Trang chủ Khám phá Trợ giúp
Đăng nhập
kennyh
/
emqx4.3
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu khéo về 0 Wiki
Branch: master
Branches Tags
emqx4.3
/
apps
/
emqx_auth_pgsql
/
etc
/
emqx_auth_pgsql.conf

emqx_auth_pgsql.conf 3.0 KB
Permalink Lịch sử Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132 
  1. ##--------------------------------------------------------------------
    2. 

  2. ## PostgreSQL Auth/ACL Plugin
    3. 

  3. ##--------------------------------------------------------------------
    4. 

  4. 

  5. ## PostgreSQL server address.
    6. 

  6. ##
    7. 

  7. ## Value: Port | IP:Port
    8. 

  8. ##
    9. 

  9. ## Examples: 5432, 127.0.0.1:5432, localhost:5432
    10. 

  10. auth.pgsql.server = 127.0.0.1:5432
    11. 

  11. 

  12. ## PostgreSQL pool size.
    13. 

  13. ##
    14. 

  14. ## Value: Number
    15. 

  15. auth.pgsql.pool = 8
    16. 

  16. 

  17. ## PostgreSQL username.
    18. 

  18. ##
    19. 

  19. ## Value: String
    20. 

  20. auth.pgsql.username = root
    21. 

  21. 

  22. ## PostgreSQL password.
    23. 

  23. ##
    24. 

  24. ## Value: String
    25. 

  25. #auth.pgsql.password =
    26. 

  26. 

  27. ## PostgreSQL database.
    28. 

  28. ##
    29. 

  29. ## Value: String
    30. 

  30. auth.pgsql.database = mqtt
    31. 

  31. 

  32. ## PostgreSQL database encoding.
    33. 

  33. ##
    34. 

  34. ## Value: String
    35. 

  35. auth.pgsql.encoding = utf8
    36. 

  36. 

  37. ## Whether to enable SSL connection.
    38. 

  38. ##
    39. 

  39. ## Value: on | off
    40. 

  40. auth.pgsql.ssl = off
    41. 

  41. 

  42. ## TLS version.
    43. 

  43. ##
    44. 

  44. ## Available enum values:
    45. 

  45. ##    tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
    46. 

  46. ##
    47. 

  47. ## Value: String, seperated by ','
    48. 

  48. #auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1
    49. 

  49. 

  50. ## SSL keyfile.
    51. 

  51. ##
    52. 

  52. ## Value: File
    53. 

  53. #auth.pgsql.ssl.keyfile =
    54. 

  54. 

  55. ## SSL certfile.
    56. 

  56. ##
    57. 

  57. ## Value: File
    58. 

  58. #auth.pgsql.ssl.certfile =
    59. 

  59. 

  60. ## SSL cacertfile.
    61. 

  61. ##
    62. 

  62. ## Value: File
    63. 

  63. #auth.pgsql.ssl.cacertfile =
    64. 

  64. 

  65. ## In mode verify_none the default behavior is to allow all x509-path
    66. 

  66. ## validation errors.
    67. 

  67. ##
    68. 

  68. ## Value: true | false
    69. 

  69. #auth.pgsql.ssl.verify = false
    70. 

  70. 

  71. ## If not specified, the server's names returned in server's certificate is validated against
    72. 

  72. ## what's provided `auth.pgsql.server` config's host part.
    73. 

  73. ## Setting to 'disable' will make EMQ X ignore unmatched server names.
    74. 

  74. ## If set with a host name, the server's names returned in server's certificate is validated
    75. 

  75. ## against this value.
    76. 

  76. ##
    77. 

  77. ## Value: String | disable
    78. 

  78. ## auth.pgsql.ssl.server_name_indication = disable
    79. 

  79. 

  80. ## Authentication query.
    81. 

  81. ##
    82. 

  82. ## Value: SQL
    83. 

  83. ##
    84. 

  84. ## Variables:
    85. 

  85. ##  - %u: username
    86. 

  86. ##  - %c: clientid
    87. 

  87. ##  - %C: common name of client TLS cert
    88. 

  88. ##  - %d: subject of client TLS cert
    89. 

  89. ##
    90. 

  90. auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1
    91. 

  91. 

  92. ## Password hash.
    93. 

  93. ##
    94. 

  94. ## Value: plain | md5 | sha | sha256 | bcrypt
    95. 

  95. auth.pgsql.password_hash = sha256
    96. 

  96. 

  97. ## sha256 with salt prefix
    98. 

  98. ## auth.pgsql.password_hash = salt,sha256
    99. 

  99. 

  100. ## sha256 with salt suffix
    101. 

  101. ## auth.pgsql.password_hash = sha256,salt
    102. 

  102. 

  103. ## bcrypt with salt prefix
    104. 

  104. ## auth.pgsql.password_hash = salt,bcrypt
    105. 

  105. 

  106. ## pbkdf2 with macfun iterations dklen
    107. 

  107. ## macfun: md4, md5, ripemd160, sha, sha224, sha256, sha384, sha512
    108. 

  108. ## auth.pgsql.password_hash = pbkdf2,sha256,1000,20
    109. 

  109. 

  110. ## Superuser query.
    111. 

  111. ##
    112. 

  112. ## Value: SQL
    113. 

  113. ##
    114. 

  114. ## Variables:
    115. 

  115. ##  - %u: username
    116. 

  116. ##  - %c: clientid
    117. 

  117. ##  - %C: common name of client TLS cert
    118. 

  118. ##  - %d: subject of client TLS cert
    119. 

  119. ##
    120. 

  120. auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
    121. 

  121. 

  122. ## ACL query. Comment this query, the ACL will be disabled.
    123. 

  123. ##
    124. 

  124. ## Value: SQL
    125. 

  125. ##
    126. 

  126. ## Variables:
    127. 

  127. ##  - %a: ipaddress
    128. 

  128. ##  - %u: username
    129. 

  129. ##  - %c: clientid
    130. 

  130. ##
    131. 

  131. ## Note: You can add the 'ORDER BY' statement to control the rules match order
    132. 

  132. auth.pgsql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
    133.