diff --git a/rabbitmq-server.changes b/rabbitmq-server.changes index dd37788..6163061 100644 --- a/rabbitmq-server.changes +++ b/rabbitmq-server.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Dec 17 08:07:22 UTC 2018 - Dirk Mueller + +- switch to 3.7.x style rabbitmq-server.conf +- Remove sd_notify dependency and replace with socat as + followup to upstream change in + https://github.com/rabbitmq/rabbitmq-server/pull/666 + ------------------------------------------------------------------- Sat Dec 15 20:48:46 UTC 2018 - Dirk Mueller diff --git a/rabbitmq-server.spec b/rabbitmq-server.spec index 6a76ac0..4ad2cb1 100644 --- a/rabbitmq-server.spec +++ b/rabbitmq-server.spec @@ -49,7 +49,8 @@ Source5: rabbitmq-server.sysconfig Source6: rabbitmq-server.service Source7: rabbitmq-server.tmpfiles.d.conf Source8: README.SUSE -Source9: rabbitmq.config.example +# from https://raw.githubusercontent.com/rabbitmq/rabbitmq-server/v3.7.x/docs/rabbitmq.conf.example +Source9: rabbitmq.conf.example BuildRequires: elixir # https://www.rabbitmq.com/which-erlang.html BuildRequires: erlang < 22 @@ -77,7 +78,7 @@ Requires(pre): %insserv_prereq BuildRequires: systemd %{?systemd_requires} %define have_systemd 1 -Requires: erlang-sd_notify +Requires: socat %else Requires: %fillup_prereq Requires: %insserv_prereq @@ -154,7 +155,7 @@ install -p -D -m 0755 scripts/rabbitmq-server.ocf %{buildroot}%{_exec_prefix}/li install -p -D -m 0755 scripts/rabbitmq-server-ha.ocf %{buildroot}%{_exec_prefix}/lib/ocf/resource.d/rabbitmq/rabbitmq-server-ha # install config files -install -p -D -m 0644 %{SOURCE9} %{buildroot}/%{_sysconfdir}/rabbitmq/rabbitmq.config +install -p -D -m 0644 %{SOURCE9} %{buildroot}/%{_sysconfdir}/rabbitmq/rabbitmq.conf install -p -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/rabbitmq/rabbitmq-env.conf # Copy all necessary lib files etc. diff --git a/rabbitmq.conf.example b/rabbitmq.conf.example new file mode 100644 index 0000000..71effad --- /dev/null +++ b/rabbitmq.conf.example @@ -0,0 +1,892 @@ +# ====================================== +# RabbitMQ broker section +# ====================================== + +## Related doc guide: http://rabbitmq.com/configure.html. See +## http://rabbitmq.com/documentation.html for documentation ToC. + +## Networking +## ==================== +## +## Related doc guide: http://rabbitmq.com/networking.html. +## +## By default, RabbitMQ will listen on all interfaces, using +## the standard (reserved) AMQP 0-9-1 and 1.0 port. +## +# listeners.tcp.default = 5672 + + +## To listen on a specific interface, provide an IP address with port. +## For example, to listen only on localhost for both IPv4 and IPv6: +## +# IPv4 +# listeners.tcp.local = 127.0.0.1:5672 +# IPv6 +# listeners.tcp.local_v6 = ::1:5672 + +## You can define multiple listeners using listener names +# listeners.tcp.other_port = 5673 +# listeners.tcp.other_ip = 10.10.10.10:5672 + + +## TLS listeners are configured in the same fashion as TCP listeners, +## including the option to control the choice of interface. +## +# listeners.ssl.default = 5671 + +## Number of Erlang processes that will accept connections for the TCP +## and TLS listeners. +## +# num_acceptors.tcp = 10 +# num_acceptors.ssl = 1 + + +## Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection +## and TLS handshake), in milliseconds. +## +# handshake_timeout = 10000 + +## Set to 'true' to perform reverse DNS lookups when accepting a +## connection. Hostnames will then be shown instead of IP addresses +## in rabbitmqctl and the management plugin. +## +# reverse_dns_lookups = true + +## +## Security, Access Control +## ============== +## + +## Related doc guide: http://rabbitmq.com/access-control.html. + +## The default "guest" user is only permitted to access the server +## via a loopback interface (e.g. localhost). +## {loopback_users, [<<"guest">>]}, +## +# loopback_users.guest = true + +## Uncomment the following line if you want to allow access to the +## guest user from anywhere on the network. +# loopback_users.guest = false + +## TLS configuration. +## +## Related doc guide: http://rabbitmq.com/ssl.html. +## +# ssl_options.verify = verify_peer +# ssl_options.fail_if_no_peer_cert = false +# ssl_options.cacertfile = /path/to/cacert.pem +# ssl_options.certfile = /path/to/cert.pem +# ssl_options.keyfile = /path/to/key.pem +# +# ssl_options.honor_cipher_order = true +# ssl_options.honor_ecc_order = true + +# ssl_options.ciphers.1 = ECDHE-ECDSA-AES256-GCM-SHA384 +# ssl_options.ciphers.2 = ECDHE-RSA-AES256-GCM-SHA384 +# ssl_options.ciphers.3 = ECDHE-ECDSA-AES256-SHA384 +# ssl_options.ciphers.4 = ECDHE-RSA-AES256-SHA384 +# ssl_options.ciphers.5 = ECDH-ECDSA-AES256-GCM-SHA384 +# ssl_options.ciphers.6 = ECDH-RSA-AES256-GCM-SHA384 +# ssl_options.ciphers.7 = ECDH-ECDSA-AES256-SHA384 +# ssl_options.ciphers.8 = ECDH-RSA-AES256-SHA384 +# ssl_options.ciphers.9 = DHE-RSA-AES256-GCM-SHA384 +# ssl_options.ciphers.10 = DHE-DSS-AES256-GCM-SHA384 +# ssl_options.ciphers.11 = DHE-RSA-AES256-SHA256 +# ssl_options.ciphers.12 = DHE-DSS-AES256-SHA256 +# ssl_options.ciphers.13 = ECDHE-ECDSA-AES128-GCM-SHA256 +# ssl_options.ciphers.14 = ECDHE-RSA-AES128-GCM-SHA256 +# ssl_options.ciphers.15 = ECDHE-ECDSA-AES128-SHA256 +# ssl_options.ciphers.16 = ECDHE-RSA-AES128-SHA256 +# ssl_options.ciphers.17 = ECDH-ECDSA-AES128-GCM-SHA256 +# ssl_options.ciphers.18 = ECDH-RSA-AES128-GCM-SHA256 +# ssl_options.ciphers.19 = ECDH-ECDSA-AES128-SHA256 +# ssl_options.ciphers.20 = ECDH-RSA-AES128-SHA256 +# ssl_options.ciphers.21 = DHE-RSA-AES128-GCM-SHA256 +# ssl_options.ciphers.22 = DHE-DSS-AES128-GCM-SHA256 +# ssl_options.ciphers.23 = DHE-RSA-AES128-SHA256 +# ssl_options.ciphers.24 = DHE-DSS-AES128-SHA256 +# ssl_options.ciphers.25 = ECDHE-ECDSA-AES256-SHA +# ssl_options.ciphers.26 = ECDHE-RSA-AES256-SHA +# ssl_options.ciphers.27 = DHE-RSA-AES256-SHA +# ssl_options.ciphers.28 = DHE-DSS-AES256-SHA +# ssl_options.ciphers.29 = ECDH-ECDSA-AES256-SHA +# ssl_options.ciphers.30 = ECDH-RSA-AES256-SHA +# ssl_options.ciphers.31 = ECDHE-ECDSA-AES128-SHA +# ssl_options.ciphers.32 = ECDHE-RSA-AES128-SHA +# ssl_options.ciphers.33 = DHE-RSA-AES128-SHA +# ssl_options.ciphers.34 = DHE-DSS-AES128-SHA +# ssl_options.ciphers.35 = ECDH-ECDSA-AES128-SHA +# ssl_options.ciphers.36 = ECDH-RSA-AES128-SHA + +## Select an authentication/authorisation backend to use. +## +## Alternative backends are provided by plugins, such as rabbitmq-auth-backend-ldap. +## +## NB: These settings require certain plugins to be enabled. +## +## Related doc guides: +## +## * http://rabbitmq.com/plugins.html +## * http://rabbitmq.com/access-control.html +## + +# auth_backends.1 = rabbit_auth_backend_internal + +## uses separate backends for authentication and authorisation, +## see below. +# auth_backends.1.authn = rabbit_auth_backend_ldap +# auth_backends.1.authz = rabbit_auth_backend_internal + +## The rabbitmq_auth_backend_ldap plugin allows the broker to +## perform authentication and authorisation by deferring to an +## external LDAP server. +## +## Relevant doc guides: +## +## * http://rabbitmq.com/ldap.html +## * http://rabbitmq.com/access-control.html +## +## uses LDAP for both authentication and authorisation +# auth_backends.1 = rabbit_auth_backend_ldap + +## uses HTTP service for both authentication and +## authorisation +# auth_backends.1 = rabbit_auth_backend_http + +## uses two backends in a chain: HTTP first, then internal +# auth_backends.1 = rabbit_auth_backend_http +# auth_backends.2 = rabbit_auth_backend_internal + +## Authentication +## The built-in mechanisms are 'PLAIN', +## 'AMQPLAIN', and 'EXTERNAL' Additional mechanisms can be added via +## plugins. +## +## Related doc guide: http://rabbitmq.com/authentication.html. +## +# auth_mechanisms.1 = PLAIN +# auth_mechanisms.2 = AMQPLAIN + +## The rabbitmq-auth-mechanism-ssl plugin makes it possible to +## authenticate a user based on the client's x509 (TLS) certificate. +## Related doc guide: http://rabbitmq.com/authentication.html. +## +## To use auth-mechanism-ssl, the EXTERNAL mechanism should +## be enabled: +## +# auth_mechanisms.1 = PLAIN +# auth_mechanisms.2 = AMQPLAIN +# auth_mechanisms.3 = EXTERNAL + +## To force x509 certificate-based authentication on all clients, +## exclude all other mechanisms (note: this will disable password-based +## authentication even for the management UI!): +## +# auth_mechanisms.1 = EXTERNAL + +## This pertains to both the rabbitmq-auth-mechanism-ssl plugin and +## STOMP ssl_cert_login configurations. See the RabbitMQ STOMP plugin +## configuration section later in this file and the README in +## https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further +## details. +## +## To use the TLS cert's CN instead of its DN as the username +## +# ssl_cert_login_from = common_name + +## TLS handshake timeout, in milliseconds. +## +# ssl_handshake_timeout = 5000 + + +## Password hashing implementation. Will only affect newly +## created users. To recalculate hash for an existing user +## it's necessary to update her password. +## +## To use SHA-512, set to rabbit_password_hashing_sha512. +## +# password_hashing_module = rabbit_password_hashing_sha256 + +## When importing definitions exported from versions earlier +## than 3.6.0, it is possible to go back to MD5 (only do this +## as a temporary measure!) by setting this to rabbit_password_hashing_md5. +## +# password_hashing_module = rabbit_password_hashing_md5 + +## +## Default User / VHost +## ==================== +## + +## On first start RabbitMQ will create a vhost and a user. These +## config items control what gets created. +## Relevant doc guide: http://rabbitmq.com/access-control.html +## +# default_vhost = / +# default_user = guest +# default_pass = guest + +# default_permissions.configure = .* +# default_permissions.read = .* +# default_permissions.write = .* + +## Tags for default user +## +## For more details about tags, see the documentation for the +## Management Plugin at http://rabbitmq.com/management.html. +## +# default_user_tags.administrator = true + +## Define other tags like this: +# default_user_tags.management = true +# default_user_tags.custom_tag = true + +## +## Additional network and protocol related configuration +## ===================================================== +## + +## Set the default AMQP 0-9-1 heartbeat interval (in seconds). +## Related doc guides: +## +## * http://rabbitmq.com/heartbeats.html +## * http://rabbitmq.com/networking.html +## +# heartbeat = 60 + +## Set the max permissible size of an AMQP frame (in bytes). +## +# frame_max = 131072 + +## Set the max frame size the server will accept before connection +## tuning occurs +## +# initial_frame_max = 4096 + +## Set the max permissible number of channels per connection. +## 0 means "no limit". +## +# channel_max = 128 + +## Customising TCP Listener (Socket) Configuration. +## +## Related doc guides: +## +## * http://rabbitmq.com/networking.html +## * http://www.erlang.org/doc/man/inet.html#setopts-2 +## + +# tcp_listen_options.backlog = 128 +# tcp_listen_options.nodelay = true +# tcp_listen_options.exit_on_close = false +# +# tcp_listen_options.keepalive = true +# tcp_listen_options.send_timeout = 15000 +# +# tcp_listen_options.buffer = 196608 +# tcp_listen_options.sndbuf = 196608 +# tcp_listen_options.recbuf = 196608 + +## +## Resource Limits & Flow Control +## ============================== +## +## Related doc guide: http://rabbitmq.com/memory.html. + +## Memory-based Flow Control threshold. +## +# vm_memory_high_watermark.relative = 0.4 + +## Alternatively, we can set a limit (in bytes) of RAM used by the node. +## +# vm_memory_high_watermark.absolute = 1073741824 + +## Or you can set absolute value using memory units (with RabbitMQ 3.6.0+). +## Absolute watermark will be ignored if relative is defined! +## +# vm_memory_high_watermark.absolute = 2GB +## +## Supported units suffixes: +## +## kb, KB: kibibytes (2^10 bytes) +## mb, MB: mebibytes (2^20) +## gb, GB: gibibytes (2^30) + + + +## Fraction of the high watermark limit at which queues start to +## page message out to disc in order to free up memory. +## For example, when vm_memory_high_watermark is set to 0.4 and this value is set to 0.5, +## paging can begin as early as when 20% of total available RAM is used by the node. +## +## Values greater than 1.0 can be dangerous and should be used carefully. +## +## One alternative to this is to use durable queues and publish messages +## as persistent (delivery mode = 2). With this combination queues will +## move messages to disk much more rapidly. +## +## Another alternative is to configure queues to page all messages (both +## persistent and transient) to disk as quickly +## as possible, see http://rabbitmq.com/lazy-queues.html. +## +# vm_memory_high_watermark_paging_ratio = 0.5 + +## Selects Erlang VM memory consumption calculation strategy. Can be `allocated`, `rss` or `legacy` (aliased as `erlang`), +## Introduced in 3.6.11. `rss` is the default as of 3.6.12. +## See https://github.com/rabbitmq/rabbitmq-server/issues/1223 and rabbitmq/rabbitmq-common#224 for background. +# vm_memory_calculation_strategy = rss + +## Interval (in milliseconds) at which we perform the check of the memory +## levels against the watermarks. +## +# memory_monitor_interval = 2500 + +## The total memory available can be calculated from the OS resources +## - default option - or provided as a configuration parameter. +# total_memory_available_override_value = 2GB + +## Set disk free limit (in bytes). Once free disk space reaches this +## lower bound, a disk alarm will be set - see the documentation +## listed above for more details. +## +## Absolute watermark will be ignored if relative is defined! +# disk_free_limit.absolute = 50000 + +## Or you can set it using memory units (same as in vm_memory_high_watermark) +## with RabbitMQ 3.6.0+. +# disk_free_limit.absolute = 500KB +# disk_free_limit.absolute = 50mb +# disk_free_limit.absolute = 5GB + +## Alternatively, we can set a limit relative to total available RAM. +## +## Values lower than 1.0 can be dangerous and should be used carefully. +# disk_free_limit.relative = 2.0 + +## +## Clustering +## ===================== +## +# cluster_partition_handling = ignore + +## pause_if_all_down strategy require additional configuration +# cluster_partition_handling = pause_if_all_down + +## Recover strategy. Can be either 'autoheal' or 'ignore' +# cluster_partition_handling.pause_if_all_down.recover = ignore + +## Node names to check +# cluster_partition_handling.pause_if_all_down.nodes.1 = rabbit@localhost +# cluster_partition_handling.pause_if_all_down.nodes.2 = hare@localhost + +## Mirror sync batch size, in messages. Increasing this will speed +## up syncing but total batch size in bytes must not exceed 2 GiB. +## Available in RabbitMQ 3.6.0 or later. +## +# mirroring_sync_batch_size = 4096 + +## Make clustering happen *automatically* at startup. Only applied +## to nodes that have just been reset or started for the first time. +## +## Relevant doc guide: http://rabbitmq.com//cluster-formation.html +## + +# cluster_formation.peer_discovery_backend = rabbit_peer_discovery_classic_config +# +# cluster_formation.classic_config.nodes.1 = rabbit1@hostname +# cluster_formation.classic_config.nodes.2 = rabbit2@hostname +# cluster_formation.classic_config.nodes.3 = rabbit3@hostname +# cluster_formation.classic_config.nodes.4 = rabbit4@hostname + +## DNS-based peer discovery. This backend will list A records +## of the configured hostname and perform reverse lookups for +## the addresses returned. + +# cluster_formation.peer_discovery_backend = rabbit_peer_discovery_dns +# cluster_formation.dns.hostname = discovery.eng.example.local + +## This node's type can be configured. If you are not sure +## what node type to use, always use 'disc'. +# cluster_formation.node_type = disc + +## Interval (in milliseconds) at which we send keepalive messages +## to other cluster members. Note that this is not the same thing +## as net_ticktime; missed keepalive messages will not cause nodes +## to be considered down. +## +# cluster_keepalive_interval = 10000 + +## +## Statistics Collection +## ===================== +## + +## Set (internal) statistics collection granularity. +## +## Can be none, coarse or fine +# collect_statistics = none + +# collect_statistics = coarse + +## Statistics collection interval (in milliseconds). Increasing +## this will reduce the load on management database. +## +# collect_statistics_interval = 5000 + +## +## Misc/Advanced Options +## ===================== +## +## NB: Change these only if you understand what you are doing! +## + +## Explicitly enable/disable hipe compilation. +## +# hipe_compile = false + +## Timeout used when waiting for Mnesia tables in a cluster to +## become available. +## +# mnesia_table_loading_retry_timeout = 30000 + +## Retries when waiting for Mnesia tables in the cluster startup. Note that +## this setting is not applied to Mnesia upgrades or node deletions. +## +# mnesia_table_loading_retry_limit = 10 + +## Size in bytes below which to embed messages in the queue index. +## Related doc guide: http://rabbitmq.com/persistence-conf.html +## +# queue_index_embed_msgs_below = 4096 + +## You can also set this size in memory units +## +# queue_index_embed_msgs_below = 4kb + +## Whether or not to enable background periodic forced GC runs for all +## Erlang processes on the node in "waiting" state. +## +## Disabling background GC may reduce latency for client operations, +## keeping it enabled may reduce median RAM usage by the binary heap +## (see https://www.erlang-solutions.com/blog/erlang-garbage-collector.html). +## +## Before trying this option, please take a look at the memory +## breakdown (http://www.rabbitmq.com/memory-use.html). +## +# background_gc_enabled = false + +## Target (desired) interval (in milliseconds) at which we run background GC. +## The actual interval will vary depending on how long it takes to execute +## the operation (can be higher than this interval). Values less than +## 30000 milliseconds are not recommended. +## +# background_gc_target_interval = 60000 + +## Whether or not to enable proxy protocol support. +## Once enabled, clients cannot directly connect to the broker +## anymore. They must connect through a load balancer that sends the +## proxy protocol header to the broker at connection time. +## This setting applies only to AMQP clients, other protocols +## like MQTT or STOMP have their own setting to enable proxy protocol. +## See the plugins documentation for more information. +## +# proxy_protocol = false + +## ---------------------------------------------------------------------------- +## Advanced Erlang Networking/Clustering Options. +## +## Related doc guide: http://rabbitmq.com/clustering.html +## ---------------------------------------------------------------------------- + +# ====================================== +# Kernel section +# ====================================== + +## Timeout used to detect peer unavailability, including CLI tools. +## Related doc guide: https://www.rabbitmq.com/nettick.html. +## +# net_ticktime = 60 + +## Inter-node communication port range. +## Related doc guide: https://www.rabbitmq.com/networking.html#epmd-inet-dist-port-range. +## +# inet_dist_listen_min = 25672 +# inet_dist_listen_max = 25692 + +## ---------------------------------------------------------------------------- +## RabbitMQ Management Plugin +## +## Related doc guide: http://rabbitmq.com/management.html. +## ---------------------------------------------------------------------------- + +# ======================================= +# Management section +# ======================================= + +## Preload schema definitions from the following JSON file. +## Related doc guide: http://rabbitmq.com/management.html#load-definitions. +## +# management.load_definitions = /path/to/exported/definitions.json + +## Log all requests to the management HTTP API to a file. +## +# management.http_log_dir = /path/to/access.log + +## Change the port on which the HTTP listener listens, +## specifying an interface for the web server to bind to. +## Also set the listener to use TLS and provide TLS options. +## + +# management.listener.port = 15672 +# management.listener.ip = 127.0.0.1 +# management.listener.ssl = true + +# management.listener.ssl_opts.cacertfile = /path/to/cacert.pem +# management.listener.ssl_opts.certfile = /path/to/cert.pem +# management.listener.ssl_opts.keyfile = /path/to/key.pem + +## One of 'basic', 'detailed' or 'none'. See +## http://rabbitmq.com/management.html#fine-stats for more details. +# management.rates_mode = basic + +## Configure how long aggregated data (such as message rates and queue +## lengths) is retained. Please read the plugin's documentation in +## http://rabbitmq.com/management.html#configuration for more +## details. +## Your can use 'minute', 'hour' and 'day' keys or integer key (in seconds) +# management.sample_retention_policies.global.minute = 5 +# management.sample_retention_policies.global.hour = 60 +# management.sample_retention_policies.global.day = 1200 + +# management.sample_retention_policies.basic.minute = 5 +# management.sample_retention_policies.basic.hour = 60 + +# management.sample_retention_policies.detailed.10 = 5 + +## ---------------------------------------------------------------------------- +## RabbitMQ Shovel Plugin +## +## Related doc guide: http://rabbitmq.com/shovel.html +## ---------------------------------------------------------------------------- + +## Shovel plugin config example is defined in additional.config file + + +## ---------------------------------------------------------------------------- +## RabbitMQ STOMP Plugin +## +## Related doc guide: http://rabbitmq.com/stomp.html +## ---------------------------------------------------------------------------- + +# ======================================= +# STOMP section +# ======================================= + +## Network Configuration. The format is generally the same as for the core broker. +## +# stomp.listeners.tcp.default = 61613 + +## Same for ssl listeners +## +# stomp.listeners.ssl.default = 61614 + +## Number of Erlang processes that will accept connections for the TCP +## and TLS listeners. +## +# stomp.num_acceptors.tcp = 10 +# stomp.num_acceptors.ssl = 1 + +## Additional TLS options + +## Extract a name from the client's certificate when using TLS. +## +# stomp.ssl_cert_login = true + +## Set a default user name and password. This is used as the default login +## whenever a CONNECT frame omits the login and passcode headers. +## +## Please note that setting this will allow clients to connect without +## authenticating! +## +# stomp.default_user = guest +# stomp.default_pass = guest + +## If a default user is configured, or you have configured use TLS client +## certificate based authentication, you can choose to allow clients to +## omit the CONNECT frame entirely. If set to true, the client is +## automatically connected as the default user or user supplied in the +## TLS certificate whenever the first frame sent on a session is not a +## CONNECT frame. +## +# stomp.implicit_connect = true + +## Whether or not to enable proxy protocol support. +## Once enabled, clients cannot directly connect to the broker +## anymore. They must connect through a load balancer that sends the +## proxy protocol header to the broker at connection time. +## This setting applies only to STOMP clients, other protocols +## like MQTT or AMQP have their own setting to enable proxy protocol. +## See the plugins or broker documentation for more information. +## +# stomp.proxy_protocol = false + +## ---------------------------------------------------------------------------- +## RabbitMQ MQTT Adapter +## +## See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md +## for details +## ---------------------------------------------------------------------------- + +# ======================================= +# MQTT section +# ======================================= + +## Set the default user name and password used for anonymous connections (when client +## provides no credentials). Anonymous connections are highly discouraged! +## +# mqtt.default_user = guest +# mqtt.default_pass = guest + +## Enable anonymous connections. If this is set to false, clients MUST provide +## credentials in order to connect. See also the mqtt.default_user/mqtt.default_pass +## keys. Anonymous connections are highly discouraged! +## +# mqtt.allow_anonymous = true + +## If you have multiple vhosts, specify the one to which the +## adapter connects. +## +# mqtt.vhost = / + +## Specify the exchange to which messages from MQTT clients are published. +## +# mqtt.exchange = amq.topic + +## Specify TTL (time to live) to control the lifetime of non-clean sessions. +## +# mqtt.subscription_ttl = 1800000 + +## Set the prefetch count (governing the maximum number of unacknowledged +## messages that will be delivered). +## +# mqtt.prefetch = 10 + +## TCP/SSL Configuration (as per the broker configuration). +## +# mqtt.listeners.tcp.default = 1883 + +## Same for ssl listener +## +# mqtt.listeners.ssl.default = 1884 + +## Number of Erlang processes that will accept connections for the TCP +## and TLS listeners. +## +# mqtt.num_acceptors.tcp = 10 +# mqtt.num_acceptors.ssl = 10 + +## TCP listener options (as per the broker configuration). +## +# mqtt.tcp_listen_options.backlog = 128 +# mqtt.tcp_listen_options.nodelay = true + +## Whether or not to enable proxy protocol support. +## Once enabled, clients cannot directly connect to the broker +## anymore. They must connect through a load balancer that sends the +## proxy protocol header to the broker at connection time. +## This setting applies only to STOMP clients, other protocols +## like STOMP or AMQP have their own setting to enable proxy protocol. +## See the plugins or broker documentation for more information. +## +# mqtt.proxy_protocol = false + +## ---------------------------------------------------------------------------- +## RabbitMQ AMQP 1.0 Support +## +## See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md. +## ---------------------------------------------------------------------------- + +# ======================================= +# AMQP 1.0 section +# ======================================= + + +## Connections that are not authenticated with SASL will connect as this +## account. See the README for more information. +## +## Please note that setting this will allow clients to connect without +## authenticating! +## +# amqp1_0.default_user = guest + +## Enable protocol strict mode. See the README for more information. +## +# amqp1_0.protocol_strict_mode = false + +## Logging settings. +## +## See http://rabbitmq.com/logging.html and https://github.com/erlang-lager/lager for details. +## + +## Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default. +## +# log.dir = /var/log/rabbitmq + +## Logging to file. Can be false or a filename. +## Default: +# log.file = rabbit.log + +## To disable logging to a file +# log.file = false + +## Log level for file logging +## +# log.file.level = info + +## File rotation config. No rotation by default. +## DO NOT SET rotation date to ''. Leave the value unset if "" is the desired value +# log.file.rotation.date = $D0 +# log.file.rotation.size = 0 + +## Logging to console (can be true or false) +## +# log.console = false + +## Log level for console logging +## +# log.console.level = info + +## Logging to the amq.rabbitmq.log exchange (can be true or false) +## +# log.exchange = false + +## Log level to use when logging to the amq.rabbitmq.log exchange +## +# log.exchange.level = info + + + +## ---------------------------------------------------------------------------- +## RabbitMQ LDAP Plugin +## +## Related doc guide: http://rabbitmq.com/ldap.html. +## +## ---------------------------------------------------------------------------- + +# ======================================= +# LDAP section +# ======================================= + +## +## Connecting to the LDAP server(s) +## ================================ +## + +## Specify servers to bind to. You *must* set this in order for the plugin +## to work properly. +## +# auth_ldap.servers.1 = your-server-name-goes-here + +## You can define multiple servers +# auth_ldap.servers.2 = your-other-server + +## Connect to the LDAP server using TLS +## +# auth_ldap.use_ssl = false + +## Specify the LDAP port to connect to +## +# auth_ldap.port = 389 + +## LDAP connection timeout, in milliseconds or 'infinity' +## +# auth_ldap.timeout = infinity + +## Or number +# auth_ldap.timeout = 500 + +## Enable logging of LDAP queries. +## One of +## - false (no logging is performed) +## - true (verbose logging of the logic used by the plugin) +## - network (as true, but additionally logs LDAP network traffic) +## +## Defaults to false. +## +# auth_ldap.log = false + +## Also can be true or network +# auth_ldap.log = true +# auth_ldap.log = network + +## +## Authentication +## ============== +## + +## Pattern to convert the username given through AMQP to a DN before +## binding +## +# auth_ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com + +## Alternatively, you can convert a username to a Distinguished +## Name via an LDAP lookup after binding. See the documentation for +## full details. + +## When converting a username to a dn via a lookup, set these to +## the name of the attribute that represents the user name, and the +## base DN for the lookup query. +## +# auth_ldap.dn_lookup_attribute = userPrincipalName +# auth_ldap.dn_lookup_base = DC=gopivotal,DC=com + +## Controls how to bind for authorisation queries and also to +## retrieve the details of users logging in without presenting a +## password (e.g., SASL EXTERNAL). +## One of +## - as_user (to bind as the authenticated user - requires a password) +## - anon (to bind anonymously) +## - {UserDN, Password} (to bind with a specified user name and password) +## +## Defaults to 'as_user'. +## +# auth_ldap.other_bind = as_user + +## Or can be more complex: +# auth_ldap.other_bind.user_dn = User +# auth_ldap.other_bind.password = Password + +## If user_dn and password defined - other options is ignored. + +# ----------------------------- +# Too complex section of LDAP +# ----------------------------- + +## +## Authorisation +## ============= +## + +## The LDAP plugin can perform a variety of queries against your +## LDAP server to determine questions of authorisation. +## +## Related doc guide: http://rabbitmq.com/ldap.html#authorisation. + +## Following configuration should be defined in additional.config file +## DO NOT UNCOMMENT THIS LINES! + +## Set the query to use when determining vhost access +## +## {vhost_access_query, {in_group, +## "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, + +## Set the query to use when determining resource (e.g., queue) access +## +## {resource_access_query, {constant, true}}, + +## Set queries to determine which tags a user has +## +## {tag_queries, []} +# ]}, +# ----------------------------- diff --git a/rabbitmq.config.example b/rabbitmq.config.example deleted file mode 100644 index 95acf36..0000000 --- a/rabbitmq.config.example +++ /dev/null @@ -1,845 +0,0 @@ -%% -*- mode: erlang -*- -%% ---------------------------------------------------------------------------- -%% RabbitMQ Sample Configuration File. -%% -%% Related doc guide: http://www.rabbitmq.com/configure.html. See -%% http://rabbitmq.com/documentation.html for documentation ToC. -%% ---------------------------------------------------------------------------- -[ - {rabbit, - [ - %% Networking - %% ==================== - %% - %% Related doc guide: http://www.rabbitmq.com/networking.html. - - %% By default, RabbitMQ will listen on all interfaces, using - %% the standard (reserved) AMQP port. - %% - %% {tcp_listeners, [5672]}, - - %% To listen on a specific interface, provide a tuple of {IpAddress, Port}. - %% For example, to listen only on localhost for both IPv4 and IPv6: - %% - %% {tcp_listeners, [{"127.0.0.1", 5672}, - %% {"::1", 5672}]}, - - %% TLS listeners are configured in the same fashion as TCP listeners, - %% including the option to control the choice of interface. - %% - %% {ssl_listeners, [5671]}, - - %% Number of Erlang processes that will accept connections for the TCP - %% and TLS listeners. - %% - %% {num_tcp_acceptors, 10}, - %% {num_ssl_acceptors, 1}, - - %% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection - %% and TLS handshake), in milliseconds. - %% - %% {handshake_timeout, 10000}, - - %% Log levels in decreasing order of verbosity: - %% * 'debug' - %% * 'info' - %% * 'warning' - %% * 'error' - %% * 'none' - %% Defaults to '{connection, info}' - %% - %% {log_levels, [{channel, info}, {connection, info}, {federation, info}, {mirroring, info}]}, - - %% Set to 'true' to perform reverse DNS lookups when accepting a - %% connection. Hostnames will then be shown instead of IP addresses - %% in rabbitmqctl and the management plugin. - %% - %% {reverse_dns_lookups, false}, - - %% - %% Security, Access Control - %% ======================== - %% - %% Related doc guide: http://www.rabbitmq.com/access-control.html. - - %% The default "guest" user is only permitted to access the server - %% via a loopback interface (e.g. localhost). - %% {loopback_users, [<<"guest">>]}, - %% - %% Uncomment the following line if you want to allow access to the - %% guest user from anywhere on the network. - %% {loopback_users, []}, - - - %% TLS configuration. - %% - %% Related doc guide: http://www.rabbitmq.com/ssl.html. - %% - %% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, - %% {certfile, "/path/to/server/cert.pem"}, - %% {keyfile, "/path/to/server/key.pem"}, - %% {verify, verify_peer}, - %% {fail_if_no_peer_cert, false}]}, - - %% Choose the available SASL mechanism(s) to expose. - %% The two default (built in) mechanisms are 'PLAIN' and - %% 'AMQPLAIN'. Additional mechanisms can be added via - %% plugins. - %% - %% Related doc guide: http://www.rabbitmq.com/authentication.html. - %% - %% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, - - %% Select an authentication database to use. RabbitMQ comes bundled - %% with a built-in auth-database, based on mnesia. - %% - %% {auth_backends, [rabbit_auth_backend_internal]}, - - %% Configurations supporting the rabbitmq_auth_mechanism_ssl and - %% rabbitmq_auth_backend_ldap plugins. - %% - %% NB: These options require that the relevant plugin is enabled. - %% Related doc guide: http://www.rabbitmq.com/plugins.html for further details. - - %% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to - %% authenticate a user based on the client's TLS certificate. - %% - %% To use auth-mechanism-ssl, add to or replace the auth_mechanisms - %% list with the entry 'EXTERNAL'. - %% - %% {auth_mechanisms, ['EXTERNAL']}, - - %% The rabbitmq_auth_backend_ldap plugin allows the broker to - %% perform authentication and authorisation by deferring to an - %% external LDAP server. - %% - %% For more information about configuring the LDAP backend, see - %% http://www.rabbitmq.com/ldap.html. - %% - %% Enable the LDAP auth backend by adding to or replacing the - %% auth_backends entry: - %% - %% {auth_backends, [rabbit_auth_backend_ldap]}, - - %% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and - %% STOMP ssl_cert_login configurations. See the rabbitmq_stomp - %% configuration section later in this file and the README in - %% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further - %% details. - %% - %% To use the TLS cert's CN instead of its DN as the username - %% - %% {ssl_cert_login_from, distinguished_name}, - - %% TLS handshake timeout, in milliseconds. - %% - %% {ssl_handshake_timeout, 5000}, - - %% Makes RabbitMQ accept SSLv3 client connections by default. - %% DO NOT DO THIS IF YOU CAN HELP IT. - %% - %% {ssl_allow_poodle_attack, false}, - - %% Password hashing implementation. Will only affect newly - %% created users. To recalculate hash for an existing user - %% it's necessary to update her password. - %% - %% {password_hashing_module, rabbit_password_hashing_sha256}, - - %% Configuration entry encryption. - %% Related doc guide: http://www.rabbitmq.com/configure.html#configuration-encryption - %% - %% To specify the passphrase in the configuration file: - %% - %% {config_entry_decoder, [{passphrase, <<"mypassphrase">>}]} - %% - %% To specify the passphrase in an external file: - %% - %% {config_entry_decoder, [{passphrase, {file, "/path/to/passphrase/file"}}]} - %% - %% To make the broker request the passphrase when it starts: - %% - %% {config_entry_decoder, [{passphrase, prompt}]} - %% - %% To change encryption settings: - %% - %% {config_entry_decoder, [{cipher, aes_cbc256}, - %% {hash, sha512}, - %% {iterations, 1000}]} - - %% - %% Default User / VHost - %% ==================== - %% - - %% On first start RabbitMQ will create a vhost and a user. These - %% config items control what gets created. See - %% http://www.rabbitmq.com/access-control.html for further - %% information about vhosts and access control. - %% - %% {default_vhost, <<"/">>}, - %% {default_user, <<"guest">>}, - %% {default_pass, <<"guest">>}, - %% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, - - %% Tags for default user - %% - %% Related doc guide: http://www.rabbitmq.com/management.html. - %% - %% {default_user_tags, [administrator]}, - - %% - %% Additional network and protocol related configuration - %% ===================================================== - %% - - %% Sets the default AMQP 0-9-1 heartbeat timeout in seconds. - %% Values lower than 6 can produce false positives and are not - %% recommended. - %% - %% Related doc guides: - %% - %% * http://www.rabbitmq.com/heartbeats.html - %% * http://www.rabbitmq.com/networking.html - %% - %% {heartbeat, 60}, - - %% Set the max permissible size of an AMQP frame (in bytes). - %% - %% {frame_max, 131072}, - - %% Set the max frame size the server will accept before connection - %% tuning occurs - %% - %% {initial_frame_max, 4096}, - - %% Set the max permissible number of channels per connection. - %% 0 means "no limit". - %% - {channel_max, 0}, - - %% Set the max permissible number of client connections to the node. - %% `infinity` means "no limit". - %% - %% This limit applies to client connections to all listeners (regardless of - %% the protocol, whether TLS is used and so on). CLI tools and inter-node - %% connections are exempt. - %% - %% When client connections are rapidly opened in succession, it is possible - %% for the total connection count to go slightly higher than the configured limit. - %% The limit works well as a general safety measure. - %% - %% Clients that are hitting the limit will see their TCP connections fail or time out. - %% - %% Introduced in 3.6.13. - %% - %% Related doc guide: http://www.rabbitmq.com/networking.html. - %% - %% {connection_max, infinity}, - - %% TCP socket options. - %% - %% Related doc guide: http://www.rabbitmq.com/networking.html. - %% - %% {tcp_listen_options, [{backlog, 128}, - %% {nodelay, true}, - %% {exit_on_close, false}]}, - - %% - %% Resource Limits & Flow Control - %% ============================== - %% - %% Related doc guide: http://www.rabbitmq.com/memory.html, http://www.rabbitmq.com/memory-use.html. - - %% Memory-based Flow Control threshold. - %% - %% {vm_memory_high_watermark, 0.4}, - - %% Alternatively, we can set a limit (in bytes) of RAM used by the node. - %% - %% {vm_memory_high_watermark, {absolute, 1073741824}}, - %% - %% Or you can set absolute value using memory units. - %% - %% {vm_memory_high_watermark, {absolute, "1024M"}}, - %% - %% Supported units suffixes: - %% - %% k, kiB: kibibytes (2^10 bytes) - %% M, MiB: mebibytes (2^20) - %% G, GiB: gibibytes (2^30) - %% kB: kilobytes (10^3) - %% MB: megabytes (10^6) - %% GB: gigabytes (10^9) - - %% Fraction of the high watermark limit at which queues start to - %% page message out to disc in order to free up memory. - %% For example, when vm_memory_high_watermark is set to 0.4 and this value is set to 0.5, - %% paging can begin as early as when 20% of total available RAM is used by the node. - %% - %% Values greater than 1.0 can be dangerous and should be used carefully. - %% - %% One alternative to this is to use durable queues and publish messages - %% as persistent (delivery mode = 2). With this combination queues will - %% move messages to disk much more rapidly. - %% - %% Another alternative is to configure queues to page all messages (both - %% persistent and transient) to disk as quickly - %% as possible, see http://www.rabbitmq.com/lazy-queues.html. - %% - %% {vm_memory_high_watermark_paging_ratio, 0.5}, - - %% Selects Erlang VM memory consumption calculation strategy. Can be `allocated`, `rss` or `legacy` (aliased as `erlang`), - %% Introduced in 3.6.11. `rss` is the default as of 3.6.12. - %% See https://github.com/rabbitmq/rabbitmq-server/issues/1223 and rabbitmq/rabbitmq-common#224 for background. - %% {vm_memory_calculation_strategy, rss}, - - %% Interval (in milliseconds) at which we perform the check of the memory - %% levels against the watermarks. - %% - %% {memory_monitor_interval, 2500}, - - %% The total memory available can be calculated from the OS resources - %% - default option - or provided as a configuration parameter: - %% {total_memory_available_override_value, "5000MB"}, - - %% Set disk free limit (in bytes). Once free disk space reaches this - %% lower bound, a disk alarm will be set - see the documentation - %% listed above for more details. - %% - %% {disk_free_limit, 50000000}, - %% - %% Or you can set it using memory units (same as in vm_memory_high_watermark) - %% {disk_free_limit, "50MB"}, - %% {disk_free_limit, "50000kB"}, - %% {disk_free_limit, "2GB"}, - - %% Alternatively, we can set a limit relative to total available RAM. - %% - %% Values lower than 1.0 can be dangerous and should be used carefully. - %% {disk_free_limit, {mem_relative, 2.0}}, - - %% - %% Misc/Advanced Options - %% ===================== - %% - %% NB: Change these only if you understand what you are doing! - %% - - %% Queue master location strategy: - %% * <<"min-masters">> - %% * <<"client-local">> - %% * <<"random">> - %% - %% Related doc guide: https://www.rabbitmq.com/ha.html#queue-master-location - %% - %% {queue_master_locator, <<"client-local">>}, - - %% Batch size (number of messages) used during eager queue mirror synchronisation. - %% Related doc guide: https://www.rabbitmq.com/ha.html#batch-sync. When average message size is relatively large - %% (say, 10s of kilobytes or greater), reducing this value will decrease peak amount - %% of RAM used by newly joining nodes that need eager synchronisation. - %% - %% {mirroring_sync_batch_size, 4096}, - - %% Enables flow control between queue mirrors. - %% Disabling this can be dangerous and is not recommended. - %% When flow control is disablied, queue masters can outpace mirrors and not allow mirrors to catch up. - %% Mirrors will end up using increasingly more RAM, eventually triggering a memory alarm. - %% - %% {mirroring_flow_control, true}, - - %% Additional server properties to announce to connecting clients. - %% - %% {server_properties, []}, - - %% How to respond to cluster partitions. - %% Related doc guide: http://www.rabbitmq.com/partitions.html - %% - %% {cluster_partition_handling, ignore}, - - %% Make clustering happen *automatically* at startup - only applied - %% to nodes that have just been reset or started for the first time. - %% Related doc guide: http://www.rabbitmq.com/clustering.html#auto-config - %% - %% {cluster_nodes, {['rabbit@my.host.com'], disc}}, - - %% Interval (in milliseconds) at which we send keepalive messages - %% to other cluster members. Note that this is not the same thing - %% as net_ticktime; missed keepalive messages will not cause nodes - %% to be considered down. - %% - %% {cluster_keepalive_interval, 10000}, - - %% Set (internal) statistics collection granularity. - %% - %% {collect_statistics, none}, - - %% Statistics collection interval (in milliseconds). - %% - %% {collect_statistics_interval, 5000}, - - %% Enables vhosts tracing. - %% - %% {trace_vhosts, []}, - - %% Explicitly enable/disable HiPE compilation. - %% - %% {hipe_compile, false}, - - %% Number of delegate processes to use for intra-cluster communication. - %% On a node which is part of cluster, has more than 16 cores and plenty of network bandwidth, - %% it may make sense to increase this value. - %% - %% {delegate_count, 16}, - - %% Number of times to retry while waiting for internal database tables (Mnesia tables) to sync - %% from a peer. In deployments where nodes can take a long time to boot, this value - %% may need increasing. - %% - %% {mnesia_table_loading_retry_limit, 10}, - - %% Amount of time in milliseconds which this node will wait for internal database tables (Mnesia tables) to sync - %% from a peer. In deployments where nodes can take a long time to boot, this value - %% may need increasing. - %% - %% {mnesia_table_loading_retry_timeout, 30000}, - - %% Size in bytes below which to embed messages in the queue index. - %% Related doc guide: http://www.rabbitmq.com/persistence-conf.html - %% - %% {queue_index_embed_msgs_below, 4096}, - - %% Maximum number of queue index entries to keep in journal - %% Related doc guide: http://www.rabbitmq.com/persistence-conf.html. - %% - %% {queue_index_max_journal_entries, 32768}, - - %% Number of credits that a queue process is given by the message store - %% By default, a queue process is given 4000 message store credits, - %% and then 800 for every 800 messages that it processes. - %% - %% {msg_store_credit_disc_bound, {4000, 800}}, - - %% Minimum number of messages with their queue position held in RAM required - %% to trigger writing their queue position to disk. - %% - %% This value MUST be higher than the initial msg_store_credit_disc_bound value, - %% otherwise paging performance may worsen. - %% - %% {msg_store_io_batch_size, 4096}, - - %% Number of credits that a connection, channel or queue are given. - %% - %% By default, every connection, channel or queue is given 400 credits, - %% and then 200 for every 200 messages that it sends to a peer process. - %% Increasing these values may help with throughput but also can be dangerous: - %% high credit flow values are no different from not having flow control at all. - %% - %% Related doc guide: https://www.rabbitmq.com/blog/2015/10/06/new-credit-flow-settings-on-rabbitmq-3-5-5/ - %% and http://alvaro-videla.com/2013/09/rabbitmq-internals-credit-flow-for-erlang-processes.html. - %% - %% {credit_flow_default_credit, {400, 200}}, - - %% Number of milliseconds before a channel operation times out. - %% - %% {channel_operation_timeout, 15000}, - - %% Number of queue operations required to trigger an explicit garbage collection. - %% Increasing this value may reduce CPU load and increase peak RAM consumption of queues. - %% - %% {queue_explicit_gc_run_operation_threshold, 1000}, - - %% Number of lazy queue operations required to trigger an explicit garbage collection. - %% Increasing this value may reduce CPU load and increase peak RAM consumption of lazy queues. - %% - %% {lazy_queue_explicit_gc_run_operation_threshold, 1000}, - - %% Number of times disk monitor will retry free disk space queries before - %% giving up. - %% - %% {disk_monitor_failure_retries, 10}, - - %% Milliseconds to wait between disk monitor retries on failures. - %% - %% {disk_monitor_failure_retry_interval, 120000}, - - %% Whether or not to enable background GC. - %% - %% {background_gc_enabled, false}, - - %% Interval (in milliseconds) at which we run background GC. - %% - %% {background_gc_target_interval, 60000}, - - %% Message store operations are stored in a sequence of files called segments. - %% This controls max size of a segment file. - %% Increasing this value may speed up (sequential) disk writes but will slow down segment GC process. - %% DO NOT CHANGE THIS for existing installations. - %% - %% {msg_store_file_size_limit, 16777216}, - - %% Whether or not to enable file write buffering. - %% - %% {fhc_write_buffering, true}, - - %% Whether or not to enable file read buffering. Enabling - %% this may slightly speed up reads but will also increase - %% node's memory consumption, in particular on boot. - %% - {fhc_read_buffering, false} - - ]}, - - %% ---------------------------------------------------------------------------- - %% Advanced Erlang Networking/Clustering Options. - %% - %% Related doc guide: http://www.rabbitmq.com/clustering.html - %% ---------------------------------------------------------------------------- - {kernel, - [%% Sets the net_kernel tick time. - %% Please see http://erlang.org/doc/man/kernel_app.html and - %% http://www.rabbitmq.com/nettick.html for further details. - %% - %% {net_ticktime, 60} - ]}, - - %% ---------------------------------------------------------------------------- - %% RabbitMQ Management Plugin - %% - %% Related doc guide: http://www.rabbitmq.com/management.html - %% ---------------------------------------------------------------------------- - - {rabbitmq_management, - [%% Preload schema definitions from a previously exported definitions file. See - %% http://www.rabbitmq.com/management.html#load-definitions - %% - %% {load_definitions, "/path/to/exported/definitions.json"}, - - %% Log all requests to the management HTTP API to a directory. - %% - %% {http_log_dir, "/path/to/rabbitmq/logs/http"}, - - %% Change the port on which the HTTP listener listens, - %% specifying an interface for the web server to bind to. - %% Also set the listener to use TLS and provide TLS options. - %% - %% {listener, [{port, 12345}, - %% {ip, "127.0.0.1"}, - %% {ssl, true}, - %% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, - %% {certfile, "/path/to/cert.pem"}, - %% {keyfile, "/path/to/key.pem"}]}]}, - - %% One of 'basic', 'detailed' or 'none'. See - %% http://www.rabbitmq.com/management.html#fine-stats for more details. - %% {rates_mode, basic}, - - %% Configure how long aggregated data (such as message rates and queue - %% lengths) is retained. Please read the plugin's documentation in - %% http://www.rabbitmq.com/management.html#configuration for more - %% details. - %% - %% {sample_retention_policies, - %% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, - %% {basic, [{60, 5}, {3600, 60}]}, - %% {detailed, [{10, 5}]}]} - ]}, - - %% ---------------------------------------------------------------------------- - %% RabbitMQ Shovel Plugin - %% - %% Related doc guide: http://www.rabbitmq.com/shovel.html - %% ---------------------------------------------------------------------------- - - {rabbitmq_shovel, - [{shovels, - [%% A named shovel worker. - %% {my_first_shovel, - %% [ - - %% List the source broker(s) from which to consume. - %% - %% {sources, - %% [%% URI(s) and pre-declarations for all source broker(s). - %% {brokers, ["amqp://user:password@host.domain/my_vhost"]}, - %% {declarations, []} - %% ]}, - - %% List the destination broker(s) to publish to. - %% {destinations, - %% [%% A singular version of the 'brokers' element. - %% {broker, "amqp://"}, - %% {declarations, []} - %% ]}, - - %% Name of the queue to shovel messages from. - %% - %% {queue, <<"your-queue-name-goes-here">>}, - - %% Optional prefetch count. - %% - %% {prefetch_count, 10}, - - %% when to acknowledge messages: - %% - no_ack: never (auto) - %% - on_publish: after each message is republished - %% - on_confirm: when the destination broker confirms receipt - %% - %% {ack_mode, on_confirm}, - - %% Overwrite fields of the outbound basic.publish. - %% - %% {publish_fields, [{exchange, <<"my_exchange">>}, - %% {routing_key, <<"from_shovel">>}]}, - - %% Static list of basic.properties to set on re-publication. - %% - %% {publish_properties, [{delivery_mode, 2}]}, - - %% The number of seconds to wait before attempting to - %% reconnect in the event of a connection failure. - %% - %% {reconnect_delay, 2.5} - - %% ]} %% End of my_first_shovel - ]} - %% Rather than specifying some values per-shovel, you can specify - %% them for all shovels here. - %% - %% {defaults, [{prefetch_count, 0}, - %% {ack_mode, on_confirm}, - %% {publish_fields, []}, - %% {publish_properties, [{delivery_mode, 2}]}, - %% {reconnect_delay, 2.5}]} - ]}, - - %% ---------------------------------------------------------------------------- - %% RabbitMQ STOMP Plugin - %% - %% Related doc guide: http://www.rabbitmq.com/stomp.html - %% ---------------------------------------------------------------------------- - - {rabbitmq_stomp, - [%% Network Configuration - the format is generally the same as for the broker - - %% Listen only on localhost (ipv4 & ipv6) on a specific port. - %% {tcp_listeners, [{"127.0.0.1", 61613}, - %% {"::1", 61613}]}, - - %% Listen for TLS connections on a specific port. - %% {ssl_listeners, [61614]}, - - %% Number of Erlang processes that will accept connections for the TCP - %% and TLS listeners. - %% - %% {num_tcp_acceptors, 10}, - %% {num_ssl_acceptors, 1}, - - %% Additional TLS options - - %% Extract a name from the client's certificate when using TLS. - %% - %% {ssl_cert_login, true}, - - %% Set a default user name and password. This is used as the default login - %% whenever a CONNECT frame omits the login and passcode headers. - %% - %% Please note that setting this will allow clients to connect without - %% authenticating! - %% - %% {default_user, [{login, "guest"}, - %% {passcode, "guest"}]}, - - %% If a default user is configured, or you have configured use TLS client - %% certificate based authentication, you can choose to allow clients to - %% omit the CONNECT frame entirely. If set to true, the client is - %% automatically connected as the default user or user supplied in the - %% TLS certificate whenever the first frame sent on a session is not a - %% CONNECT frame. - %% - %% {implicit_connect, true} - ]}, - - %% ---------------------------------------------------------------------------- - %% RabbitMQ MQTT Plugin - %% - %% Related doc guide: https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md - %% - %% ---------------------------------------------------------------------------- - - {rabbitmq_mqtt, - [%% Set the default user name and password. Will be used as the default login - %% if a connecting client provides no other login details. - %% - %% Please note that setting this will allow clients to connect without - %% authenticating! - %% - %% {default_user, <<"guest">>}, - %% {default_pass, <<"guest">>}, - - %% Enable anonymous access. If this is set to false, clients MUST provide - %% login information in order to connect. See the default_user/default_pass - %% configuration elements for managing logins without authentication. - %% - %% {allow_anonymous, true}, - - %% If you have multiple chosts, specify the one to which the - %% adapter connects. - %% - %% {vhost, <<"/">>}, - - %% Specify the exchange to which messages from MQTT clients are published. - %% - %% {exchange, <<"amq.topic">>}, - - %% Specify TTL (time to live) to control the lifetime of non-clean sessions. - %% - %% {subscription_ttl, 1800000}, - - %% Set the prefetch count (governing the maximum number of unacknowledged - %% messages that will be delivered). - %% - %% {prefetch, 10}, - - %% TLS listeners. - %% See http://www.rabbitmq.com/networking.html - %% - %% {tcp_listeners, [1883]}, - %% {ssl_listeners, []}, - - %% Number of Erlang processes that will accept connections for the TCP - %% and TLS listeners. - %% See http://www.rabbitmq.com/networking.html - %% - %% {num_tcp_acceptors, 10}, - %% {num_ssl_acceptors, 1}, - - %% TCP socket options. - %% See http://www.rabbitmq.com/networking.html - %% - %% {tcp_listen_options, [ - %% {backlog, 128}, - %% {linger, {true, 0}}, - %% {exit_on_close, false} - %% ]}, - ]}, - - %% ---------------------------------------------------------------------------- - %% RabbitMQ AMQP 1.0 Support - %% - %% Related doc guide: https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md - %% - %% ---------------------------------------------------------------------------- - - {rabbitmq_amqp1_0, - [%% Connections that are not authenticated with SASL will connect as this - %% account. See the README for more information. - %% - %% Please note that setting this will allow clients to connect without - %% authenticating! - %% - %% {default_user, "guest"}, - - %% Enable protocol strict mode. See the README for more information. - %% - %% {protocol_strict_mode, false} - ]}, - - %% ---------------------------------------------------------------------------- - %% RabbitMQ LDAP Plugin - %% - %% Related doc guide: http://www.rabbitmq.com/ldap.html. - %% - %% ---------------------------------------------------------------------------- - - {rabbitmq_auth_backend_ldap, - [%% - %% Connecting to the LDAP server(s) - %% ================================ - %% - - %% Specify servers to bind to. You *must* set this in order for the plugin - %% to work properly. - %% - %% {servers, ["your-server-name-goes-here"]}, - - %% Connect to the LDAP server using TLS - %% - %% {use_ssl, false}, - - %% Specify the LDAP port to connect to - %% - %% {port, 389}, - - %% LDAP connection timeout, in milliseconds or 'infinity' - %% - %% {timeout, infinity}, - - %% Enable logging of LDAP queries. - %% One of - %% - false (no logging is performed) - %% - true (verbose logging of the logic used by the plugin) - %% - network (as true, but additionally logs LDAP network traffic) - %% - %% Defaults to false. - %% - %% {log, false}, - - %% - %% Authentication - %% ============== - %% - - %% Pattern to convert the username given through AMQP to a DN before - %% binding - %% - %% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"}, - - %% Alternatively, you can convert a username to a Distinguished - %% Name via an LDAP lookup after binding. See the documentation for - %% full details. - - %% When converting a username to a dn via a lookup, set these to - %% the name of the attribute that represents the user name, and the - %% base DN for the lookup query. - %% - %% {dn_lookup_attribute, "userPrincipalName"}, - %% {dn_lookup_base, "DC=gopivotal,DC=com"}, - - %% Controls how to bind for authorisation queries and also to - %% retrieve the details of users logging in without presenting a - %% password (e.g., SASL EXTERNAL). - %% One of - %% - as_user (to bind as the authenticated user - requires a password) - %% - anon (to bind anonymously) - %% - {UserDN, Password} (to bind with a specified user name and password) - %% - %% Defaults to 'as_user'. - %% - %% {other_bind, as_user}, - - %% - %% Authorisation - %% ============= - %% - - %% The LDAP plugin can perform a variety of queries against your - %% LDAP server to determine questions of authorisation. See - %% http://www.rabbitmq.com/ldap.html#authorisation for more - %% information. - - %% Set the query to use when determining vhost access - %% - %% {vhost_access_query, {in_group, - %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, - - %% Set the query to use when determining resource (e.g., queue) access - %% - %% {resource_access_query, {constant, true}}, - - %% Set queries to determine which tags a user has - %% - %% {tag_queries, []} - ]} -].