Skip to content

Classic KV Format Configuration Guide

This section introduces the NanoMQ configuration in classic key-value format. While NanoMQ continues to support the traditional Key-Value (KV) configuration syntax, it's important to note that some new features will only be compatible with the HOCON configuration format.

Basic Configuration

NameTypeDescription
urlStringURL of listener
num_taskq_threadIntegerNumber of taskq threads used.
max_taskq_threadIntegerMaximum number of taskq threads used.
parallelLongNumber of parallel threads.
property_sizeIntegerMax size for a MQTT property.
msq_lenIntegerQueue length for resending messages.
qos_durationIntegerThe interval of the QoS timer + minimum granularity of the global timer
allow_anonymousBooleanAllow anonymous login.
tls.enableBooleanEnable TLS listener(default: false).
tls.urlStringURL of TLS listener.
tls.keyStringUser's private PEM-encoded key.
tls.keypassStringString containing the user's password. Only used if the private keyfile is password-protected.
tls.certStringUser certificate data.
tls.cacertStringUser's PEM-encoded CA certificates.
tls.verify_peerBooleanVerify peer certificate.
tls.fail_if_no_peer_certBooleanServer will fail if the client does not have a certificate to send.
websocket.enableBooleanEnable websocket listener(default: true).
websocket.urlStringURL of websocket listener.
websocket.tls_urlStringURL of TLS over websocket listerner.
http_server.enableBooleanEnable http server listerner (default: false).
http_server.portIntegerPort of http server.
http_server.ip_addrStringIP address of http server.
http_server.usernameStringUser name of http server.
http_server.passwordStringPassword of http server.
http_server.auth_typeEnumHttp server authentication type (default: basic).
http_server.jwt.public.keyfileStringpublic key file for JWT.
http_server.jwt.private.keyfileStringprivate key file for JWT.
log.toArray[Enum]Array of log types,( Use commas , to separate multiple types )
Log types: file, console, syslog
log.levelEnumLog level:trace, debug, info, warn, error, fatal
log.dirStringThe dir for log files. (if log to file)
log.fileStringThe log filename. (if log to file)
log.rotation.sizeIntegerMaximum size of each log file;
Supported Unit: `KB
log.rotation.countIntegerMaximum rotation count of log files;
Default: 5

MQTT Bridge Configuration

NanoMQ supports multiple bridge configuration sets, you can specify a user-defined group name by NAME which cannot be repeated.

NameTypeDescription
bridge.mqtt.{NAME}.bridge_modeBooleanEnter MQTT bridge mode (default false ).
bridge.mqtt.{NAME}.addressStringRemote Broker address.
bridge.mqtt.{NAME}.proto_verStringMQTT client version(3|4|5).
bridge.mqtt.{NAME}.clientidStringMQTT client identifier.
bridge.mqtt.{NAME}.keepaliveIntegerInterval of keepalive.
bridge.mqtt.{NAME}.clean_startBooleanClean seeson.
bridge.mqtt.{NAME}.parallelLongParallel of mqtt client.
bridge.mqtt.{NAME}.usernameStringLogin user name.
bridge.mqtt.{NAME}.passwordStringLogin password.
bridge.mqtt.{NAME}.forwardsArray[String]Array of forward topics.( Use commas , to separate multiple topics )
bridge.mqtt.{NAME}.subscription.1.topicStringFirst Topic.
bridge.mqtt.{NAME}.subscription.1.qosIntegerFirst Qos.
bridge.mqtt.{NAME}.subscription.2.topicStringSecondTopic ( And so on ).
bridge.mqtt.{NAME}.subscription.2.qosIntegerSecondQos( And so on ).
bridge.mqtt.{NAME}..connector.conn_propertiesObjectMQTT V5 Property of Connector (See the following table)
bridge.mqtt.{NAME}.connector.ssl.enableBooleanEnable TLS connection (default false).
bridge.mqtt.{NAME}.connector.ssl.key_passwordStringPrivate key password.
bridge.mqtt.{NAME}.connector.ssl.keyfileStringPrivate key.
bridge.mqtt.{NAME}.connector.ssl.certfileStringUser certificate.
bridge.mqtt.{NAME}.connector.ssl.cacertfileStringCA certificates.
bridge.mqtt.{NAME}.quic_keepaliveDurationInterval of a sending keepalive packet via QUIC transport.(default 120s )
bridge.mqtt.{NAME}.quic_idle_timeoutDurationIdle Timeout(default 120s )
bridge.mqtt.{NAME}.quic_discon_timeoutDurationDisconnect Timeout(default 120s )
bridge.mqtt.{NAME}.quic_handshake_timeoutDurationHandshake Timeout(default 60s )
bridge.mqtt.{NAME}.qsend_idle_timeoutDurationReset congestion control after being idle SendIdleTimeout (default 60s)
bridge.mqtt.{NAME}.qinitial_rtt_msDurationInitial RTT estimate. (ms)
(default: 800ms)
bridge.mqtt.{NAME}.qmax_ack_delay_msDurationHow long to wait after receiving data before sending an ACK. (default: 100ms)
bridge.mqtt.{NAME}.quic_qos_priorityBooleanSend QoS 1/2 msg in high prority. (default: true)
bridge.mqtt.{NAME}.quic_0rttBoolean0RTT is a feature of QUIC to re-establish connection quickly. . (default: true
bridge.mqtt.{NAME}.hybrid_bridgingBooleanHybrid bridging (default false ), recommend to enable it when you want to take advantage of QUIC, but not sure if the public network support QUIC.
bridge.mqtt.{NAME}.multi_streamBooleanMulti-stream mode(Defaultfalse
bridge.mqtt.{NAME}.parallelLongWork parallel for bridge client (Default 2)
bridge.mqtt.{NAME}.sub_propertiesObjectMQTT V5 Property of subscription (See the following table).
bridge.mqtt.{NAME}.max_send_queue_lenIntegerMaximum number of message send queue length
bridge.mqtt.{NAME}.max_recv_queue_lenIntegerMaximum number of message receive queue length

Note: The configuration options named with Quic prefix only apply to the QUIC transport layer.

MQTT V5 Property

Connector Property:bridge.mqtt.{NAME}.connector.conn_properties`

NameTypeDescription
maximum_packet_sizeIntegerMaximum packet size
Value: 1 ~ 4294967295
receive_maximumIntegerMaximum receive size
Value: 1 ~ 65535
topic_alias_maximumIntegerMaximum length of topic alias
Value: 0 ~ 65535
request_problem_infomationIntegerRequest problem infomation
Default: 1
Value: 0 | 1
request_response_infomationIntegerRequest response infomation
Default: 0
Value: 0 | 1
session_expiry_intervalIntegerSession expiry interval
Value: 0 ~ 4294967295
user_propertyMap[String, String]User property
Value: Map[key(String) - value(String)]

Subscription Property: bridge.mqtt.{NAME}.sub_properties`

NameTypeDescription
identifierIntegerSubscription identifier
Value: 1 ~ 268,435,455
user_propertyMap[String, String]User property
Value: Map[key(String) - value(String)]

AWS IoT Core Bridge Configuration

NameTypeDescription
aws.bridge.mqtt.bridge_modeBooleanEnter MQTT bridge mode (default false ).
aws.bridge.mqtt.hostStringaws endpoint.
aws.bridge.mqtt.portIntegeraws MQTT port.
aws.bridge.mqtt.clientidStringMQTT client identifier.
aws.bridge.mqtt.keepaliveIntegerInterval of keepalive.
aws.bridge.mqtt.clean_startBooleanClean seeson.
aws.bridge.mqtt.parallelLongParallel of mqtt client.
aws.bridge.mqtt.usernameStringLogin user name.
aws.bridge.mqtt.passwordStringLogin password.
aws.bridge.mqtt.forwardsArray[String]Array of forward topics.( Use commas , to separate multiple topics )
aws.bridge.mqtt.subscription.1.topicStringFirst Topic.
aws.bridge.mqtt.subscription.1.qosIntegerFirst Qos.
aws.bridge.mqtt.subscription.2.topicStringSecondTopic ( And so on ).
aws.bridge.mqtt.subscription.2.qosIntegerSecondQos( And so on ).

Authorization Configuration

NameTypeDescription
auth.1.loginStringFirst Username.
auth.1.passwordStringFirst Password.
auth.2.loginStringSecond Username ( And so on ).
auth.2.passwordStringSecond Password ( And so on ).
...
auth.{INDEX}.loginString
auth.{INDEX}.passwordString

WebHook Configuration

NameTypeDescription
web.hook.enableBooleanEnable WebHook (default: false)
web.hook.urlStringWebhook URL
web.hook.headers.<Any>StringHTTP Headers
Example:
1. web.hook.headers.content-type=application/json
2. web.hook.headers.accept=*
web.hook.body.encoding_of_payload_fieldEnumThe encoding format of the payload field in the HTTP body
Options:
plain | base64 | base62
web.hook.ssl.cacertfileStringPEM format file of CA's.
web.hook.ssl.certfileStringCertificate file to use, PEM format assumed.
web.hook.ssl.keyfileStringPrivate key file to use, PEM format assumed.
web.hook.ssl.verifyBooleanTurn on peer certificate verification (default: false).
web.hook.ssl.server_name_indicationBooleanVerify server_name (default: false).
web.hook.pool_sizeIntegerConnection process pool size (default: 32).
web.hook.rule.client.connack.<No>StringExample:
web.hook.rule.client.connack.1={"action": "on_client_connack"}
web.hook.rule.client.disconnected.<No>StringExample:
web.hook.rule.client.disconnected.1={"action": "on_client_disconnected"}
web.hook.rule.message.publish.<No>StringExample:
web.hook.rule.message.publish.1={"action": "on_message_publish"}
web.hook.rule.message.publish.1={"action": "on_message_publish", "topic": "topic/1/2"}
web.hook.rule.message.publish.2 = {"action": "on_message_publish", "topic": "foo/#"}

HTTP Authorication Configuration

NameTypeDescriptiondefault
auth.http.enableBooleanEnable HTTP authenticationfalse
auth.http.auth_req.urlStringSpecify the target URL of the authentication request.http://127.0.0.1:80/mqtt/auth
auth.http.auth_req.methodEnumSpecify the request method of the authentication request.
(POST , GET)
POST
auth.http.auth_req.headers.<Any>StringSpecify the data in the HTTP request header. <Key> Specify the field name in the HTTP request header, and the value of this configuration item is the corresponding field value. <Key> can be the standard HTTP request header field. User can also customize the field to configure multiple different request header fields.auth.http.auth_req.headers.content-type = application/x-www-form-urlencoded
auth.http.auth_req.headers.accept = */*
auth.http.auth_req.paramsStringSpecify the data carried in the authentication request.
When using the GET method, the value of auth.http.auth_req.params will be converted into k=v key-value pairs separated by & and sent as query string parameters.
When using the POST method, the value of auth.http.auth_req.params will be converted into k=v key-value pairs separated by & and sent in the form of Request Body. All placeholders will be replaced by run-time data , and the available placeholders are as follows:
%u: Username
%c: MQTT Client ID
%a: Client's network IP address
%r: The protocol used by the client can be:mqtt, mqtt-sn, coap, lwm2m and stomp
%P: Password
%p: Server port for client connection
%C: Common Name in client certificate
%d: Subject in client certificate
clientid=%c,username=%u,password=%P
auth.http.super_req.urlStringSpecify the target URL for the superuser authentication request.http://127.0.0.1:80/mqtt/superuser
auth.http.super_req.methodStringSpecifies the request method of the super user authentication request.
(POST , GET)
POST
auth.http.super_req.headers.<Any>StringSpecify the data in the HTTP request header. <Key> Specify the field name in the HTTP request header, and the value of this configuration item is the corresponding field value. <Key> can be the standard HTTP request header field. User can also customize the field to configure multiple different request header fields.auth.http.super_req.headers.content-type = application/x-www-form-urlencoded
auth.http.super_req.headers.accept = */*
auth.http.super_req.paramsStringSpecify the data carried in the authentication request.
When using the GET method, the value of auth.http.auth_req.params will be converted into k=v key-value pairs separated by & and sent as query string parameters.
When using the POST method, the value of auth.http.auth_req.params will be converted into k=v key-value pairs separated by & and sent in the form of Request Body. All placeholders will be replaced by run-time data , and the available placeholders are the same as those of auth.http.auth_req.params.
clientid=%c,username=%u
auth.http.acl_req.urlStringSpecify the target URL for ACL verification requests.http://127.0.0.1:8991/mqtt/acl
auth.http.acl_req.methodStringSpecifies the request method for ACL verification requests.
(POST , GET)
POST
auth.http.acl_req.headers.<Any>StringSpecify the data in the HTTP request header. <Key> Specify the field name in the HTTP request header, and the value of this configuration item is the corresponding field value. <Key> can be the standard HTTP request header field. User can also customize the field to configure multiple different request header fields.auth.http.super_req.headers.content-type = application/x-www-form-urlencoded
auth.http.super_req.headers.accept = */*
auth.http.acl_req.paramsStringSpecify the data carried in the authentication request.
When using the GET method, the value of auth.http.auth_req.params will be converted into k=v key-value pairs separated by & and sent as query string parameters.
When using the POST method, the value of auth.http.auth_req.params will be converted into k=v key-value pairs separated by & and sent in the form of Request Body. All placeholders will be replaced by run-time data , and the available placeholders are as follows:
%A: Permission to be verified, 1 means subscription, 2 means publish
%u: UserName
%c: MQTT Client ID
%a: Client network IP address
%r: The protocol used by the client can be: mqtt, mqtt-sn, coap, lwm2m and stomp
%m: Mount point
%t: Topic
access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t,mountpoint=%m
auth.http.timeoutIntegerHTTP request timeout. Any setting equivalent to 0s means never timeout.5s
auth.http.connect_timeoutIntegerConnection timeout for HTTP requests. Any setting value equivalent to 0s means never time out.5s
auth.http.ssl.cacertfileStringCA certificate file path.etc/certs/ca.pem
auth.http.ssl.certfileStringClient certificate file path.etc/certs/client-cert.pem
auth.http.ssl.keyfileStringClient private key file path.etc/certs/client.key.pem

Rule Engine Configuration

NameTypeDescription
rule_optionEnumRule engine option, when persistence with rule engine, this option is must be ON.
rule_option.sqliteEnumRule engine plugins option (enable/disable)
rule_option.repubEnumRule engine plugins option (enable/disable)
rule_option.mysqlEnumRule engine plugins option (enable/disable)

Rule Configuration for SQLite

NameTypeDescription
rule.sqlite.pathStringRule engine option SQLite3 database path, default is /tmp/rule_engine.db
rule.sqlite.%d.tableStringRule engine option SQLite3 database table name, '%d' is a placeholder
rule.sqlite.event.publish.%d.sqlStringRule engine sql clause, '%d' is a placeholder

Rule Configuration for MySQL

NameTypeDescription
rule.sqlite.pathStringRule engine option mysql database name, default is mysql_rule_db
rule.mysql.%d.tableStringRule engine option mysql database table name, '%d' is a placeholder
rule.mysql.%d.hostStringRule engine option mysql database host, '%d' is a placeholder
rule.mysql.%d.usernameStringRule engine option mysql database username, '%d' is a placeholder
rule.mysql.%d.passwordStringRule engine option mysql database password, '%d' is a placeholder
rule.mysql.event.publish.%d.sqlStringRule engine sql clause, '%d' is a placeholder

Rule configuration for repub

NameTypeDescription
rule.repub.%d.addressStringRule engine option repub address (mqtt-tcp://host:port), '%d' is a placeholder
rule.repub.%d.topicStringRule engine option repub topic, '%d' is a placeholder
rule.repub.%d.usernameStringRule engine option repub username, '%d' is a placeholder
rule.repub.%d.passwordStringRule engine option repub password, '%d' is a placeholder
rule.repub.%d.proto_verIntegerRule engine option repub protocol version, default is 4, '%d' is a placeholder
rule.repub.%d.clientidStringRule engine option repub clientid, '%d' is a placeholder
rule.repub.%d.keepaliveIntegerRule engine option repub keepalive, default is 60, '%d' is a placeholder
rule.repub.%d.clean_startBooleanRule engine option repub clean_start flag, default is true '%d' is a placeholder
rule.repub.event.publish.%d.sqlStringRule engine sql clause, '%d' is a placeholder