# Configuration

# Introduction

The configuration files of NanoMQ Broker usually have the suffix .conf. You can find these configuration files in the etc directory.

FileDescription
etc/nanomq.confNanoMQ Configuration File
etc/nanomq_gateway.confNanoMQ Gateway File (for nanomq_cli)

# Parameter Description

# nanomq.conf

# basic configuration

NameTypeDescription
urlStringUrl of listener.
num_taskq_threadIntegerNumber of taskq threads used.
max_taskq_threadIntegerMaximum number of taskq threads used.
parallelLongNumber of parallel.
property_sizeIntegerMax size for a MQTT property.
msq_lenIntegerQueue length for resending messages.
qos_durationIntegerThe interval of the qos timer.
allow_anonymousBooleanAllow anonymous login.
tls.enableBooleanEnable TLS listener(default: false).
tls.urlStringURL of TLS listener.
tls.keyStringUser's private PEM-encoded key.
tls.keypassStringString containing the user's password. Only used if the private keyfile is password-protected.
tls.certStringUser certificate data.
tls.cacertStringUser's PEM-encoded CA certificates.
tls.verify_peerBooleanVerify peer certificate.
tls.fail_if_no_peer_certBooleanServer will fail if the client does not have a certificate to send.
websocket.enableBooleanEnable websocket listener(default: true).
websocket.urlStringURL of websocket listener.
websocket.tls_urlStringURL of TLS over websocket listerner.
http_server.enableBooleanEnable http server listerner (default: false).
http_server.portIntegerPort of http server.
http_server.usernameStringUser name of http server.
http_server.passwordStringPassword of http server.
http_server.auth_typeEnumHttp server authentication type (default: basic).
http_server.jwt.public.keyfileStringpublic key file for JWT.
http_server.jwt.private.keyfileStringprivate key file for JWT.
log.toArray[Enum]Array of log types,( Use commas , to separate multiple types )
Log types: file, console, syslog
log.levelEnumLog level:trace, debug, info, warn, error, fatal
log.dirStringThe dir for log files. (if log to file)
log.fileStringThe log filename. (if log to file)
log.rotation.sizeIntegerMaximum size of each log file;
Supported Unit: KB | MB | GB;
Default: 10MB
log.rotation.countIntegerMaximum rotation count of log files;
Default: 5

# MQTT bridge configuration

NameTypeDescription
bridge.mqtt.bridge_modeBooleanEnter MQTT bridge mode (default false ).
bridge.mqtt.addressStringRemote Broker address.
bridge.mqtt.proto_verStringMQTT client version(3|4|5).
bridge.mqtt.clientidStringMQTT client identifier.
bridge.mqtt.keepaliveIntegerInterval of keepalive.
bridge.mqtt.clean_startBooleanClean seeson.
bridge.mqtt.parallelLongParallel of mqtt client.
bridge.mqtt.usernameStringLogin user name.
bridge.mqtt.passwordStringLogin password.
bridge.mqtt.forwardsArray[String]Array of forward topics.( Use commas , to separate multiple topics )
bridge.mqtt.subscription.1.topicStringFirst Topic.
bridge.mqtt.subscription.1.qosIntegerFirst Qos.
bridge.mqtt.subscription.2.topicStringSecondTopic ( And so on ).
bridge.mqtt.subscription.2.qosIntegerSecondQos( And so on ).

# AWS IoT Core bridge configuration

NameTypeDescription
aws.bridge.mqtt.bridge_modeBooleanEnter MQTT bridge mode (default false ).
aws.bridge.mqtt.hostStringaws endpoint.
aws.bridge.mqtt.portIntegeraws MQTT port.
aws.bridge.mqtt.clientidStringMQTT client identifier.
aws.bridge.mqtt.keepaliveIntegerInterval of keepalive.
aws.bridge.mqtt.clean_startBooleanClean seeson.
aws.bridge.mqtt.parallelLongParallel of mqtt client.
aws.bridge.mqtt.usernameStringLogin user name.
aws.bridge.mqtt.passwordStringLogin password.
aws.bridge.mqtt.forwardsArray[String]Array of forward topics.( Use commas , to separate multiple topics )
aws.bridge.mqtt.subscription.1.topicStringFirst Topic.
aws.bridge.mqtt.subscription.1.qosIntegerFirst Qos.
aws.bridge.mqtt.subscription.2.topicStringSecondTopic ( And so on ).
aws.bridge.mqtt.subscription.2.qosIntegerSecondQos( And so on ).

# Authorization configuration

NameTypeDescription
auth.1.loginStringFirst Username.
auth.1.passwordStringFirst Password.
auth.2.loginStringSecond Username ( And so on ).
auth.2.passwordStringSecond Password ( And so on ).
...
auth.{INDEX}.loginString
auth.{INDEX}.passwordString

# WebHook configuration

NameTypeDescription
web.hook.enableBooleanEnable WebHook (default: false)
web.hook.urlStringWebhook URL
web.hook.headers.<Any>StringHTTP Headers
Example:
1. web.hook.headers.content-type=application/json
2. web.hook.headers.accept=*
web.hook.body.encoding_of_payload_fieldEnumThe encoding format of the payload field in the HTTP body
Options:
plain | base64 | base62
web.hook.ssl.cacertfileStringPEM format file of CA's.
web.hook.ssl.certfileStringCertificate file to use, PEM format assumed.
web.hook.ssl.keyfileStringPrivate key file to use, PEM format assumed.
web.hook.ssl.verifyBooleanTurn on peer certificate verification (default: false).
web.hook.ssl.server_name_indicationBooleanVerify server_name (default: false).
web.hook.pool_sizeIntegerConnection process pool size (default: 32).
web.hook.rule.client.connack.<No>StringExample:
web.hook.rule.client.connack.1={"action": "on_client_connack"}
web.hook.rule.client.disconnected.<No>StringExample:
web.hook.rule.client.disconnected.1={"action": "on_client_disconnected"}
web.hook.rule.message.publish.<No>StringExample:
web.hook.rule.message.publish.1={"action": "on_message_publish"}
web.hook.rule.message.publish.1={"action": "on_message_publish", "topic": "topic/1/2"}
web.hook.rule.message.publish.2 = {"action": "on_message_publish", "topic": "foo/#"}

# Http authorication configuration

NameTypeDescriptiondefault
auth.http.enableBooleanEnable HTTP authenticationfalse
auth.http.auth_req.urlStringSpecify the target URL of the authentication request.http://127.0.0.1:80/mqtt/auth
auth.http.auth_req.methodEnumSpecify the request method of the authentication request.
(POST , GET)
POST
auth.http.auth_req.headers.<Any>StringSpecify the data in the HTTP request header. <Key> Specify the field name in the HTTP request header, and the value of this configuration item is the corresponding field value. <Key> can be the standard HTTP request header field. User can also customize the field to configure multiple different request header fields.auth.http.auth_req.headers.content-type = application/x-www-form-urlencoded
auth.http.auth_req.headers.accept = */*
auth.http.auth_req.paramsStringSpecify the data carried in the authentication request.
When using the GET method, the value of auth.http.auth_req.params will be converted into k=v key-value pairs separated by & and sent as query string parameters.
When using the POST method, the value of auth.http.auth_req.params will be converted into k=v key-value pairs separated by & and sent in the form of Request Body. All placeholders will be replaced by run-time data , and the available placeholders are as follows:
%u: Username
%c: MQTT Client ID
%a: Client's network IP address
%r: The protocol used by the client can be:mqtt, mqtt-sn, coap, lwm2m and stomp
%P: Password
%p: Server port for client connection
%C: Common Name in client certificate
%d: Subject in client certificate
clientid=%c,username=%u,password=%P
auth.http.super_req.urlStringSpecify the target URL for the superuser authentication request.http://127.0.0.1:80/mqtt/superuser
auth.http.super_req.methodStringSpecifies the request method of the super user authentication request.
(POST , GET)
POST
auth.http.super_req.headers.<Any>StringSpecify the data in the HTTP request header. <Key> Specify the field name in the HTTP request header, and the value of this configuration item is the corresponding field value. <Key> can be the standard HTTP request header field. User can also customize the field to configure multiple different request header fields.auth.http.super_req.headers.content-type = application/x-www-form-urlencoded
auth.http.super_req.headers.accept = */*
auth.http.super_req.paramsStringSpecify the data carried in the authentication request.
When using the GET method, the value of auth.http.auth_req.params will be converted into k=v key-value pairs separated by & and sent as query string parameters.
When using the POST method, the value of auth.http.auth_req.params will be converted into k=v key-value pairs separated by & and sent in the form of Request Body. All placeholders will be replaced by run-time data , and the available placeholders are the same as those of auth.http.auth_req.params.
clientid=%c,username=%u
auth.http.acl_req.urlStringSpecify the target URL for ACL verification requests.http://127.0.0.1:8991/mqtt/acl
auth.http.acl_req.methodStringSpecifies the request method for ACL verification requests.
(POST , GET)
POST
auth.http.acl_req.headers.<Any>StringSpecify the data in the HTTP request header. <Key> Specify the field name in the HTTP request header, and the value of this configuration item is the corresponding field value. <Key> can be the standard HTTP request header field. User can also customize the field to configure multiple different request header fields.auth.http.super_req.headers.content-type = application/x-www-form-urlencoded
auth.http.super_req.headers.accept = */*
auth.http.acl_req.paramsStringSpecify the data carried in the authentication request.
When using the GET method, the value of auth.http.auth_req.params will be converted into k=v key-value pairs separated by & and sent as query string parameters.
When using the POST method, the value of auth.http.auth_req.params will be converted into k=v key-value pairs separated by & and sent in the form of Request Body. All placeholders will be replaced by run-time data , and the available placeholders are as follows:
%A: Permission to be verified, 1 means subscription, 2 means publish
%u: UserName
%c: MQTT Client ID
%a: Client network IP address
%r: The protocol used by the client can be: mqtt, mqtt-sn, coap, lwm2m and stomp
%m: Mount point
%t: Topic
access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m
auth.http.timeoutIntegerHTTP request timeout. Any setting equivalent to 0s means never timeout.5s
auth.http.connect_timeoutIntegerConnection timeout for HTTP requests. Any setting value equivalent to 0s means never time out.5s
auth.http.ssl.cacertfileStringCA certificate file path.etc/certs/ca.pem
auth.http.ssl.certfileStringClient certificate file path.etc/certs/client-cert.pem
auth.http.ssl.keyfileStringClient private key file path.etc/certs/client.key.pem

# Rule engine configuration

NameTypeDescription
rule_optionEnumRule engine option, when persistence with rule engine, this option is must be ON.
rule_option.sqliteEnumRule engine plugins option (enable/disable)
rule_option.sqlite.conf.pathStringRule engine option sqlite config path
rule_option.repubEnumRule engine plugins option (enable/disable)
rule_option.repub.conf.pathStringRule engine option repub config path
rule_option.mysqlEnumRule engine plugins option (enable/disable)
rule_option.mysql.conf.pathStringRule engine option mysql config path

# Rule configuration for sqlite

NameTypeDescription
rule.sqlite.pathStringRule engine option SQLite3 database path, default is /tmp/rule_engine.db
rule.sqlite.%d.tableStringRule engine option SQLite3 database table name, '%d' is a placeholder
rule.event.publish.%d.sqlStringRule engine sql clause, '%d' is a placeholder

# Rule configuration for mysql

NameTypeDescription
rule.sqlite.pathStringRule engine option mysql database name, default is mysql_rule_db
rule.mysql.%d.tableStringRule engine option mysql database table name, '%d' is a placeholder
rule.mysql.%d.hostStringRule engine option mysql database host, '%d' is a placeholder
rule.mysql.%d.usernameStringRule engine option mysql database username, '%d' is a placeholder
rule.mysql.%d.passwordStringRule engine option mysql database password, '%d' is a placeholder
rule.event.publish.%d.sqlStringRule engine sql clause, '%d' is a placeholder

# Rule configuration for repub

NameTypeDescription
rule.repub.%d.addressStringRule engine option repub address (mqtt-tcp://host:port), '%d' is a placeholder
rule.repub.%d.topicStringRule engine option repub topic, '%d' is a placeholder
rule.repub.%d.usernameStringRule engine option repub username, '%d' is a placeholder
rule.repub.%d.passwordStringRule engine option repub password, '%d' is a placeholder
rule.repub.%d.proto_verIntegerRule engine option repub protocol version, default is 4, '%d' is a placeholder
rule.repub.%d.clientidStringRule engine option repub clientid, '%d' is a placeholder
rule.repub.%d.keepaliveIntegerRule engine option repub keepalive, default is 60, '%d' is a placeholder
rule.repub.%d.clean_startBooleanRule engine option repub clean_start flag, default is true '%d' is a placeholder
rule.event.publish.%d.sqlStringRule engine sql clause, '%d' is a placeholder

# nanomq_gateway.conf

NameTypeDescription
gateway.addressStringRemote Broker address.
gateway.proto_verStringMQTT client version(3|4|5).
gateway.clientidStringMQTT client identifier.
gateway.keepaliveIntegerInterval of keepalive.
gateway.clean_startBooleanClean seeson.
gateway.parallelLongParallel of mqtt client.
gateway.usernameStringLogin user name.
gateway.passwordStringLogin password.
gateway.forwardStringForward topic.
gateway.mqtt.subscription.topicStringMqtt subscribe topic.
gateway.mqtt.subscription.qosIntegerMqtt subscribe qos.
gateway.zmq.sub.addressStringRemote ZMQ server subscribe address.
gateway.zmq.pub.addressStringRemote ZMQ server publish address.
gateway.zmq.sub_prefixStringRemote ZMQ server subscribe prefix.
gateway.zmq.pub_prefixStringRemote ZMQ server publish prefix.