该监听器启用 CRL 检查。",
+ "type" : "Boolean",
+ "default" : "false"
+ }
+ ],
+ "text" : "listener_ssl_opts",
+ "doc" : "Socket options for SSL connections."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl-S-ssl_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL Socket 配置。",
+ "type" : "Struct(listener_ssl_opts)"
+ }
+ ],
+ "text" : "ssl_listener",
+ "doc" : "Settings for SSL listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners-S-tcp_listeners-ssl",
+ "text" : "ssl",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(ssl_listener))"
+ }
+ ],
+ "text" : "tcp_listeners",
+ "doc" : "Settings for the TCP listeners."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-listeners",
+ "text" : "listeners",
+ "type" : "Struct(tcp_listeners)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-enable_stats",
+ "text" : "enable_stats",
+ "doc" : "是否开启客户端统计",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "客户端连接过程的空闲时间。该配置用于:\n 1. 一个新创建的客户端进程如果在该时间间隔内没有收到任何客户端请求,将被直接关闭。\n 2. 一个正在运行的客户进程如果在这段时间后没有收到任何客户请求,将进入休眠状态以节省资源。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-username",
+ "text" : "username",
+ "doc" : "username 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-password",
+ "text" : "password",
+ "doc" : "password 重写模板",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override-S-clientinfo_override-clientid",
+ "text" : "clientid",
+ "doc" : "clientid 重写模板",
+ "type" : "String"
+ }
+ ],
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo override."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp-S-stomp-clientinfo_override",
+ "text" : "clientinfo_override",
+ "doc" : "ClientInfo 重写。",
+ "type" : "Struct(clientinfo_override)"
+ }
+ ],
+ "text" : "stomp",
+ "doc" : "The STOMP protocol gateway provides EMQX with the ability to access STOMP\n(Simple (or Streaming) Text Orientated Messaging Protocol) protocol."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-stomp",
+ "text" : "stomp",
+ "type" : "Struct(stomp)"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-server_id",
+ "text" : "server_id",
+ "doc" : "服务器 ID。",
+ "type" : "String",
+ "default" : "emqx_nats_gateway"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-server_name",
+ "text" : "server_name",
+ "doc" : "服务器名称。",
+ "type" : "String",
+ "default" : "emqx_nats_gateway"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-default_heartbeat_interval",
+ "text" : "default_heartbeat_interval",
+ "doc" : "服务器到客户端 PING 消息的默认心跳间隔。默认:30。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"30s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-heartbeat_wait_timeout",
+ "text" : "heartbeat_wait_timeout",
+ "doc" : "心跳超时阈值。如果在此期间未收到心跳响应,服务器将标记客户端为离线。默认:5s。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-protocol-S-protocol",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-protocol-S-protocol-max_payload_size",
+ "text" : "max_payload_size",
+ "doc" : "每个 NATS PUB/HPUB 消息允许的最大 Payload 字节数。",
+ "type" : "Integer(0..+inf)",
+ "default" : "1048576"
+ }
+ ],
+ "text" : "protocol",
+ "doc" : "NATS 服务器协议的一组设置。"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-protocol",
+ "text" : "protocol",
+ "type" : "Struct(protocol)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-path",
+ "text" : "path",
+ "doc" : "WebSocket 的M QTT 协议路径。因此,EMQX Broker 的 WebSocket 地址是:ws://{ip}:{port}/mqtt",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-piggyback",
+ "text" : "piggyback",
+ "doc" : "WebSocket 消息是否允许包含多个 MQTT 数据包。",
+ "type" : "Enum(single,multiple)",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-compress",
+ "text" : "compress",
+ "doc" : "如果设置为true,将使用zlib压缩 WebSocket 消息。
\ndeflate_opts下的配置项属于与压缩相关的参数配置。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "等待 WebSocket 升级请求的超时时间。超时后,连接将被关闭。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"7200s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-max_frame_size",
+ "text" : "max_frame_size",
+ "doc" : "单个 MQTT 数据包的最大长度。",
+ "type" : "OneOf(String(\"infinity\"),Integer)",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-fail_if_no_subprotocol",
+ "text" : "fail_if_no_subprotocol",
+ "doc" : "如果设置为true,当客户端不携带Sec-WebSocket-Protocol字段时,服务器将返回错误。\n
注意:小程序需要禁用此验证。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-supported_subprotocols",
+ "text" : "supported_subprotocols",
+ "doc" : "逗号分隔的支持的子协议列表。",
+ "type" : "String",
+ "default" : "\"NATS/1.0, NATS\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-check_origin_enable",
+ "text" : "check_origin_enable",
+ "doc" : "如果设置为true,将验证origin HTTP 请求头是否在check_origins参数中配置的允许来源列表中。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-allow_origin_absence",
+ "text" : "allow_origin_absence",
+ "doc" : "如果设置为false,且check_origin_enable为true,服务器将拒绝没有origin HTTP 请求头的请求。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-check_origins",
+ "text" : "check_origins",
+ "doc" : "允许来源的列表。
参见check_origin_enable。",
+ "type" : "String",
+ "default" : "\"http://localhost:18083, http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-proxy_address_header",
+ "text" : "proxy_address_header",
+ "doc" : "用于传递客户端 IP 地址信息的 HTTP 请求头。\n当 EMQX 集群部署在负载均衡器后面时相关。",
+ "type" : "String",
+ "default" : "\"x-forwarded-for\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-proxy_port_header",
+ "text" : "proxy_port_header",
+ "doc" : "用于传递客户端端口信息的 HTTP 请求头。\n当 EMQX 集群部署在负载均衡器后面时相关。",
+ "type" : "String",
+ "default" : "\"x-forwarded-port\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-level",
+ "text" : "level",
+ "doc" : "压缩级别",
+ "type" : "Enum(none,default,best_compression,best_speed)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-mem_level",
+ "text" : "mem_level",
+ "doc" : "指定压缩状态的大小
\n较低的值会减少每个连接的内存使用。",
+ "type" : "Integer(1..9)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-strategy",
+ "text" : "strategy",
+ "doc" : "指定压缩策略。",
+ "type" : "Enum(default,filtered,huffman_only,rle)",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_context_takeover",
+ "text" : "server_context_takeover",
+ "doc" : "接管意味着在服务器消息之间保留压缩状态。",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_context_takeover",
+ "text" : "client_context_takeover",
+ "doc" : "接管意味着在客户端消息之间保留压缩状态。",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_max_window_bits",
+ "text" : "server_max_window_bits",
+ "doc" : "指定服务器压缩上下文的大小。",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_max_window_bits",
+ "text" : "client_max_window_bits",
+ "doc" : "指定客户端压缩上下文的大小。",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ }
+ ],
+ "text" : "deflate_opts",
+ "doc" : "Compression options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket-S-websocket-deflate_opts",
+ "text" : "deflate_opts",
+ "type" : "Struct(deflate_opts)"
+ }
+ ],
+ "text" : "websocket",
+ "doc" : "Websocket 选项。"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-websocket",
+ "text" : "websocket",
+ "type" : "Struct(websocket)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws-S-ws_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "ws_listener",
+ "doc" : "Websocket 监听器。"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ws",
+ "text" : "ws",
+ "doc" : "Websocket 监听器。",
+ "type" : "Map($name->Struct(ws_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener",
+ "fields" : [
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-path",
+ "text" : "path",
+ "doc" : "WebSocket 的M QTT 协议路径。因此,EMQX Broker 的 WebSocket 地址是:ws://{ip}:{port}/mqtt",
+ "type" : "String",
+ "default" : "\"\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-piggyback",
+ "text" : "piggyback",
+ "doc" : "WebSocket 消息是否允许包含多个 MQTT 数据包。",
+ "type" : "Enum(single,multiple)",
+ "default" : "single"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-compress",
+ "text" : "compress",
+ "doc" : "如果设置为true,将使用zlib压缩 WebSocket 消息。
\ndeflate_opts下的配置项属于与压缩相关的参数配置。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-idle_timeout",
+ "text" : "idle_timeout",
+ "doc" : "等待 WebSocket 升级请求的超时时间。超时后,连接将被关闭。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"7200s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-max_frame_size",
+ "text" : "max_frame_size",
+ "doc" : "单个 MQTT 数据包的最大长度。",
+ "type" : "OneOf(String(\"infinity\"),Integer)",
+ "default" : "infinity"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-fail_if_no_subprotocol",
+ "text" : "fail_if_no_subprotocol",
+ "doc" : "如果设置为true,当客户端不携带Sec-WebSocket-Protocol字段时,服务器将返回错误。\n
注意:小程序需要禁用此验证。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-supported_subprotocols",
+ "text" : "supported_subprotocols",
+ "doc" : "逗号分隔的支持的子协议列表。",
+ "type" : "String",
+ "default" : "\"NATS/1.0, NATS\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-check_origin_enable",
+ "text" : "check_origin_enable",
+ "doc" : "如果设置为true,将验证origin HTTP 请求头是否在check_origins参数中配置的允许来源列表中。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-allow_origin_absence",
+ "text" : "allow_origin_absence",
+ "doc" : "如果设置为false,且check_origin_enable为true,服务器将拒绝没有origin HTTP 请求头的请求。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-check_origins",
+ "text" : "check_origins",
+ "doc" : "允许来源的列表。
参见check_origin_enable。",
+ "type" : "String",
+ "default" : "\"http://localhost:18083, http://127.0.0.1:18083\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-proxy_address_header",
+ "text" : "proxy_address_header",
+ "doc" : "用于传递客户端 IP 地址信息的 HTTP 请求头。\n当 EMQX 集群部署在负载均衡器后面时相关。",
+ "type" : "String",
+ "default" : "\"x-forwarded-for\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-proxy_port_header",
+ "text" : "proxy_port_header",
+ "doc" : "用于传递客户端端口信息的 HTTP 请求头。\n当 EMQX 集群部署在负载均衡器后面时相关。",
+ "type" : "String",
+ "default" : "\"x-forwarded-port\""
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-level",
+ "text" : "level",
+ "doc" : "压缩级别",
+ "type" : "Enum(none,default,best_compression,best_speed)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-mem_level",
+ "text" : "mem_level",
+ "doc" : "指定压缩状态的大小
\n较低的值会减少每个连接的内存使用。",
+ "type" : "Integer(1..9)",
+ "default" : "8"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-strategy",
+ "text" : "strategy",
+ "doc" : "指定压缩策略。",
+ "type" : "Enum(default,filtered,huffman_only,rle)",
+ "default" : "default"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_context_takeover",
+ "text" : "server_context_takeover",
+ "doc" : "接管意味着在服务器消息之间保留压缩状态。",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_context_takeover",
+ "text" : "client_context_takeover",
+ "doc" : "接管意味着在客户端消息之间保留压缩状态。",
+ "type" : "Enum(takeover,no_takeover)",
+ "default" : "takeover"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-server_max_window_bits",
+ "text" : "server_max_window_bits",
+ "doc" : "指定服务器压缩上下文的大小。",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts-S-deflate_opts-client_max_window_bits",
+ "text" : "client_max_window_bits",
+ "doc" : "指定客户端压缩上下文的大小。",
+ "type" : "Integer(8..15)",
+ "default" : "15"
+ }
+ ],
+ "text" : "deflate_opts",
+ "doc" : "Compression options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket-S-websocket-deflate_opts",
+ "text" : "deflate_opts",
+ "type" : "Struct(deflate_opts)"
+ }
+ ],
+ "text" : "websocket",
+ "doc" : "Websocket 选项。"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-websocket",
+ "text" : "websocket",
+ "type" : "Struct(websocket)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-cacertfile",
+ "text" : "cacertfile",
+ "doc" : "受信任的 PEM 格式 CA 证书捆绑文件
\n此文件中的证书用于验证 TLS 对等方的证书。\n如果要信任新 CA,请将新证书附加到文件中。\n无需重启 EMQX 即可加载更新的文件,因为系统会定期检查文件是否已更新(并重新加载)
\n注意:从文件中失效(删除)证书不会影响已建立的连接。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cacert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-cacerts",
+ "text" : "cacerts",
+ "doc" : "Deprecated since 5.1.4.",
+ "type" : "Boolean"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-certfile",
+ "text" : "certfile",
+ "doc" : "PEM 格式证书链文件
\n此文件中的证书应与证书颁发链的顺序相反。也就是说,主机的证书应该放在文件的开头,\n然后是直接颁发者 CA 证书,依此类推,一直到根 CA 证书。\n根 CA 证书是可选的,如果想要添加,应加到文件到最末端。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/cert.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-keyfile",
+ "text" : "keyfile",
+ "doc" : "PEM 格式的私钥文件。",
+ "type" : "String",
+ "default" : "\"${EMQX_ETC_DIR}/certs/key.pem\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-verify",
+ "text" : "verify",
+ "doc" : "启用或禁用对等验证。",
+ "type" : "Enum(verify_peer,verify_none)",
+ "default" : "verify_none"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-reuse_sessions",
+ "text" : "reuse_sessions",
+ "doc" : "启用 TLS 会话重用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-depth",
+ "text" : "depth",
+ "doc" : "在有效的证书路径中,可以跟随对等证书的非自颁发中间证书的最大数量。\n因此,如果深度为 0,则对等方必须由受信任的根 CA 直接签名;
\n如果是 1,路径可以是 PEER、中间 CA、ROOT-CA;
\n如果是 2,则路径可以是 PEER、中间 CA1、中间 CA2、ROOT-CA。",
+ "type" : "Integer(0..+inf)",
+ "default" : "10"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-password",
+ "text" : "password",
+ "doc" : "包含用户密码的字符串。仅在私钥文件受密码保护时使用。
包含一些敏感信息的字符串,例如密码。当密钥以 file:// 开头时,字符串的其余部分将被解释为包含密钥本身的文件路径:文件的整个内容(除了任何尾随的空白字符)都被视为密钥值。注意:在集群中,所有 EMQX 节点在使用 file:// 密钥之前应该具有相同的文件。",
+ "type" : "Secret"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-versions",
+ "text" : "versions",
+ "doc" : "支持所有 TLS/DTLS 版本
\n注:PSK 的 Ciphers 无法在 tlsv1.3 中使用,如果打算使用 PSK 密码套件,请确保这里配置为 [\"tlsv1.2\",\"tlsv1.1\"]。",
+ "type" : "Array(String)",
+ "default" : "[\"tlsv1.3\", \"tlsv1.2\"]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-ciphers",
+ "text" : "ciphers",
+ "doc" : "此配置保存由逗号分隔的 TLS 密码套件名称,或作为字符串数组。例如\n\"TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256\"或\n[\"TLS_AES_256_GCM_SHA384\",\"TLS_AES_128_GCM_SHA256\"]。\n
\n密码(及其顺序)定义了客户端和服务器通过网络连接加密信息的方式。\n选择一个好的密码套件对于应用程序的数据安全性、机密性和性能至关重要。\n\n名称应为 OpenSSL 字符串格式(而不是 RFC 格式)。\nEMQX 配置文档提供的所有默认值和示例都是 OpenSSL 格式
\n注意:某些密码套件仅与特定的 TLS 版本兼容('tlsv1.1'、'tlsv1.2'或'tlsv1.3')。\n不兼容的密码套件将被自动删除。\n\n例如,如果只有 versions 仅配置为 tlsv1.3。为其他版本配置密码套件将无效。\n\n
\n注:PSK 的 Ciphers 不支持 tlsv1.3
\n如果打算使用 PSK 密码套件, tlsv1.3 应在ssl.versions中禁用。\n\n
\nPSK 密码套件:\n\"RSA-PSK-AES256-GCM-SHA384,RSA-PSK-AES256-CBC-SHA384,\nRSA-PSK-AES128-GCM-SHA256,RSA-PSK-AES128-CBC-SHA256,\nRSA-PSK-AES256-CBC-SHA,RSA-PSK-AES128-CBC-SHA,\nRSA-PSK-DES-CBC3-SHA,RSA-PSK-RC4-SHA\"",
+ "type" : "Array(String)",
+ "default" : "[]"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-secure_renegotiate",
+ "text" : "secure_renegotiate",
+ "doc" : "SSL 参数重新协商是一种允许客户端和服务器动态重新协商 SSL 连接参数的功能。\nRFC 5746 定义了一种更安全的方法。通过启用安全的重新协商,您就失去了对不安全的重新协商的支持,从而容易受到 MitM 攻击。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-log_level",
+ "text" : "log_level",
+ "doc" : "SSL 握手的日志级别。默认值是 'notice',可以设置为 'debug' 用来调查 SSL 握手的问题。",
+ "type" : "Enum(emergency,alert,critical,error,warning,notice,info,debug,none,all)",
+ "default" : "notice"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-hibernate_after",
+ "text" : "hibernate_after",
+ "doc" : "指定 SSL 进程在空闲后休眠的时间,从而减少其内存占用。\n\n当有新消息到达时,休眠的进程将被唤醒。\n过于频繁地休眠和唤醒可能会导致 CPU 使用率增加,因为这两个操作都会对进程进行垃圾回收。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"5s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-partial_chain",
+ "text" : "partial_chain",
+ "doc" : "启用或禁用使用 partial_chain 的对等验证。\n在 x509 路径验证过程中,本地验证对等证书时,它会构建一个从对等证书开始到信任锚结束的证书链。\n默认情况下,如果设置为 `false`,信任锚是根 CA,证书链必须完整。\n但是,如果设置为 `true` 或 `cacert_from_cacertfile`,则 `cacertfile` 中的最后一个证书将用作信任锚证书(中间 CA)。这在路径验证中创建了一个部分链。\n或者,如果配置为 `two_cacerts_from_cacertfile`,则 `cacertfile` 中的最后两个证书之一将用作信任锚证书,形成部分链。此选项特别适用于中间 CA 证书轮换。\n但是,请注意,这会产生一些额外的开销,因此应仅用于证书轮换目的。",
+ "type" : "Enum(true,false,two_cacerts_from_cacertfile,cacert_from_cacertfile)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-verify_peer_ext_key_usage",
+ "text" : "verify_peer_ext_key_usage",
+ "doc" : "验证对等证书中的扩展密钥用法\n为了额外的对等证书验证,这里定义的值必须出现在对等证书的 '扩展密钥用法' 中,\n如 [rfc5280](https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.12) 中定义。\n\n允许的值有\n- `clientAuth`\n- `serverAuth`\n- `codeSigning`\n- `emailProtection`\n- `timeStamping`\n- `ocspSigning`\n- 原始 OID,例如:\"OID:1.3.6.1.5.5.7.3.2\" 表示 `id-pk 2`,相当于 `clientAuth`\n\n也支持用逗号分隔的字符串来验证多个密钥用法。\n\n例如,`\"serverAuth,OID:1.3.6.1.5.5.7.3.2\"`",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-dhfile",
+ "text" : "dhfile",
+ "doc" : "如果协商使用 Diffie-Hellman 密钥交换的密码套件,则服务器将使用包含 PEM 编码的 Diffie-Hellman 参数的文件的路径。如果未指定,则使用默认参数。
\n注意:TLS 1.3 不支持dhfile选项。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-fail_if_no_peer_cert",
+ "text" : "fail_if_no_peer_cert",
+ "doc" : "TLS/DTLS 服务器与 {verify,verify_peer} 一起使用。\n如果设置为 true,则如果客户端没有要发送的证书,即发送空证书,服务器将失败。\n如果设置为 false,则仅当客户端发送无效证书(空证书被视为有效证书)时才会失败。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-honor_cipher_order",
+ "text" : "honor_cipher_order",
+ "doc" : "一个重要的安全设置,它强制根据服务器指定的顺序而不是客户机指定的顺序设置密码,从而强制服务器管理员执行(通常配置得更正确)安全顺序。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-client_renegotiation",
+ "text" : "client_renegotiation",
+ "doc" : "在支持客户机发起的重新协商的协议中,这种操作的资源成本对于服务器来说高于客户机。\n这可能会成为拒绝服务攻击的载体。\nSSL 应用程序已经采取措施来反击此类尝试,但通过将此选项设置为 false,可以严格禁用客户端发起的重新协商。\n默认值为 true。请注意,由于基础密码套件可以加密的消息数量有限,禁用重新协商可能会导致长期连接变得不可用。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options-S-listener_wss_opts-handshake_timeout",
+ "text" : "handshake_timeout",
+ "doc" : "握手完成所允许的最长时间
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ }
+ ],
+ "text" : "listener_wss_opts",
+ "doc" : "Socket options for WebSocket/SSL connections."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss-S-wss_listener-ssl_options",
+ "text" : "ssl_options",
+ "doc" : "SSL Socket 配置。",
+ "type" : "Struct(listener_wss_opts)"
+ }
+ ],
+ "text" : "wss_listener",
+ "doc" : "Websocket over TLS 监听器。"
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-wss",
+ "text" : "wss",
+ "doc" : "Websocket over TLS 监听器。",
+ "type" : "Map($name->Struct(wss_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp-S-tcp_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny | | all。\n\n例如:\n\n[\"deny 192.168.1.1\", \"allow 192.168.1.0/24\", \"deny all\"]",
+ "type" : "Array(String)",
+ "default" : "[]"
+ }
+ ],
+ "text" : "tcp_listener",
+ "doc" : "Settings for TCP listener."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-tcp",
+ "text" : "tcp",
+ "doc" : "从监听器名称到配置参数的映射。",
+ "type" : "Map($name->Struct(tcp_listener))"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-acceptors",
+ "text" : "acceptors",
+ "doc" : "Acceptor 进程池大小。",
+ "type" : "Integer",
+ "default" : "16"
+ },
+ {
+ "refs" : [
+ {
+ "hash" : "T-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts",
+ "fields" : [
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-active_n",
+ "text" : "active_n",
+ "doc" : "为此套接字指定{active,N}选项
\nSee: https://erlang.org/doc/man/inet.html#setopts-2",
+ "type" : "Integer(0..+inf)",
+ "default" : "100"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-backlog",
+ "text" : "backlog",
+ "doc" : "TCP backlog 定义了挂起连接队列可以增长到的最大长度。",
+ "type" : "Integer(1..+inf)",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout",
+ "text" : "send_timeout",
+ "doc" : "连接的 TCP 发送超时。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"15s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-send_timeout_close",
+ "text" : "send_timeout_close",
+ "doc" : "如果发送超时,则关闭连接。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-recbuf",
+ "text" : "recbuf",
+ "doc" : "连接的 TCP 接收缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-sndbuf",
+ "text" : "sndbuf",
+ "doc" : "连接的 TCP 发送缓冲区(OS 内核)。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-buffer",
+ "text" : "buffer",
+ "doc" : "驱动程序使用的用户空间缓冲区的大小。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"4KB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-high_watermark",
+ "text" : "high_watermark",
+ "doc" : "当 VM 套接字实现内部排队的数据量达到此限制时,套接字将设置为忙碌状态。
表示字节数量的字符串,例如:10B、640kb、4MB、1GB。单位采用二进制标准,即 1MB 等于 1024KB。单位不区分大小写,例如 1kb 等于 1KB。",
+ "type" : "Bytesize",
+ "default" : "\"1MB\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nodelay",
+ "text" : "nodelay",
+ "doc" : "连接的 `TCP_NODELAY` 标志。\n当设置为 `true` 时,无论数据大小,都会立即发送数据。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-nolinger",
+ "text" : "nolinger",
+ "doc" : "启用时,`SO_LINGER` 标志设置为 `(onoff=1, linger=0)`,这意味着 TCP socket 将立即关闭,发送 TCP-RST 包,丢弃任何未发送的数据,并跳过正常关闭步骤,包括 CLOSE_WAIT、FIN_WAIT 和 TIME_WAIT。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-reuseaddr",
+ "text" : "reuseaddr",
+ "doc" : "连接的 SO_REUSEADDR 标识。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options-S-tcp_opts-keepalive",
+ "text" : "keepalive",
+ "doc" : "为通过 TCP 或 SSL 建立的 MQTT 连接启用 TCP keepalive。\n使用三个逗号分隔的数字(单位:秒)进行配置: 'Idle,Interval,Probes'\n - Idle: 在服务器开始发送 keepalive 探测包之前,连接需要处于空闲状态的秒数(Linux 默认为 7200 秒)。\n - Interval: 每次发送 TCP keepalive 探测包之间的间隔时间(Linux 默认 75 秒)。\n - Probes: 在未收到响应的情况下,最多发送多少次探测包后放弃并关闭连接(Linux 默认 9 次)。\n例如 \"240,30,5\" 表示:在连接空闲 240 秒后发送 TCP keepalive 探测,每隔 30 秒发送一次,直到收到响应,如果连续丢失 5 个响应,连接应该被关闭。\n默认值为:'none',设置为 'none' 时将使用操作系统的默认 keepalive 设置(仍然启用,并非禁用)。",
+ "type" : "String",
+ "default" : "none"
+ }
+ ],
+ "text" : "tcp_opts",
+ "doc" : "TCP listener options."
+ }
+ ],
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-tcp_options",
+ "text" : "tcp_options",
+ "doc" : "TCP Socket 配置。",
+ "type" : "Struct(tcp_opts)"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-proxy_protocol",
+ "text" : "proxy_protocol",
+ "doc" : "如果为 EMQX 部署了反向代理,并且在代理上启用了 PROXY 协议以传递客户端的真实 IP,\n则需要开启此选项,以便 EMQX 能够从 PROXY 协议头中提取客户端的真实 IP。\nEMQX 将自动检测 PROXY 协议的版本,并支持 V1 和 V2。\n\n有关 PROXY 协议的详细描述,请参考:https://www.haproxy.com/blog/haproxy/proxy-protocol/。",
+ "type" : "Boolean",
+ "default" : "false"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-proxy_protocol_timeout",
+ "text" : "proxy_protocol_timeout",
+ "doc" : "接收 Proxy Protocol 报文头的超时时间。如果在超时内没有收到 Proxy Protocol 包,EMQX 将关闭 TCP 连接。
表示时间持续的字符串,例如:10s、2.5m、1h30m、1W2D 或 2345ms,其中 ms 是最小单位。每个配置项都有其自己的最小精度。设置值中超过精度的部分将被忽略。\n\n例如,如果一个类型为 Duration(s) 的配置项被设置为 1200ms,则最终有效值将是 1s 而不是 1.2s。\n\nDuration 等同于 Duration(ms)。单位部分不区分大小写。",
+ "type" : "Duration",
+ "default" : "\"3s\""
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-bind",
+ "text" : "bind",
+ "doc" : "监听器绑定的 IP 地址或端口。",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-max_connections",
+ "text" : "max_connections",
+ "doc" : "监听器支持的最大连接数。",
+ "type" : "OneOf(Integer(1..+inf),String(\"infinity\"))",
+ "default" : "1024"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-max_conn_rate",
+ "text" : "max_conn_rate",
+ "doc" : "监听器支持的最大连接速率。",
+ "type" : "Integer",
+ "default" : "1000"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-enable_authn",
+ "text" : "enable_authn",
+ "doc" : "配置 true (默认值)启用客户端进行身份认证。\n配置 false 时,将不对客户端做任何认证。",
+ "type" : "Boolean",
+ "default" : "true"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-mountpoint",
+ "text" : "mountpoint",
+ "doc" : "发布或订阅时,在所有主题前增加前缀字符串。\n当消息投递给订阅者时,前缀字符串将从主题名称中删除。挂载点是用户可以用来实现不同监听器之间的消息路由隔离的一种方式。\n例如,如果客户端 A 在 `listeners.tcp.\\.mountpoint` 设置为 `some_tenant` 的情况下订阅 `t`,\n则客户端实际上订阅了 `some_tenant/t` 主题。\n类似地,如果另一个客户端 B(连接到与客户端 A 相同的侦听器)向主题 `t` 发送消息,\n则该消息被路由到所有订阅了 `some_tenant/t` 的客户端,因此客户端 A 将收到该消息,带有 主题名称`t`。 设置为 `\"\"` 以禁用该功能。\n挂载点字符串中可用的变量:
\n - ${clientid}:clientid
\n - ${username}:用户名",
+ "type" : "String"
+ },
+ {
+ "hash" : "V-gateway-S-gateway-nats-S-nats-listeners-S-tcp_ws_listeners-ssl-S-ssl_listener-access_rules",
+ "text" : "access_rules",
+ "doc" : "一个包含字符串规则的访问规则列表,用于限制或允许来自某些地址的访问。\n列表中较早出现的规则优先匹配。\n格式为 allow | deny |