kennyh
/
emqx4.3


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091
							##--------------------------------------------------------------------
## Dashboard with HTTPS Listener
##
## Configuration for EMQX dashboard
##--------------------------------------------------------------------
## Note: This is an example of how to configure this feature
##       you should copy and paste the below data into the emqx.conf for working

dashboard {
    ## JWT token expiration time
    token_expired_time = 60m

    ## Support Cross-Origin Resource Sharing (CORS)
    cors = false

    listeners.https {
        ## Whether to enable the listener
        enable = true

        ## Port or Address to listen on
        bind = "0.0.0.0:18084" ## or just a port number, e.g. 18084

        ## Socket acceptor pool size for TCP protocols
        num_acceptors = 8

        ## Maximum number of simultaneous connections
        max_connections = 512

        ## Defines the maximum length that the queue of pending connections can grow to
        backlog = 1024

        ## Send timeout for the socket
        send_timeout = 10s

        ## Enable IPv6 support, default is false, which means IPv4 only
        inet6 = false

        ## Disable IPv4-to-IPv6 mapping for the listener
        ipv6_v6only = false

        ## Enable support for `HAProxy` header
        proxy_header = false

        ## Trusted PEM format CA certificates bundle file
        cacertfile = "data/certs/cacert.pem"
    
        ## PEM format certificates chain file
        certfile = "data/certs/cert.pem"
    
        ## PEM format private key file
        keyfile = "data/certs/key.pem"
    
        ## Enable or disable peer verification
        verify = verify_none  ## use verify_peer to enable
    
        ## if `verify' is ebabled, whit true, the connection fails if the client does not have a certificate to send
        fail_if_no_peer_cert = false
    
        ## Enable TLS session reuse
        reuse_sessions = true
    
        ## Maximum number of non-self-issued intermediate certificates that can follow the peer certificate in a valid certification path
        depth = 10
    
        ## Which versions are to be supported
        versions = [tlsv1.3, tlsv1.2]
    
        ## TLS cipher suite names
        ## Note: By default, all available suites are supported, you do not need to set this
        ciphers = ["TLS_AES_256_GCM_SHA384","TLS_AES_128_GCM_SHA256"]
    
        ## Allows a client and a server to renegotiate the parameters of the SSL connection on the fly
        secure_renegotiate = true
    
        ## Log level for SSL communication
        ## Type: emergency | alert | critical | error | warning | notice | info | debug | none | all
        log_level = notice
    
        ## Hibernate the SSL process after idling for amount of time reducing its memory footprint
        hibernate_after = 5s
    
        ## Forces the cipher to be set based on the server-specified order instead of the client-specified order
        honor_cipher_order = true
    
        ##  Setting this to false to disable client-initiated renegotiation
        client_renegotiation = true
    
        ## Maximum time duration allowed for the handshake to complete
        handshake_timeout = 15s
    }
}