diff options
| author | Daniil Fedotov <dfedotov@pivotal.io> | 2016-02-01 11:43:05 +0000 |
|---|---|---|
| committer | Daniil Fedotov <dfedotov@pivotal.io> | 2016-02-01 11:43:05 +0000 |
| commit | 423ab9d519503ecf8c670860da4f104a90a3285e (patch) | |
| tree | 5ad4c7c6cbeb34b9f45ce68df8b91e55c833d78d /rabbitmq.conf.d | |
| parent | 5687c5cd0afc864512dd7245a69f7c2fc895e377 (diff) | |
| download | rabbitmq-server-git-423ab9d519503ecf8c670860da4f104a90a3285e.tar.gz | |
Docs examples in conf file
Diffstat (limited to 'rabbitmq.conf.d')
| -rw-r--r-- | rabbitmq.conf.d/rabbitmq.conf | 1191 |
1 files changed, 551 insertions, 640 deletions
diff --git a/rabbitmq.conf.d/rabbitmq.conf b/rabbitmq.conf.d/rabbitmq.conf index 51109ad9c8..31b0cd4910 100644 --- a/rabbitmq.conf.d/rabbitmq.conf +++ b/rabbitmq.conf.d/rabbitmq.conf @@ -1,187 +1,161 @@ -# [ -# {rabbit, -# [## - ## Network Connectivity - ## ==================== - ## - ## By default, RabbitMQ will listen on all interfaces, using - ## the standard (reserved) AMQP port. - ## - ## {tcp_listeners, [5672]}, - ## To listen on a specific interface, provide a tuple of {IpAddress, Port}. - ## For example, to listen only on localhost for both IPv4 and IPv6: - ## - ## {tcp_listeners, [{"127.0.0.1", 5672}, - ## {"::1", 5672}]}, -# Define with port +# ====================================== +# RabbbitMQ broker section +# ====================================== + +## Network Connectivity +## ==================== +## +## By default, RabbitMQ will listen on all interfaces, using +## the standard (reserved) AMQP port. +## listener.tcp.default = 5672 -# Define with IP -# listener.tcp.local = 127.0.0.1:5672 -# Define for IPv6 +## To listen on a specific interface, provide an IP address with port. +## For example, to listen only on localhost for both IPv4 and IPv6: +## +# IPv4 +# listener.tcp.local = 127.0.0.1:5672 +# IPv6 # listener.tcp.local_v6 = ::1:5672 +## You can define multiple listeners using listener names +# listener.tcp.other_port = 5673 +# listener.tcp.other_ip = 10.10.10.10:5672 - ## SSL listeners are configured in the same fashion as TCP listeners, - ## including the option to control the choice of interface. - ## - ## {ssl_listeners, [5671]}, -# SSL listeners are same +## SSL listeners are configured in the same fashion as TCP listeners, +## including the option to control the choice of interface. +## listener.ssl.default = 5671 - - ## Number of Erlang processes that will accept connections for the TCP - ## and SSL listeners. - ## - ## {num_tcp_acceptors, 10}, - ## {num_ssl_acceptors, 1}, - +## Number of Erlang processes that will accept connections for the TCP +## and SSL listeners. +## num_acceptors.tcp = 10 num_acceptors.ssl = 1 - ## Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection - ## and SSL handshake), in milliseconds. - ## - ## {handshake_timeout, 10000}, - +## Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection +## and SSL handshake), in milliseconds. +## handshake_timeout = 10000 - ## Set to 'true' to perform reverse DNS lookups when accepting a - ## connection. Hostnames will then be shown instead of IP addresses - ## in rabbitmqctl and the management plugin. - ## - ## {reverse_dns_lookups, true}, +## Set to 'true' to perform reverse DNS lookups when accepting a +## connection. Hostnames will then be shown instead of IP addresses +## in rabbitmqctl and the management plugin. +## reverse_dns_lookups = true - # ## - # ## Security / AAA - # ## ============== - # ## - - # ## The default "guest" user is only permitted to access the server - # ## via a loopback interface (e.g. localhost). - # ## {loopback_users, [<<"guest">>]}, - # ## - # ## Uncomment the following line if you want to allow access to the - # ## guest user from anywhere on the network. - # ## {loopback_users, []}, +## +## Security / AAA +## ============== +## -# Duplicate 'guest', because cutterfish doesn't support collections +## The default "guest" user is only permitted to access the server +## via a loopback interface (e.g. localhost). +## {loopback_users, [<<"guest">>]}, +## +loopback_user.guest = true -loopback_user.guest = guest - - ## Configuring SSL. - ## See http://www.rabbitmq.com/ssl.html for full documentation. - ## - ## {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, - ## {certfile, "/path/to/server/cert.pem"}, - ## {keyfile, "/path/to/server/key.pem"}, - ## {verify, verify_peer}, - ## {fail_if_no_peer_cert, false}]}, +## Uncomment the following line if you want to allow access to the +## guest user from anywhere on the network. +loopback_user.guest = false +## Configuring SSL. +## See http://www.rabbitmq.com/ssl.html for full documentation. +## ssl_option.verify = verify_peer ssl_option.fail_if_no_peer_cert = false -ssl_option.cacertfile = /Users/daniilfedotov/keys/rabbitmq.crt -ssl_option.certfile = /Users/daniilfedotov/keys/rabbitmq.crt -ssl_option.keyfile = /Users/daniilfedotov/keys/rabbitmq.key - - ## Choose the available SASL mechanism(s) to expose. - ## The two default (built in) mechanisms are 'PLAIN' and - ## 'AMQPLAIN'. Additional mechanisms can be added via - ## plugins. - ## - ## See http://www.rabbitmq.com/authentication.html for more details. - ## - ## {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, - - ## Select an authentication database to use. RabbitMQ comes bundled - ## with a built-in auth-database, based on mnesia. - ## - ## {auth_backends, [rabbit_auth_backend_internal]}, - - ## Configurations supporting the rabbitmq_auth_mechanism_ssl and - ## rabbitmq_auth_backend_ldap plugins. - ## - ## NB: These options require that the relevant plugin is enabled. - ## See http://www.rabbitmq.com/plugins.html for further details. - - ## The RabbitMQ-auth-mechanism-ssl plugin makes it possible to - ## authenticate a user based on the client's SSL certificate. - ## - ## To use auth-mechanism-ssl, add to or replace the auth_mechanisms - ## list with the entry 'EXTERNAL'. - ## - ## {auth_mechanisms, ['EXTERNAL']}, - - ## The rabbitmq_auth_backend_ldap plugin allows the broker to - ## perform authentication and authorisation by deferring to an - ## external LDAP server. - ## - ## For more information about configuring the LDAP backend, see - ## http://www.rabbitmq.com/ldap.html. - ## - ## Enable the LDAP auth backend by adding to or replacing the - ## auth_backends entry: - ## - ## {auth_backends, [rabbit_auth_backend_ldap]}, - -auth_mechanism.external = EXTERNAL +# ssl_option.cacertfile = /path/to/rabbitmq.crt +# ssl_option.certfile = /path/to/rabbitmq.crt +# ssl_option.keyfile = /path/to/rabbitmq.key + +## Choose the available SASL mechanism(s) to expose. +## The two default (built in) mechanisms are 'PLAIN' and +## 'AMQPLAIN'. Additional mechanisms can be added via +## plugins. +## +## See http://www.rabbitmq.com/authentication.html for more details. +## +auth_mechanism.plain = PLAIN +auth_mechanism.amqplain = AMQPLAIN + +## Select an authentication database to use. RabbitMQ comes bundled +## with a built-in auth-database, based on mnesia. +## auth_backend.internal = rabbit_auth_backend_internal -# Add another backend +## Configurations supporting the rabbitmq_auth_mechanism_ssl and +## rabbitmq_auth_backend_ldap plugins. +## +## NB: These options require that the relevant plugin is enabled. +## See http://www.rabbitmq.com/plugins.html for further details. + + +## The RabbitMQ-auth-mechanism-ssl plugin makes it possible to +## authenticate a user based on the client's SSL certificate. +## +## To use auth-mechanism-ssl, add to or replace the auth_mechanisms +## with EXTERNAL value. +## +#auth_mechanism.external = EXTERNAL + +## The rabbitmq_auth_backend_ldap plugin allows the broker to +## perform authentication and authorisation by deferring to an +## external LDAP server. +## +## For more information about configuring the LDAP backend, see +## http://www.rabbitmq.com/ldap.html. +## +## Enable the LDAP auth backend by adding to or replacing the +## auth_backends entry: +## +# auth_backend.ldap = rabbit_auth_backend_ldap + +## Add another backend # auth_backend.http = rabbit_auth_backend_http - ## This pertains to both the rabbitmq_auth_mechanism_ssl plugin and - ## STOMP ssl_cert_login configurations. See the rabbitmq_stomp - ## configuration section later in this file and the README in - ## https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further - ## details. - ## - ## To use the SSL cert's CN instead of its DN as the username - ## - ## {ssl_cert_login_from, common_name}, - - ## SSL handshake timeout, in milliseconds. - ## - ## {ssl_handshake_timeout, 5000}, - -ssl_cert_login_from = common_name -ssl_handshake_timeout = 5000 - - - ## Password hashing implementation. Will only affect newly - ## created users. To recalculate hash for an existing user - ## it's necessary to update her password. - ## - ## When importing definitions exported from versions earlier - ## than 3.6.0, it is possible to go back to MD5 (only do this - ## as a temporary measure!) by setting this to rabbit_password_hashing_md5. - ## - ## To use SHA-512, set to rabbit_password_hashing_sha512. - ## - ## {password_hashing_module, rabbit_password_hashing_sha256}, +## This pertains to both the rabbitmq_auth_mechanism_ssl plugin and +## STOMP ssl_cert_login configurations. See the rabbitmq_stomp +## configuration section later in this file and the README in +## https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further +## details. +## +## To use the SSL cert's CN instead of its DN as the username +## +# ssl_cert_login_from = common_name -password_hashing_module = rabbit_password_hashing_sha256 +## SSL handshake timeout, in milliseconds. +## +# ssl_handshake_timeout = 5000 - ## - ## Default User / VHost - ## ==================== - ## - - ## On first start RabbitMQ will create a vhost and a user. These - ## config items control what gets created. See - ## http://www.rabbitmq.com/access-control.html for further - ## information about vhosts and access control. - ## - ## {default_vhost, <<"/">>}, - ## {default_user, <<"guest">>}, - ## {default_pass, <<"guest">>}, - ## {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, +## Password hashing implementation. Will only affect newly +## created users. To recalculate hash for an existing user +## it's necessary to update her password. +## +## To use SHA-512, set to rabbit_password_hashing_sha512. +## +password_hashing_module = rabbit_password_hashing_sha256 + +## When importing definitions exported from versions earlier +## than 3.6.0, it is possible to go back to MD5 (only do this +## as a temporary measure!) by setting this to rabbit_password_hashing_md5. +## +# password_hashing_module = rabbit_password_hashing_md5 + +## +## Default User / VHost +## ==================== +## + +## On first start RabbitMQ will create a vhost and a user. These +## config items control what gets created. See +## http://www.rabbitmq.com/access-control.html for further +## information about vhosts and access control. +## default_vhost = / default_user = guest default_pass = guest @@ -190,237 +164,197 @@ default_permissions.configure = .* default_permissions.read = .* default_permissions.write = .* - ## Tags for default user - ## - ## For more details about tags, see the documentation for the - ## Management Plugin at http://www.rabbitmq.com/management.html. - ## - ## {default_user_tags, [administrator]}, - +## Tags for default user +## +## For more details about tags, see the documentation for the +## Management Plugin at http://www.rabbitmq.com/management.html. +## default_user_tags.administrator = true - ## - ## Additional network and protocol related configuration - ## ===================================================== - ## +## Define other tags like this: +# default_user_tags.management = true +# default_user_tags.custom_tag = true - ## Set the default AMQP heartbeat delay (in seconds). - ## - ## {heartbeat, 600}, +## +## Additional network and protocol related configuration +## ===================================================== +## - ## Set the max permissible size of an AMQP frame (in bytes). - ## - ## {frame_max, 131072}, +## Set the default AMQP heartbeat delay (in seconds). +## +heartbeat = 600 - ## Set the max frame size the server will accept before connection - ## tuning occurs - ## - ## {initial_frame_max, 4096}, +## Set the max permissible size of an AMQP frame (in bytes). +## +frame_max = 131072 - ## Set the max permissible number of channels per connection. - ## 0 means "no limit". - ## - ## {channel_max, 128}, - -heartbeat = 600 -frame_max = 131072 +## Set the max frame size the server will accept before connection +## tuning occurs +## initial_frame_max = 4096 -channel_max = 128 - ## Customising Socket Options. - ## - ## See (http://www.erlang.org/doc/man/inet.html#setopts-2) for - ## further documentation. - ## - ## {tcp_listen_options, [{backlog, 128}, - ## {nodelay, true}, - ## {exit_on_close, false}]}, +## Set the max permissible number of channels per connection. +## 0 means "no limit". +## +channel_max = 128 + +## Customising Socket Options. +## +## See (http://www.erlang.org/doc/man/inet.html#setopts-2) for +## further documentation. +## tcp_listen_option.backlog = 128 tcp_listen_option.nodelay = true tcp_listen_option.exit_on_close = false - ## - ## Resource Limits & Flow Control - ## ============================== - ## - ## See http://www.rabbitmq.com/memory.html for full details. - - ## Memory-based Flow Control threshold. - ## - ## {vm_memory_high_watermark, 0.4}, - - ## Alternatively, we can set a limit (in bytes) of RAM used by the node. - ## - ## {vm_memory_high_watermark, {absolute, 1073741824}}, - ## - ## Or you can set absolute value using memory units (with RabbitMQ 3.6.0+). - ## - ## {vm_memory_high_watermark, {absolute, "1024M"}}, - ## - ## Supported units suffixes: - ## - ## k, kiB: kibibytes (2^10 bytes) - ## M, MiB: mebibytes (2^20) - ## G, GiB: gibibytes (2^30) - ## kB: kilobytes (10^3) - ## MB: megabytes (10^6) - ## GB: gigabytes (10^9) - -# Relative watermark +## +## Resource Limits & Flow Control +## ============================== +## +## See http://www.rabbitmq.com/memory.html for full details. + +## Memory-based Flow Control threshold. +## vm_memory_high_watermark.relative = 0.4 -# Or absolute watermark. -# Ignored if relative is defined! -# vm_memory_high_watermark.absolute = 1024M +## Alternatively, we can set a limit (in bytes) of RAM used by the node. +## +# vm_memory_high_watermark.absolute = 1073741824 - ## Fraction of the high watermark limit at which queues start to - ## page message out to disc in order to free up memory. - ## - ## Values greater than 0.9 can be dangerous and should be used carefully. - ## - ## {vm_memory_high_watermark_paging_ratio, 0.5}, +## Or you can set absolute value using memory units (with RabbitMQ 3.6.0+). +## Absolute watermark will be ignored if relative is defined! +## +# vm_memory_high_watermark.absolute = 2GB +## +## Supported units suffixes: +## +## kb, KB: kibibytes (2^10 bytes) +## mb, MB: mebibytes (2^20) +## gb, GB: gibibytes (2^30) -vm_memory_high_watermark_paging_ratio = 0.5 - ## Interval (in milliseconds) at which we perform the check of the memory - ## levels against the watermarks. - ## - ## {memory_monitor_interval, 2500}, +## Fraction of the high watermark limit at which queues start to +## page message out to disc in order to free up memory. +## +## Values greater than 0.9 can be dangerous and should be used carefully. +## +vm_memory_high_watermark_paging_ratio = 0.5 + +## Interval (in milliseconds) at which we perform the check of the memory +## levels against the watermarks. +## memory_monitor_interval = 2500 - ## Set disk free limit (in bytes). Once free disk space reaches this - ## lower bound, a disk alarm will be set - see the documentation - ## listed above for more details. - ## - ## {disk_free_limit, 50000000}, - ## - ## Or you can set it using memory units (same as in vm_memory_high_watermark) - ## with RabbitMQ 3.6.0+. - ## {disk_free_limit, "50MB"}, - ## {disk_free_limit, "50000kB"}, - ## {disk_free_limit, "2GB"}, - - ## Alternatively, we can set a limit relative to total available RAM. - ## - ## Values lower than 1.0 can be dangerous and should be used carefully. - ## {disk_free_limit, {mem_relative, 2.0}}, - -# Mem relative disk limit +## Set disk free limit (in bytes). Once free disk space reaches this +## lower bound, a disk alarm will be set - see the documentation +## listed above for more details. +## +## Absolute watermark will be ignored if relative is defined! +disk_free_limit.absolute = 50000 + +## Or you can set it using memory units (same as in vm_memory_high_watermark) +## with RabbitMQ 3.6.0+. +# disk_free_limit.absolute = 500KB +# disk_free_limit.absolute = 50mb +# disk_free_limit.absolute = 5GB + +## Alternatively, we can set a limit relative to total available RAM. +## +## Values lower than 1.0 can be dangerous and should be used carefully. disk_free_limit.relative = 2.0 -# Absolute disk limit -# Ignored if relative defined -disk_free_limit.absolute = 50MB - +## +## Clustering +## ===================== +## +cluster_partition_handling = ignore - ## - ## Clustering - ## ===================== - ## +## pause_if_all_down strategy require additional configuration +# cluster_partition_handling = pause_if_all_down - ## How to respond to cluster partitions. - ## See http://www.rabbitmq.com/partitions.html for further details. - ## - ## {cluster_partition_handling, ignore}, +## Recover strategy. Can be either 'autoheal' or 'ignore' +# cluster_partition_handling.pause_if_all_down.recover = ignore -cluster_partition_handling = ignore - - ## Mirror sync batch size, in messages. Increasing this will speed - ## up syncing but total batch size in bytes must not exceed 2 GiB. - ## Available in RabbitMQ 3.6.0 or later. - ## - ## {mirroring_sync_batch_size, 4096}, +## Node names to check +# cluster_partition_handling.pause_if_all_down.node.rabbit = rabbit@localhost +# cluster_partition_handling.pause_if_all_down.node.hare = hare@localhost +## Mirror sync batch size, in messages. Increasing this will speed +## up syncing but total batch size in bytes must not exceed 2 GiB. +## Available in RabbitMQ 3.6.0 or later. +## mirroring_sync_batch_size = 4096 - ## Make clustering happen *automatically* at startup - only applied - ## to nodes that have just been reset or started for the first time. - ## See http://www.rabbitmq.com/clustering.html#auto-config for - ## further details. - ## - ## {cluster_nodes, {['rabbit@my.host.com'], disc}}, - +## Make clustering happen *automatically* at startup - only applied +## to nodes that have just been reset or started for the first time. +## See http://www.rabbitmq.com/clustering.html#auto-config for +## further details. +## cluster_nodes.disc.rabbit = rabbit@my.host.com -# Can define multiple +## You can define multiple nodes # cluster_nodes.disc.hare = hare@my.host.com -# Ram nodes -# Should not be defined together with disk nodes +## There can be also ram nodes. +## Ram nodes should not be defined together with disk nodes # cluster_nodes.ram.rabbit = rabbit@my.host.com - ## Interval (in milliseconds) at which we send keepalive messages - ## to other cluster members. Note that this is not the same thing - ## as net_ticktime; missed keepalive messages will not cause nodes - ## to be considered down. - ## - ## {cluster_keepalive_interval, 10000}, - +## Interval (in milliseconds) at which we send keepalive messages +## to other cluster members. Note that this is not the same thing +## as net_ticktime; missed keepalive messages will not cause nodes +## to be considered down. +## cluster_keepalive_interval = 10000 - ## - ## Statistics Collection - ## ===================== - ## - - ## Set (internal) statistics collection granularity. - ## - ## {collect_statistics, none}, +## +## Statistics Collection +## ===================== +## -# Cna be none, coarse or fine +## Set (internal) statistics collection granularity. +## +## Can be none, coarse or fine collect_statistics = none - ## Statistics collection interval (in milliseconds). Increasing - ## this will reduce the load on management database. - ## - ## {collect_statistics_interval, 5000}, +# collect_statistics = coarse +## Statistics collection interval (in milliseconds). Increasing +## this will reduce the load on management database. +## collect_statistics_interval = 5000 - ## - ## Misc/Advanced Options - ## ===================== - ## - ## NB: Change these only if you understand what you are doing! - ## - - ## Explicitly enable/disable hipe compilation. - ## - ## {hipe_compile, true}, +## +## Misc/Advanced Options +## ===================== +## +## NB: Change these only if you understand what you are doing! +## +## Explicitly enable/disable hipe compilation. +## hipe_compile = false - ## Timeout used when waiting for Mnesia tables in a cluster to - ## become available. - ## - ## {mnesia_table_loading_timeout, 30000}, - +## Timeout used when waiting for Mnesia tables in a cluster to +## become available. +## mnesia_table_loading_timeout = 30000 - - ## Size in bytes below which to embed messages in the queue index. See - ## http://www.rabbitmq.com/persistence-conf.html - ## - ## {queue_index_embed_msgs_below, 4096} - +## Size in bytes below which to embed messages in the queue index. See +## http://www.rabbitmq.com/persistence-conf.html +## queue_index_embed_msgs_below = 4096 - # ]}, - - # ## ---------------------------------------------------------------------------- - # ## Advanced Erlang Networking/Clustering Options. - # ## - # ## See http://www.rabbitmq.com/clustering.html for details - # ## ---------------------------------------------------------------------------- - # {kernel, - # [## Sets the net_kernel tick time. - # ## Please see http://erlang.org/doc/man/kernel_app.html and - # ## http://www.rabbitmq.com/nettick.html for further details. - # ## - # ## {net_ticktime, 60} - # ]}, +## You can also set this size in memory units +## +queue_index_embed_msgs_below = 4kb + +## ---------------------------------------------------------------------------- +## Advanced Erlang Networking/Clustering Options. +## +## See http://www.rabbitmq.com/clustering.html for details +## ---------------------------------------------------------------------------- # ====================================== # Kernel section @@ -428,69 +362,49 @@ queue_index_embed_msgs_below = 4096 kernel.net_ticktime = 60 - # ## ---------------------------------------------------------------------------- - # ## RabbitMQ Management Plugin - # ## - # ## See http://www.rabbitmq.com/management.html for details - # ## ---------------------------------------------------------------------------- - - # {rabbitmq_management, - # [## Pre-Load schema definitions from the following JSON file. See - ## http://www.rabbitmq.com/management.html#load-definitions - ## - ## {load_definitions, "/path/to/schema.json"}, +## ---------------------------------------------------------------------------- +## RabbitMQ Management Plugin +## +## See http://www.rabbitmq.com/management.html for details +## ---------------------------------------------------------------------------- # ======================================= # Management section # ======================================= -#management.load_definitions = /path/to/schema.json +## Pre-Load schema definitions from the following JSON file. See +## http://www.rabbitmq.com/management.html#load-definitions +## +# management.load_definitions = /path/to/schema.json - ## Log all requests to the management HTTP API to a file. - ## - ## {http_log_dir, "/path/to/access.log"}, +## Log all requests to the management HTTP API to a file. +## +# management.http_log_dir = /path/to/access.log -#management.http_log_dir = /path/to/access.log +## Change the port on which the HTTP listener listens, +## specifying an interface for the web server to bind to. +## Also set the listener to use SSL and provide SSL options. +## - ## Change the port on which the HTTP listener listens, - ## specifying an interface for the web server to bind to. - ## Also set the listener to use SSL and provide SSL options. - ## - ## {listener, [{port, 12345}, - ## {ip, "127.0.0.1"}, - ## {ssl, true}, - ## {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, - ## {certfile, "/path/to/cert.pem"}, - ## {keyfile, "/path/to/key.pem"}]}]}, - - -# Maybe use IP type like in tcp_listener? +# QA: Maybe use IP type like in tcp_listener? management.listener.port = 12345 management.listener.ip = 127.0.0.1 management.listener.ssl = true -#management.listener.ssl_opts.cacertfile = /path/to/cacert.pem -#management.listener.ssl_opts.certfile = /path/to/cert.pem -#management.listener.ssl_opts.keyfile = /path/to/key.pem - - ## One of 'basic', 'detailed' or 'none'. See - ## http://www.rabbitmq.com/management.html#fine-stats for more details. - ## {rates_mode, basic}, +# management.listener.ssl_opts.cacertfile = /path/to/cacert.pem +# management.listener.ssl_opts.certfile = /path/to/cert.pem +# management.listener.ssl_opts.keyfile = /path/to/key.pem +## One of 'basic', 'detailed' or 'none'. See +## http://www.rabbitmq.com/management.html#fine-stats for more details. management.rates_mode = basic - ## Configure how long aggregated data (such as message rates and queue - ## lengths) is retained. Please read the plugin's documentation in - ## http://www.rabbitmq.com/management.html#configuration for more - ## details. - ## - ## {sample_retention_policies, - ## [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, - ## {basic, [{60, 5}, {3600, 60}]}, - ## {detailed, [{10, 5}]}]} -# ]}, - -# Some funny syntax +## Configure how long aggregated data (such as message rates and queue +## lengths) is retained. Please read the plugin's documentation in +## http://www.rabbitmq.com/management.html#configuration for more +## details. +## +# QA: Some funny syntax management.sample_retention_policies.global.60 = 5 management.sample_retention_policies.global.3600 = 60 management.sample_retention_policies.global.86400 = 1200 @@ -500,312 +414,309 @@ management.sample_retention_policies.basic.3600 = 60 management.sample_retention_policies.detailed.10 = 5 +## ---------------------------------------------------------------------------- +## RabbitMQ Shovel Plugin +## +## See http://www.rabbitmq.com/shovel.html for details +## ---------------------------------------------------------------------------- + +## Shovel plugin config example is defined in additional.config file -# Shovel is too complex for sysctl syntax. Should be defined in additinal.conf - -# ## ---------------------------------------------------------------------------- -# ## RabbitMQ Shovel Plugin -# ## -# ## See http://www.rabbitmq.com/shovel.html for details -# ## ---------------------------------------------------------------------------- - -# {rabbitmq_shovel, -# [{shovels, -# [## A named shovel worker. -# ## {my_first_shovel, -# ## [ - -# ## List the source broker(s) from which to consume. -# ## -# ## {sources, -# ## [## URI(s) and pre-declarations for all source broker(s). -# ## {brokers, ["amqp://user:password@host.domain/my_vhost"]}, -# ## {declarations, []} -# ## ]}, - -# ## List the destination broker(s) to publish to. -# ## {destinations, -# ## [## A singular version of the 'brokers' element. -# ## {broker, "amqp://"}, -# ## {declarations, []} -# ## ]}, - -# ## Name of the queue to shovel messages from. -# ## -# ## {queue, <<"your-queue-name-goes-here">>}, - -# ## Optional prefetch count. -# ## -# ## {prefetch_count, 10}, - -# ## when to acknowledge messages: -# ## - no_ack: never (auto) -# ## - on_publish: after each message is republished -# ## - on_confirm: when the destination broker confirms receipt -# ## -# ## {ack_mode, on_confirm}, - -# ## Overwrite fields of the outbound basic.publish. -# ## -# ## {publish_fields, [{exchange, <<"my_exchange">>}, -# ## {routing_key, <<"from_shovel">>}]}, - -# ## Static list of basic.properties to set on re-publication. -# ## -# ## {publish_properties, [{delivery_mode, 2}]}, - -# ## The number of seconds to wait before attempting to -# ## reconnect in the event of a connection failure. -# ## -# ## {reconnect_delay, 2.5} - -# ## ]} ## End of my_first_shovel -# ]} -# ## Rather than specifying some values per-shovel, you can specify -# ## them for all shovels here. -# ## -# ## {defaults, [{prefetch_count, 0}, -# ## {ack_mode, on_confirm}, -# ## {publish_fields, []}, -# ## {publish_properties, [{delivery_mode, 2}]}, -# ## {reconnect_delay, 2.5}]} -# ]}, -# ## ---------------------------------------------------------------------------- -# ## RabbitMQ Stomp Adapter -# ## -# ## See http://www.rabbitmq.com/stomp.html for details -# ## ---------------------------------------------------------------------------- +## ---------------------------------------------------------------------------- +## RabbitMQ Stomp Adapter +## +## See http://www.rabbitmq.com/stomp.html for details +## ---------------------------------------------------------------------------- # ======================================= # STOMP section # ======================================= -# {rabbitmq_stomp, -# [## Network Configuration - the format is generally the same as for the broker - -# ## Listen only on localhost (ipv4 & ipv6) on a specific port. -# ## {tcp_listeners, [{"127.0.0.1", 61613}, -# ## {"::1", 61613}]}, - -# Same as tcp_listener +## Network Configuration - the format is generally the same as for the broker +## stomp.listener.tcp.default = 61613 +## Same for ssl listeners +## stomp.listener.ssl.default = 61614 -# ## Number of Erlang processes that will accept connections for the TCP -# ## and SSL listeners. -# ## -# ## {num_tcp_acceptors, 10}, -# ## {num_ssl_acceptors, 1}, - +## Number of Erlang processes that will accept connections for the TCP +## and SSL listeners. +## stomp.num_acceptors.tcp = 10 stomp.num_acceptors.ssl = 1 -# ## Additional SSL options - -# ## Extract a name from the client's certificate when using SSL. -# ## -# ## {ssl_cert_login, true}, +## Additional SSL options +## Extract a name from the client's certificate when using SSL. +## stomp.ssl_cert_login = true -# ## Set a default user name and password. This is used as the default login -# ## whenever a CONNECT frame omits the login and passcode headers. -# ## -# ## Please note that setting this will allow clients to connect without -# ## authenticating! -# ## -# ## {default_user, [{login, "guest"}, -# ## {passcode, "guest"}]}, - -# Same syntax as AMQP -stomp.default_user = guest -stomp.default_pass = guest - -# ## If a default user is configured, or you have configured use SSL client -# ## certificate based authentication, you can choose to allow clients to -# ## omit the CONNECT frame entirely. If set to true, the client is -# ## automatically connected as the default user or user supplied in the -# ## SSL certificate whenever the first frame sent on a session is not a -# ## CONNECT frame. -# ## -# ## {implicit_connect, true} -# ]}, - +## Set a default user name and password. This is used as the default login +## whenever a CONNECT frame omits the login and passcode headers. +## +## Please note that setting this will allow clients to connect without +## authenticating! +## +# stomp.default_user = guest +# stomp.default_pass = guest + +## If a default user is configured, or you have configured use SSL client +## certificate based authentication, you can choose to allow clients to +## omit the CONNECT frame entirely. If set to true, the client is +## automatically connected as the default user or user supplied in the +## SSL certificate whenever the first frame sent on a session is not a +## CONNECT frame. +## stomp.implicit_connect = true -# ## ---------------------------------------------------------------------------- -# ## RabbitMQ MQTT Adapter -# ## -# ## See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md -# ## for details -# ## ---------------------------------------------------------------------------- +## ---------------------------------------------------------------------------- +## RabbitMQ MQTT Adapter +## +## See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md +## for details +## ---------------------------------------------------------------------------- # ======================================= # MQTT section # ======================================= -# {rabbitmq_mqtt, -# [## Set the default user name and password. Will be used as the default login -# ## if a connecting client provides no other login details. -# ## -# ## Please note that setting this will allow clients to connect without -# ## authenticating! -# ## -# ## {default_user, <<"guest">>}, -# ## {default_pass, <<"guest">>}, - -mqtt.default_user = guest -mqtt.default_pass = guest - -# ## Enable anonymous access. If this is set to false, clients MUST provide -# ## login information in order to connect. See the default_user/default_pass -# ## configuration elements for managing logins without authentication. -# ## -# ## {allow_anonymous, true}, - +## Set the default user name and password. Will be used as the default login +## if a connecting client provides no other login details. +## +## Please note that setting this will allow clients to connect without +## authenticating! +## +# mqtt.default_user = guest +# mqtt.default_pass = guest + +## Enable anonymous access. If this is set to false, clients MUST provide +## login information in order to connect. See the default_user/default_pass +## configuration elements for managing logins without authentication. +## mqtt.allow_anonymous = true -# ## If you have multiple chosts, specify the one to which the -# ## adapter connects. -# ## -# ## {vhost, <<"/">>}, - +## If you have multiple chosts, specify the one to which the +## adapter connects. +## mqtt.vhost = / -# ## Specify the exchange to which messages from MQTT clients are published. -# ## -# ## {exchange, <<"amq.topic">>}, - +## Specify the exchange to which messages from MQTT clients are published. +## mqtt.exchange = amq.topic -# ## Specify TTL (time to live) to control the lifetime of non-clean sessions. -# ## -# ## {subscription_ttl, 1800000}, +## Specify TTL (time to live) to control the lifetime of non-clean sessions. +## mqtt.subscription_ttl = 1800000 -# ## Set the prefetch count (governing the maximum number of unacknowledged -# ## messages that will be delivered). -# ## -# ## {prefetch, 10}, +## Set the prefetch count (governing the maximum number of unacknowledged +## messages that will be delivered). +## mqtt.prefetch = 10 -# ## TCP/SSL Configuration (as per the broker configuration). -# ## -# ## {tcp_listeners, [1883]}, -# ## {ssl_listeners, []}, - -# Same as amqp tcp_listener +## TCP/SSL Configuration (as per the broker configuration). +## mqtt.listener.tcp.default = 1883 -# Same as amqp ssl_listener +## Same for ssl listener +## mqtt.listener.ssl.default = 1884 -# ## Number of Erlang processes that will accept connections for the TCP -# ## and SSL listeners. -# ## -# ## {num_tcp_acceptors, 10}, -# ## {num_ssl_acceptors, 1}, - +## Number of Erlang processes that will accept connections for the TCP +## and SSL listeners. +## mqtt.num_acceptors.tcp = 10 mqtt.num_acceptors.ssl = 1 -# ## TCP/Socket options (as per the broker configuration). -# ## -# ## {tcp_listen_options, [{backlog, 128}, -# ## {nodelay, true}]} -# ]}, - -mqtt.tcp_listen_option.backlog = 128 -mqtt.tcp_listen_option.nodelay = true +## TCP/Socket options (as per the broker configuration). +## +# mqtt.tcp_listen_option.backlog = 128 +# mqtt.tcp_listen_option.nodelay = true -# ## ---------------------------------------------------------------------------- -# ## RabbitMQ AMQP 1.0 Support -# ## -# ## See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md -# ## for details -# ## ---------------------------------------------------------------------------- +## ---------------------------------------------------------------------------- +## RabbitMQ AMQP 1.0 Support +## +## See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md +## for details +## ---------------------------------------------------------------------------- # ======================================= # AMQP_1 section # ======================================= -# {rabbitmq_amqp1_0, -# [## Connections that are not authenticated with SASL will connect as this -# ## account. See the README for more information. -# ## -# ## Please note that setting this will allow clients to connect without -# ## authenticating! -# ## -# ## {default_user, "guest"}, - +## Connections that are not authenticated with SASL will connect as this +## account. See the README for more information. +## +## Please note that setting this will allow clients to connect without +## authenticating! +## amqp1.default_user = guest -# ## Enable protocol strict mode. See the README for more information. -# ## -# ## {protocol_strict_mode, false} -# ]}, - +## Enable protocol strict mode. See the README for more information. +## amqp1.protocol_strict_mode = false -# ## Lager controls logging. -# ## See https://github.com/basho/lager for more documentation -# {lager, [ -# ## -# ## Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default. -# ## {log_root, "/var/log/rabbitmq"}, -# ## -# ## All log messages go to the default "sink" configured with -# ## the `handlers` parameter. By default, it has a single -# ## lager_file_backend handler writing messages to "$nodename.log" -# ## (ie. the value of $RABBIT_LOGS). -# ## {handlers, [ -# ## {lager_file_backend, [{file, "rabbit.log"}, -# ## {level, info}, -# ## {date, ""}, -# ## {size, 0}]} -# ## ]}, -# ## -# ## Extra sinks are used in RabbitMQ to categorize messages. By -# ## default, those extra sinks are configured to forward messages -# ## to the default sink (see above). "rabbit_log_lager_event" -# ## is the default category where all RabbitMQ messages without -# ## a category go. Messages in the "channel" category go to the -# ## "rabbit_channel_lager_event" Lager extra sink, and so on. -# ## {extra_sinks, [ -# ## {rabbit_log_lager_event, [{handlers, [ -# ## {lager_forwarder_backend, -# ## [lager_event, info]}]}]}, -# ## {rabbit_channel_lager_event, [{handlers, [ -# ## {lager_forwarder_backend, -# ## [lager_event, info]}]}]}, -# ## {rabbit_conection_lager_event, [{handlers, [ -# ## {lager_forwarder_backend, -# ## [lager_event, info]}]}]}, -# ## {rabbit_mirroring_lager_event, [{handlers, [ -# ## {lager_forwarder_backend, -# ## [lager_event, info]}]}]} -# ## ]} -# ]} -# ]. - -#log.dir = /var/log/rabbitmq - -log.console = false -log.console.level = info - -log.file = rabbit.log -log.file.level = info - -# DO NOT SET rotation date to ''. Leave unset if require "" value -#log.file.rotation.date = -log.file.rotation.size = 0 - - -# Possible: -log.syslog = false -log.syslog.identity = rabbitmq -log.syslog.level = info -log.syslog.facility = daemon +## Lager controls logging. +## See https://github.com/basho/lager for more documentation +## +## Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default. +## +# log.dir = /var/log/rabbitmq + +## Logging to console (can be true or false) +## +# log.console = false + +## Loglevel to log to console +## +# log.console.level = info + +## Logging to file. Can be false or filename. +## Default: +# log.file = rabbit.log + +## To turn off: +# log.file = false + +## Loglevel to log to file +## +# log.file.level = info + +## File rotation config. No rotation by defualt. +## DO NOT SET rotation date to ''. Leave unset if require "" value +# log.file.rotation.date = $D0 +# log.file.rotation.size = 0 + + +## QA: Config for syslog logging +# log.syslog = false +# log.syslog.identity = rabbitmq +# log.syslog.level = info +# log.syslog.facility = daemon + + +## ---------------------------------------------------------------------------- +## RabbitMQ LDAP Plugin +## +## See http://www.rabbitmq.com/ldap.html for details. +## +## ---------------------------------------------------------------------------- + +# ======================================= +# LDAP section +# ======================================= + +## +## Connecting to the LDAP server(s) +## ================================ +## + +## Specify servers to bind to. You *must* set this in order for the plugin +## to work properly. +## +# ldap.servers.myserver = your-server-name-goes-here + +## You can define multiple servers +# ldap.servers.other_server = your-other-server + +## Connect to the LDAP server using SSL +## +# ldap.use_ssl = false + +## Specify the LDAP port to connect to +## +# ldap.port = 389 + +## LDAP connection timeout, in milliseconds or 'infinity' +## +# ldap.timeout = infinity + +## Or number +# ldap.timeout = 500 + +## Enable logging of LDAP queries. +## One of +## - false (no logging is performed) +## - true (verbose logging of the logic used by the plugin) +## - network (as true, but additionally logs LDAP network traffic) +## +## Defaults to false. +## +ldap.log = false + +## Also can be true or network +# ldap.log = true +# ldap.log = network + +## +## Authentication +## ============== +## + +## Pattern to convert the username given through AMQP to a DN before +## binding +## +ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com + +## Alternatively, you can convert a username to a Distinguished +## Name via an LDAP lookup after binding. See the documentation for +## full details. + +## When converting a username to a dn via a lookup, set these to +## the name of the attribute that represents the user name, and the +## base DN for the lookup query. +## +ldap.dn_lookup_attribute = userPrincipalName +ldap.dn_lookup_base = DC=gopivotal,DC=com + +## Controls how to bind for authorisation queries and also to +## retrieve the details of users logging in without presenting a +## password (e.g., SASL EXTERNAL). +## One of +## - as_user (to bind as the authenticated user - requires a password) +## - anon (to bind anonymously) +## - {UserDN, Password} (to bind with a specified user name and password) +## +## Defaults to 'as_user'. +## +ldap.other_bind = as_user + +## Or can be more complex: +# ldap.other_bind.user_dn = User +# ldap.other_bind.password = Password + +## If user_dn and password defined - other options is ignored. + +# ----------------------------- +# Too complex section of LDAP +# ----------------------------- + +## +## Authorisation +## ============= +## + +## The LDAP plugin can perform a variety of queries against your +## LDAP server to determine questions of authorisation. See +## http://www.rabbitmq.com/ldap.html#authorisation for more +## information. + +## Following configuration should be defined in additional.config file +## DO NOT UNCOMMENT THIS LINES! + +## Set the query to use when determining vhost access +## +## {vhost_access_query, {in_group, +## "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, + +## Set the query to use when determining resource (e.g., queue) access +## +## {resource_access_query, {constant, true}}, + +## Set queries to determine which tags a user has +## +## {tag_queries, []} +# ]}, +# ----------------------------- |