Merge branch 'master'

etc/emqx.conf

@@ -237,10 +237,18 @@ node.crash_dump = {{ platform_log_dir }}/crash.dump
 ## Value: Enum
 ##  - inet_tcp: the default; handles TCP streams with IPv4 addressing.
 ##  - inet6_tcp: handles TCP with IPv6 addressing.
+##  - inet_tls: using TLS for Erlang Distribution.
 ##
 ## vm.args: -proto_dist inet_tcp
 node.proto_dist = inet_tcp
 
+## Specify SSL Options in the file if using SSL for Erlang Distribution.
+##
+## Value: File
+##
+## vm.args: -ssl_dist_optfile <File>
+## node.ssl_dist_optfile = {{ platform_etc_dir }}/ssl_dist.conf
+
 ## Sets the net_kernel tick time. TickTime is specified in seconds.
 ## Notice that all communicating nodes are to have the same TickTime
 ## value specified.
@@ -706,7 +714,7 @@ listener.tcp.external.send_timeout_close = on
 ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
 ##
 ## Value: on | off
-listener.tcp.external.tune_buffer = on
+## listener.tcp.external.tune_buffer = off
 
 ## The TCP_NODELAY flag for MQTT connections. Small amounts of data are
 ## sent immediately if the option is enabled.
@@ -785,28 +793,28 @@ listener.tcp.external.send_timeout_close = on
 ## See: listener.tcp.<name>.recbuf
 ##
 ## Value: Bytes
-listener.tcp.internal.recbuf = 16KB
+## listener.tcp.internal.recbuf = 16KB
 
 ## The TCP send buffer(os kernel) for internal MQTT connections.
 ##
 ## See: http://erlang.org/doc/man/inet.html
 ##
 ## Value: Bytes
-listener.tcp.internal.sndbuf = 16KB
+## listener.tcp.internal.sndbuf = 16KB
 
 ## The size of the user-level software buffer used by the driver.
 ##
 ## See: listener.tcp.<name>.buffer
 ##
 ## Value: Bytes
-listener.tcp.internal.buffer = 16KB
+## listener.tcp.internal.buffer = 16KB
 
 ## Sets the 'buffer = max(sndbuf, recbuf)' if this option is enabled.
 ##
 ## See: listener.tcp.<name>.tune_buffer
 ##
 ## Value: on | off
-listener.tcp.internal.tune_buffer = on
+## listener.tcp.internal.tune_buffer = off
 
 ## The TCP_NODELAY flag for internal MQTT connections.
 ##
@@ -1040,7 +1048,7 @@ listener.ssl.external.certfile = {{ platform_etc_dir }}/certs/cert.pem
 ## See: listener.tcp.<name>.tune_buffer
 ##
 ## Value: on | off
-## listener.ssl.external.tune_buffer = on
+## listener.ssl.external.tune_buffer = off
 
 ## The TCP_NODELAY flag for SSL connections.
 ##
@@ -1168,7 +1176,7 @@ listener.ws.external.send_timeout_close = on
 ## See: listener.tcp.<name>.tune_buffer
 ##
 ## Value: on | off
-listener.ws.external.tune_buffer = on
+## listener.ws.external.tune_buffer = off
 
 ## The TCP_NODELAY flag for external MQTT/WebSocket connections.
 ##

etc/ssl_dist.conf

@@ -0,0 +1,11 @@
+%% The options in the {server, Opts} tuple are used when calling ssl:ssl_accept/3,
+%% and the options in the {client, Opts} tuple are used when calling ssl:connect/4.
+%% 
+%% More information at: http://erlang.org/doc/apps/ssl/ssl_distribution.html
+[{server,
+  [{certfile, "{{ platform_etc_dir }}/certs/cert.pem"},
+   {keyfile, "{{ platform_etc_dir }}/certs/key.pem"},
+   {secure_renegotiate, true},
+   {depth, 0}]},
+ {client,
+  [{secure_renegotiate, true}]}].

priv/emqx.schema

@@ -170,7 +170,15 @@ end}.
 
 %% @doc The erlang distributed protocol
 {mapping, "node.proto_dist", "vm_args.-proto_dist", [
-  %%{default, "inet_tcp"}
+  {default, "inet_tcp"},
+  {datatype, {enum, [inet_tcp, inet6_tcp, inet_tls]}},
+  hidden
+]}.
+
+%% @doc Specify SSL Options in the file if using SSL for erlang distribution
+{mapping, "node.ssl_dist_optfile", "vm_args.-ssl_dist_optfile", [
+  {datatype, string},
+  hidden
 ]}.
 
 %% @doc Secret cookie for distributed erlang node