100 lines
3.0 KiB
Plaintext
100 lines
3.0 KiB
Plaintext
## NOTE:
|
||
## This config file overrides data/configs/cluster.hocon,
|
||
## and is merged with environment variables which start with 'EMQX_' prefix.
|
||
##
|
||
## Config changes made from EMQX dashboard UI, management HTTP API, or CLI
|
||
## are stored in data/configs/cluster.hocon.
|
||
## To avoid confusion, please do not store the same configs in both files.
|
||
##
|
||
## See https://www.emqx.io/docs/en/latest/configuration/configuration.html for more details.
|
||
## Configuration full example can be found in etc/examples
|
||
|
||
node {
|
||
name = "emqx@127.0.0.1"
|
||
cookie = "emqxsecretcookie"
|
||
data_dir = "data"
|
||
}
|
||
|
||
cluster {
|
||
name = emqxcl
|
||
discovery_strategy = manual
|
||
}
|
||
|
||
## EMQX provides support for two primary log handlers: `file` and `console`, with an additional `audit` handler specifically designed to always direct logs to files.
|
||
## The system's default log handling behavior can be configured via the environment variable `EMQX_DEFAULT_LOG_HANDLER`, which accepts the following settings:
|
||
##
|
||
## - `file`: Directs log output exclusively to files.
|
||
## - `console`: Channels log output solely to the console.
|
||
##
|
||
## It's noteworthy that `EMQX_DEFAULT_LOG_HANDLER` is set to `file` when EMQX is initiated via systemd `emqx.service` file.
|
||
## In scenarios outside systemd initiation, `console` serves as the default log handler.
|
||
|
||
## Read more about configs here: https://www.emqx.io/docs/en/latest/configuration/logs.html
|
||
|
||
log {
|
||
# file {
|
||
# level = warning
|
||
# }
|
||
# console {
|
||
# level = warning
|
||
# }
|
||
}
|
||
dashboard {
|
||
listeners {
|
||
http {
|
||
## Comment out 'bind' (or set bind=0) to disable listener.
|
||
bind = 18083
|
||
}
|
||
https {
|
||
## Uncomment to enable
|
||
# bind = 18084
|
||
ssl_options {
|
||
certfile = "${EMQX_ETC_DIR}/certs/cert.pem"
|
||
keyfile = "${EMQX_ETC_DIR}/certs/key.pem"
|
||
}
|
||
}
|
||
}
|
||
}
|
||
|
||
# 必须禁止匿名访问,是开启认证的必备步骤
|
||
allow_anonymous = false
|
||
|
||
# 启用http协议的认证方式
|
||
authentication = [
|
||
{
|
||
# 后端类型:http 服务
|
||
backend = "http"
|
||
enable = true
|
||
mechanism = "password_based"
|
||
|
||
# ----- 请求配置 -----
|
||
# 请求方法:POST 或 GET(推荐 POST,更安全)
|
||
method = "post"
|
||
# 你的认证服务 URL(请替换为实际地址)
|
||
url = "http://dj-multictrl-api:8080/api/mqtt/auth"
|
||
|
||
# 请求头
|
||
headers {
|
||
"Content-Type" = "application/json"
|
||
"Accept" = "application/json"
|
||
}
|
||
|
||
# 请求体模板(支持占位符)
|
||
body {
|
||
username = "${username}"
|
||
password = "${password}"
|
||
}
|
||
|
||
# ----- 性能与超时 -----
|
||
request_timeout = "5s" # HTTP 请求超时时间
|
||
pool_size = 8 # 连接池大小
|
||
|
||
# ----- 认证结果判断 -----
|
||
# 服务端需返回 JSON 格式,包含 result 字段:
|
||
# {"result": "allow"} → 允许连接
|
||
# {"result": "deny"} → 拒绝连接
|
||
# {"result": "ignore"} → 忽略,继续后续认证链
|
||
# 如果返回 HTTP 4xx/5xx 状态码,视为 ignore
|
||
}
|
||
]
|