Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Question on max_message_rate #2177

Open
1 task done
bilal-haider-cowlar opened this issue Aug 3, 2023 · 6 comments
Open
1 task done

[Bug]: Question on max_message_rate #2177

bilal-haider-cowlar opened this issue Aug 3, 2023 · 6 comments
Labels
bug

Comments

@bilal-haider-cowlar
Copy link

Environment

  • VerneMQ Version:
  • OS:
  • Erlang/OTP version (if building from source):
  • Cluster size/standalone:

Current Behavior

my max_message_rate is not working in my docker vernemq. I am setting max_message_rate like this:
vernemq: image: vernemq/vernemq container_name: vernemq restart: always environment: DOCKER_VERNEMQ_ALLOW_ANONYMOUS: 'off' DOCKER_VERNEMQ_PLUGINS.vmq_diversity: 'on' DOCKER_VERNEMQ_PLUGINS.vmq_passwd: 'off' DOCKER_VERNEMQ_PLUGINS.vmq_acl: 'off' DOCKER_VERNEMQ_VMQ_DIVERSITY.auth_mysql.enabled: 'on' DOCKER_VERNEMQ_VMQ_DIVERSITY.mysql.host: mysql_nest DOCKER_VERNEMQ_VMQ_DIVERSITY.mysql.port: $DATABASE_PORT DOCKER_VERNEMQ_VMQ_DIVERSITY.mysql.user: $DATABASE_USER DOCKER_VERNEMQ_VMQ_DIVERSITY.mysql.password: $DATABASE_PASSWORD DOCKER_VERNEMQ_VMQ_DIVERSITY.mysql.database: $DATABASE_DB DOCKER_VERNEMQ_VMQ_DIVERSITY.mysql.password_hash_method: 'md5' DOCKER_VERNEMQ_ACCEPT_EULA: 'yes' DOCKER_VERNEMQ_MAX_MESSAGE_RATE: '2' ports: - $MQTT_MQTT_PORT:1883 - $MQTT_WS_PORT:8080 - $MQTT_ADMIN_PORT:8888 networks: - vernemq-network depends_on: - mysql_nest

Clients authentication and authorization is working good but max_message_rate is not working.
Even i can see the line max_message_rate = 2 in vernemq.conf file.

Expected behaviour

Client should not be able to send more than 2 messages in a second or the broker should not send the messages of that client to other clients if rate is greater than 2.

Configuration, logs, error output, etc.

vernemq@162487488b4e:~$ cat etc/vernemq.conf 
## To use this pre-packaged version of VerneMQ you must agree
## to our end user license agreement (EULA).
## The EULA can be found on https://vernemq.com/end-user-license-agreement.
## 
## Default: no
## 
## Acceptable values:
##   - one of: yes, no
accept_eula = no

## Allow anonymous users to connect, default is 'off'. !!NOTE!!
## Enabling this completely disables authentication of the clients and
## should only be used for testing/development purposes or in case
## clients are authenticated by some other means.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_anonymous = off

## Allow new client connections even when a VerneMQ cluster is inconsistent.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_register_during_netsplit = off

## Allow message publishs even when a VerneMQ cluster is inconsistent.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_publish_during_netsplit = off

## Allow new subscriptions even when a VerneMQ cluster is inconsistent.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_subscribe_during_netsplit = off

## Allow clients to unsubscribe when a VerneMQ cluster is inconsistent.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_unsubscribe_during_netsplit = off

## Allows a client to logon multiple times using the same client
## id (non-standard behaviour!). This feature is DEPRECATED and will
## be removed in VerneMQ 2.0.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
allow_multiple_sessions = off

## Client registrations can be either happen in a coordinated or
## uncoordinated fashion. Uncoordinated registrations are faster and
## will cause other clients with the same client-id to be eventually
## disconnected, while coordinated ensures that any other client with
## the same client-id will be immediately disconnected.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
coordinate_registrations = on

## Set the time in seconds VerneMQ waits before a retry, in case a (QoS=1 or QoS=2) message
## delivery gets no answer.
## 
## Default: 20
## 
## Acceptable values:
##   - an integer
## retry_interval = 20

## Set the maximum size for client IDs. MQTT v3.1 specifies a
## limit of 23 characters
## 
## Default: 100
## 
## Acceptable values:
##   - an integer
## max_client_id_size = 100

## This option allows persistent clients ( = clean session set to
## false) to be removed if they do not reconnect within 'persistent_client_expiration'.
## This is a non-standard option. As far as the MQTT specification is concerned,
## persistent clients persist forever.
## The expiration period should be an integer followed by one of 'd', 'w', 'm', 'y' for
## day, week, month, and year.
## 
## Default: never
## 
## Acceptable values:
##   - text
## persistent_client_expiration = 1w

## The maximum delay for a last will message. This setting
## applies only to MQTTv5 sessions and can be used to override the
## value provided by the client.
## The delay can be either 'client' which means the value specified by
## the client is used, or an integer followed by one of 's', 'h' 'd',
## 'w', 'm', 'y' for day, week, month, and year used to cap the value
## provided by the client..
## 
## Default: client
## 
## Acceptable values:
##   - text
## max_last_will_delay = client

## The maximum number of QoS 1 or 2 messages that can be in the process of being
## transmitted simultaneously. This includes messages currently going through handshakes
## and messages that are being retried. Defaults to 20. Set to 0 for no maximum. If set
## to 1, this will guarantee in-order delivery of messages.
## Note: for MQTT v5, use receive_max_client/receive_max_broker to implement
## similar behaviour.
## 
## Default: 20
## 
## Acceptable values:
##   - an integer
max_inflight_messages = 20

## The maximum number of messages to hold in the queue above
## those messages that are currently in flight. Defaults to 1000. This affects
## messages of any QoS. Set to -1 for no maximum (not recommended).
## This option allows to control how a specific client session can deal
## with message bursts. As a general rule of thumb set
## this number a bit higher than the expected message rate a single consumer is
## required to process. Note that setting this value to 0 will totally block
## delivery from any queue.
## 
## Default: 1000
## 
## Acceptable values:
##   - an integer
max_online_messages = 1000

## The maximum number of QoS 1 or 2 messages to hold in the offline queue.
## Defaults to 1000. Set to -1 for no maximum (not recommended). Set to 0
## if no messages should be stored offline.
## 
## Default: 1000
## 
## Acceptable values:
##   - an integer
max_offline_messages = 1000

## Allows a session that changes from offline to online to override the maximum
## online message count (max_online_messages). All offlines messages will be added
## to the online queue.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
override_max_online_messages = off

## This option sets the maximum MQTT size that VerneMQ will
## allow.  Messages that exceed this size will not be accepted by
## VerneMQ. The default value is 0, which means that all valid MQTT
## messages are accepted. MQTT imposes a maximum payload size of
## 268435455 bytes.
## 
## Default: 0
## 
## Acceptable values:
##   - an integer
max_message_size = 0

## If a message is published with a QoS lower than the QoS of the subscription it is
## delivered to, VerneMQ can upgrade the outgoing QoS. This is a non-standard option.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
upgrade_outgoing_qos = off

## listener.tcp.buffer_sizes is an list of three integers
## (sndbuf,recbuf,buffer) specifying respectively the kernel TCP send
## buffer, the kernel TCP receive buffer and the user-level buffer
## size in the erlang driver.
## It is recommended to have val(user-level buffer) >= val(receive
## buffer) to avoid performance issues because of unnecessary copying.
## If not set, the operating system defaults are used.
## This option can be set on the protocol level by:
## - listener.tcp.buffer_sizes
## - listener.ssl.buffer_sizes
## or on the listener level by:
## - listener.tcp.my_tcp_listener.buffer_sizes
## - listener.ssl.my_ssl_listener.buffer_sizes
## 
## Acceptable values:
##   - text
## listener.tcp.buffer_sizes = 4096,16384,32768

## listener.max_connection_lifetime is an integer defining the maximum lifetime
## of MQTT connection in seconds. This option can be overridden on the protocol level by:
## - listener.tcp.max_connection_lifetime
## - listener.ssl.max_connection_lifetime
## - listener.ws.max_connection_lifetime
## - listener.wss.max_connection_lifetime
## or on the listener level by:
## - listener.tcp.my_tcp_listener.max_connection_lifetime
## - listener.ssl.my_ssl_listener.max_connection_lifetime
## - listener.ws.my_ws_listener.max_connection_lifetime
## - listener.wss.my_wss_listener.
## This is an implementation of MQTT security proposal:
## "Servers may close the Network Connection of Clients and require them to re-authenticate with new credentials."
## 
## Default: 0
## 
## Acceptable values:
##   - an integer
listener.max_connection_lifetime = 0

## listener.max_connections is an integer or 'infinity' defining
## the maximum number of concurrent connections. This option can be overridden
## on the protocol level by:
## - listener.tcp.max_connections
## - listener.ssl.max_connections
## - listener.ws.max_connections
## - listener.wss.max_connections
## or on the listener level by:
## - listener.tcp.my_tcp_listener.max_connections
## - listener.ssl.my_ssl_listener.max_connections
## - listener.ws.my_ws_listener.max_connections
## - listener.wss.my_wss_listener.max_connections
## 
## Default: 10000
## 
## Acceptable values:
##   - an integer
##   - the text "infinity"
listener.max_connections = 10000

## Set the maximum frame in bytes that a WebSocket connection is allowed to
## send. If the client tries to send more in one frame, the server will disconnect it.
## 
## Default: 268435456
## 
## Acceptable values:
##   - an integer
##   - the text "infinity"
max_ws_frame_size = 268435456

## Set the nr of acceptors waiting to concurrently accept new connections.
## This can be specified either on the protocol level:
## - listener.tcp.nr_of_acceptors
## - listener.ssl.nr_of_acceptors
## - listener.ws.nr_of_acceptors
## - listener.wss.nr_of_acceptors
## or on the listener level:
## - listener.tcp.my_tcp_listener.nr_of_acceptors
## - listener.ssl.my_ssl_listener.nr_of_acceptors
## - listener.ws.my_ws_listener.nr_of_acceptors
## - listener.wss.my_wss_listener.nr_of_acceptors
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
listener.nr_of_acceptors = 10

## listener.tcp.<name> is an IP address and TCP port that
## the broker will bind to. You can define multiple listeners e.g:
## - listener.tcp.default = 127.0.0.1:1883
## - listener.tcp.internal = 127.0.0.1:10883
## - listener.tcp.my_other_listener = 127.0.0.1:10884
## This also works for SSL listeners and WebSocket handlers:
## - listener.ssl.default = 127.0.0.1:8883
## - listener.ws.default = 127.0.0.1:800
## - listener.wss.default = 127.0.0.1:880
## 
## Default: 127.0.0.1:1883
## 
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
##   - a Unix Domain Socket, e.g. local:/var/run/app.sock:0
listener.tcp.name = 127.0.0.1:1883

## 
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
## listener.ssl.name = 127.0.0.1:8883

## 'listener.tcp.my_listener.allow_anonymous_override' configures whether
## this listener is allowed to override the global allow_anonymous setting.
## The setting has one single purpose: to give a listener the capability to switch off
## all authentication plugins. (that is override a global allow_anonymous=off with a per-listener allow_anonymous=on).
## Specifically, it can allow TLS listeners to disable internal authentication (using only client certificates as
## authentication) while keeping all the other MQTT listeners safe.
## global | listener | Result for listener:  (on = anonymous access allowed)
## on	  | on	     | on
## off    | on	     | on
## off    | off      | off
## on     | off      | on
## Both values are simply OR'ed together. Please note that this does not allow you to globally allow anonymous access, and
## then selectively switch off single listeners!
## - listener.tcp.my_listener.allow_anonymous_override
## - listener.ssl.my_listener.allow_anonymous_override
## Allowed values are 'on' or 'off'. The default value for an unconfigured listener will be 'off'.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
listener.tcp.name.allow_anonymous_override = off

## 
## Default: off
## 
## Acceptable values:
##   - on or off
listener.ssl.name.allow_anonymous_override = off

## 'listener.tcp.allowed_protocol_versions' configures which
## protocol versions are allowed for an MQTT listener. The allowed
## protocol versions can be specified the tcp, websocket or ssl level:
## - listener.tcp.allowed_protocol_versions
## - listener.ws.allowed_protocol_versions
## - listener.wss.allowed_protocol_versions
## - listener.ssl.allowed_protocol_versions
## or for a specific listener:
## - listener.tcp.my_tcp_listener.allowed_protocol_versions
## - listener.ws.my_ws_listener.allowed_protocol_versions
## - listener.wss.my_ws_listener.allowed_protocol_versions
## - listener.ssl.my_ws_listener.allowed_protocol_versions
## Allowed values are 3 (MQTT 3.1), 4 (MQTT 3.1.1), 5 (MQTT 5.0), 131
## (MQTT 3.1 bridge), 132 (MQTT 3.1.1 bridge).
## 
## Default: 3,4,5,131
## 
## Acceptable values:
##   - text
## listener.tcp.allowed_protocol_versions = 3,4,5

## listener.vmq.clustering is the IP address and TCP port that
## the broker will bind to accept connections from other cluster
## nodes e.g:
## - listener.vmq.clustering = 0.0.0.0:18883
## This also works for SSL listeners:
## - listener.vmqs.clustering = 0.0.0.0:18884
## 
## Default: 0.0.0.0:44053
## 
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
listener.vmq.clustering = 0.0.0.0:44053

## listener.http.default is the IP address and TCP port that
## the broker will bind to accept HTTP connections
## - listener.http.default = 0.0.0.0:8888
## This also works for SSL listeners:
## - listener.https.default= 0.0.0.0:8889
## 
## Default: 127.0.0.1:8888
## 
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
listener.http.default = 127.0.0.1:8888

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted. Set the cafile
## on the protocol level or on the listener level:
## - listener.ssl.cafile
## - listener.wss.cafile
## or on the listener level:
## - listener.ssl.my_ssl_listener.cafile
## - listener.wss.my_wss_listener.cafile
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.ssl.cafile = ./etc/cacerts.pem

## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.https.cafile = ./etc/cacerts.pem

## Set the path to the PEM encoded server certificate
## on the protocol level or on the listener level:
## - listener.ssl.certfile
## - listener.wss.certfile
## or on the listener level:
## - listener.ssl.my_ssl_listener.certfile
## - listener.wss.my_wss_listener.certfile
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.ssl.certfile = ./etc/cert.pem

## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.https.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file on the protocol
## level or on the listener level:
## - listener.ssl.keyfile
## - listener.wss.keyfile
## or on the listener level:
## - listener.ssl.my_ssl_listener.keyfile
## - listener.wss.my_wss_listener.keyfile
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.ssl.keyfile = ./etc/key.pem

## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.vmqs.keyfile = ./etc/key.pem

## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.https.keyfile = ./etc/key.pem

## Set the list of allowed ciphers (each separated with a colon,
## e.g. "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"),
## on the protocol level or on the listener level. Reasonable defaults
## are used if nothing is specified:
## - listener.ssl.ciphers
## - listener.wss.ciphers
## or on the listener level:
## - listener.ssl.my_ssl_listener.ciphers
## - listener.wss.my_wss_listener.ciphers
## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.ssl.ciphers = 

## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.vmqs.ciphers = 

## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.https.ciphers = 

## Set the list of allowed elliptical curves (each separated with a colon,
## e.g. "[sect571k1,secp521r1,brainpoolP512r1]"), on the protocol level or on the listener level.
## All known curves are used if nothing is specified.
## - listener.ssl.eccs
## - listener.wss.eccs
## or on the listener level:
## - listener.ssl.my_ssl_listener.eccs
## - listener.wss.my_wss_listener.eccs
## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.ssl.eccs = [brainpoolP384r1, secp384r1, sect283k1]

## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.vmqs.eccs = [brainpoolP384r1, secp384r1, sect283k1]

## 
## Default: 
## 
## Acceptable values:
##   - text
## listener.https.eccs = [brainpoolP384r1, secp384r1, sect283k1]

## If you have 'listener.ssl.require_certificate' set to true,
## you can create a certificate revocation list file to revoke access
## to particular client certificates. If you have done this, use crlfile
## to point to the PEM encoded revocation file. This can be done on the
## protocol level or on the listener level.
## - listener.ssl.crlfile
## - listener.wss.crlfile
## or on the listener level:
## - listener.ssl.my_ssl_listener.crlfile
## - listener.wss.my_wss_listener.crlfile
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## listener.ssl.crlfile = 

## Enable this option if you want to use SSL client certificates
## to authenticate your clients. This can be done on the protocol level
## or on the listener level.
## - listener.ssl.require_certificate
## - listener.wss.require_certificate
## or on the listener level:
## - listener.ssl.my_ssl_listener.require_certificate
## - listener.wss.my_wss_listener.require_certificate
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.ssl.require_certificate = off

## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.vmqs.require_certificate = off

## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.https.require_certificate = off

## Configure the TLS protocol version (tlsv1, tlsv1.1, tlsv1.2 or tlsv1.3) to be
## used for either all configured SSL listeners or for a specific listener:
## - listener.ssl.tls_version
## - listener.wss.tls_version
## or on the listener level:
## - listener.ssl.my_ssl_listener.tls_version
## - listener.wss.my_wss_listener.tls_version
## TLSv1.3 requires OTP 23 or later.
## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## listener.ssl.tls_version = tlsv1.2

## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## listener.vmqs.tls_version = tlsv1.2

## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## listener.https.tls_version = tlsv1.2

## If 'listener.ssl.require_certificate' is enabled, you may enable
## 'listener.ssl.use_identity_as_username' to use the CN value from the client
## certificate as a username. If enabled other authentication plugins are not
## considered. The option can be specified either for all SSL listeners or for
## a specific listener:
## - listener.ssl.use_identity_as_username
## - listener.wss.use_identity_as_username
## or on the listener level:
## - listener.ssl.my_ssl_listener.use_identity_as_username
## - listener.wss.my_wss_listener.use_identity_as_username
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.ssl.use_identity_as_username = off

## If listener.ssl.pskfile is enabled VerneMQ supports TLS connection based on
## pre-shared keys (PSK).
## The option can be specified either for all SSL listeners or for
## a specific listener.
## - listener.ssl.psk_support
## or on the listener level:
## - listener.ssl.my_ssl_listener.psk_support
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## listener.ssl.psk_support = off

## The PSK hint sent by the server to the client.
## The option can be specified either for all SSL listeners or for
## a specific listener.
## - listener.ssl.psk_identity_hint
## or on the listener level:
## - listener.ssl.my_ssl_listener.psk_identity_hint
## 
## Default: VMQ_PSK
## 
## Acceptable values:
##   - text
## listener.ssl.psk_identity_hint = VMQ_PSK

## If PSK support is enabled, the pre-shared keys must be provided as key value pairs
## seperated by a seperator (by default ":"), e.g.
## mypskidentity:mypskkey
## The key is a string (not hex-encoded). The psk file is used for all listerners.
## 
## Default: ./etc/vmq.psk
## 
## Acceptable values:
##   - the path to a file
listener.ssl.pskfile = ./etc/vmq.psk

## The pre-shared keys and the psk identity are separated by a separator.
## By default, a colon is used.
## 
## Default: :
## 
## Acceptable values:
##   - text
## listener.ssl.pskfile_separator = :

## Enable the $SYSTree Reporter.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
systree_enabled = on

## The integer number of milliseconds between updates of the $SYS subscription hierarchy,
## which provides status information about the broker. If unset, defaults to 20 seconds.
## Set to 0 to disable publishing the $SYS hierarchy completely.
## 
## Default: 20000
## 
## Acceptable values:
##   - an integer
systree_interval = 20000

## Enable the Graphite Reporter. Ensure to also configure a
## proper graphite.host
## 
## Default: off
## 
## Acceptable values:
##   - on or off
graphite_enabled = off

## the graphite server host name
## 
## Default: localhost
## 
## Acceptable values:
##   - text
graphite_host = localhost

## the tcp port of the graphite server
## 
## Default: 2003
## 
## Acceptable values:
##   - an integer
graphite_port = 2003

## the interval we push metrics to the graphite server in ms
## 
## Default: 20000
## 
## Acceptable values:
##   - an integer
graphite_interval = 20000

## set the prefix that is applied to all metrics reported to graphite
## 
## Default: 
## 
## Acceptable values:
##   - text
## graphite_prefix = my-prefix

## the graphite server api key, e.g. used by hostedgraphite.com
## 
## Default: 
## 
## Acceptable values:
##   - text
## graphite_api_key = My-Api-Key

## Distribution policy for shared subscriptions. Default is
## 'prefer_local' which will ensure that local subscribers will be
## used if any are available. 'local_only' will select a random local
## subscriber if any are available. 'random' will randomly choose
## between all available subscribers.
## 
## Default: prefer_local
## 
## Acceptable values:
##   - text
shared_subscription_policy = prefer_local

## plugins.<plugin> enables/disables a plugin.
## Plugin specific settings are set via the plugin itself, i.e., to
## set the 'file' setting for the myplugin plugin, add a line like:
## myplugin.file = /path/to/file
## 
## Acceptable values:
##   - on or off
## plugins.name = on

## plugins.<name>.path defines the location of the plugin
## associated with <name>. This is needed for plugins that are not
## shipped with VerneMQ.
## 
## Acceptable values:
##   - the path to a directory
## plugins.mypluginname.path = /path/to/myplugin

## plugins.<name>.priority defines the load order of the
## plugins. Plugins are loaded by priority. If no priority is given
## the load order is undefined. Prioritized plugins will always be
## loaded before plugins with no defined priority.
## 
## Acceptable values:
##   - an integer
## plugins.mypluginname.priority = 5

## File based authentication plugin.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
plugins.vmq_passwd = on

## File based authorization plugin.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
plugins.vmq_acl = on

## Lua based plugins.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
plugins.vmq_diversity = off

## Webhook based plugins.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
plugins.vmq_webhooks = off

## The VerneMQ bridge plugin.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
plugins.vmq_bridge = off

## Limits the maximum topic depth
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
topic_max_depth = 10

## Specifies the metadata plugin that is used for storing and replicating
## VerneMQ metadata objects such as MQTT subscriptions and retained messages.
## The default is kept at `vmq_plumtree` for compatibility with existing deployments.
## For new cluster deployments, the recommendation is to use 'vmq_swc' from the
## beginning. Note that the 2 protocols are not compatible, so clusters can't be
## mixed.
## 
## Default: vmq_swc
## 
## Acceptable values:
##   - one of: vmq_plumtree, vmq_swc
metadata_plugin = vmq_swc

## Set the path to an access control list file.
## 
## Default: ./etc/vmq.acl
## 
## Acceptable values:
##   - the path to a file
vmq_acl.acl_file = ./etc/vmq.acl

## set the acl reload interval in seconds, the value 0 disables
## the automatic reloading of the acl file.
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
vmq_acl.acl_reload_interval = 10

## Set the path to a password file.
## 
## Default: ./etc/vmq.passwd
## 
## Acceptable values:
##   - the path to a file
vmq_passwd.password_file = ./etc/vmq.passwd

## set the password reload interval in seconds, the value 0
## disables the automatic reloading of the password file.
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
vmq_passwd.password_reload_interval = 10

## Configure the vmq_diversity plugin script dir. The script dir
## is searched for Lua scripts which are automatically loaded when the
## plugin is enabled.
## 
## Default: ./share/lua
## 
## Acceptable values:
##   - the path to a directory
vmq_diversity.script_dir = ./share/lua

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_postgres.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.postgres.host = localhost

## 
## Default: 5432
## 
## Acceptable values:
##   - an integer
## vmq_diversity.postgres.port = 5432

## 
## Default: root
## 
## Acceptable values:
##   - text
## vmq_diversity.postgres.user = root

## 
## Default: password
## 
## Acceptable values:
##   - text
## vmq_diversity.postgres.password = password

## 
## Default: vernemq_db
## 
## Acceptable values:
##   - text
## vmq_diversity.postgres.database = vernemq_db

## Specify if the postgresql driver should use TLS or not.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.postgres.ssl = off

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.postgres.cafile = ./etc/cafile.pem

## Set the path to the PEM encoded server certificate.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.postgres.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.postgres.keyfile = ./etc/keyfile.pem

## The password hashing method to use in PostgreSQL:
## 
## Default: crypt
## 
## Acceptable values:
##   - one of: crypt, bcrypt
vmq_diversity.postgres.password_hash_method = crypt

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_cockroachdb.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.cockroachdb.host = localhost

## 
## Default: 5432
## 
## Acceptable values:
##   - an integer
## vmq_diversity.cockroachdb.port = 5432

## 
## Default: root
## 
## Acceptable values:
##   - text
## vmq_diversity.cockroachdb.user = root

## 
## Default: password
## 
## Acceptable values:
##   - text
## vmq_diversity.cockroachdb.password = password

## 
## Default: vernemq_db
## 
## Acceptable values:
##   - text
## vmq_diversity.cockroachdb.database = vernemq_db

## Specify if the cockroachdb driver should use TLS or not.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
vmq_diversity.cockroachdb.ssl = on

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.cockroachdb.cafile = ./etc/cafile.pem

## Set the path to the PEM encoded server certificate.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.cockroachdb.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.cockroachdb.keyfile = ./etc/keyfile.pem

## The password hashing method to use in CockroachDB:
## 
## Default: bcrypt
## 
## Acceptable values:
##   - one of: sha256, bcrypt
vmq_diversity.cockroachdb.password_hash_method = bcrypt

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_mysql.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.mysql.host = localhost

## 
## Default: 3306
## 
## Acceptable values:
##   - an integer
## vmq_diversity.mysql.port = 3306

## 
## Default: root
## 
## Acceptable values:
##   - text
## vmq_diversity.mysql.user = root

## 
## Default: password
## 
## Acceptable values:
##   - text
## vmq_diversity.mysql.password = password

## 
## Default: vernemq_db
## 
## Acceptable values:
##   - text
## vmq_diversity.mysql.database = vernemq_db

## The password hashing method to use in MySQL:
## password: Default for compatibility, deprecated since MySQL 5.7.6 and not
## usable with MySQL 8.0.11+.
## Docs: https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_password
## md5: Calculates an MD5 128-bit checksum of the password.
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_md5
## sha1: Calculates the SHA-1 160-bit checksum for the password.
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha1
## sha256: Calculates the SHA-2 hash of the password, using 256 bits.
## Works only if MySQL has been configured with SSL support.
## Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha2
## 
## Default: password
## 
## Acceptable values:
##   - one of: password, md5, sha1, sha256
vmq_diversity.mysql.password_hash_method = password

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_mongodb.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.host = localhost

## 
## Default: 27017
## 
## Acceptable values:
##   - an integer
## vmq_diversity.mongodb.port = 27017

## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.login = 

## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.password = 

## 
## Default: admin
## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.auth_source = 

## 
## Acceptable values:
##   - text
## vmq_diversity.mongodb.database = 

## Specify if the mongodb driver should use TLS or not.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.mongodb.ssl = off

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.mongodb.cafile = ./etc/cafile.pem

## Set the path to the PEM encoded server certificate.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.mongodb.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.mongodb.keyfile = ./etc/keyfile.pem

## 
## Default: off
## 
## Acceptable values:
##   - on or off
vmq_diversity.auth_redis.enabled = off

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.redis.host = localhost

## 
## Default: 6379
## 
## Acceptable values:
##   - an integer
## vmq_diversity.redis.port = 6379

## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_diversity.redis.password = 

## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_diversity.redis.user = 

## 
## Default: 0
## 
## Acceptable values:
##   - an integer
## vmq_diversity.redis.database = 0

## 
## Default: localhost
## 
## Acceptable values:
##   - text
## vmq_diversity.memcache.host = localhost

## 
## Default: 11211
## 
## Acceptable values:
##   - an integer
## vmq_diversity.memcache.port = 11211

## vmq_diversity.<name>.file = <file> loads a specific lua
## script when `vmq_diversity` starts. The scripts are loaded in the
## order defined by the names given, i.e., the script with <name>
## 'script1' is started before the plugin with <name> 'script2'.
## Scripts loaded like this are loaded after the scripts in the
## default script dir.
## 
## Acceptable values:
##   - the path to a file
## vmq_diversity.script1.file = path/to/my/script.lua

## The pool_size specifies how many bcrypt port operations are
## allowed concurrently. The value `auto` will try to detect all
## logical cpus and set the pool size to that number minus 1.
## If the number of logical cpus cannot be detected, a value of 1 is used.
## 
## Default: 1
## 
## Acceptable values:
##   - an integer
##   - one of: auto
vmq_bcrypt.pool_size = 1

## The pool_size specifies how many bcrypt NIF operations are
## allowed concurrently. The value `auto` will try to detect all
## logical cpus and set the pool size to that number minus 1.
## If the number of logical cpus cannot be detected, a value of 1 is used.
## 
## Default: 4
## 
## Acceptable values:
##   - an integer
##   - one of: auto
vmq_bcrypt.nif_pool_size = 4

## Specifies the max workers to overflow of the bcrypt NIF program pool.
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
vmq_bcrypt.nif_pool_max_overflow = 10

## Specifies the number of bcrypt log rounds, defining the hashing complexity.
## 
## Default: 12
## 
## Acceptable values:
##   - an integer
vmq_bcrypt.default_log_rounds = 12

## Specify where bcrypt is called as an Erlang port or NIF
## 
## Default: port
## 
## Acceptable values:
##   - one of: nif, port
vmq_bcrypt.mechanism = port

## To configure and register a webhook a hook and an endpoint
## need to be configured and this is achieved by associating both with
## a name. vmq_webhooks.<name>.hook = <hook> associates the hook
## <hook> with the name <name>. Webhooks are registered in the order
## of the name given to it. Therefore a webhook with name 'webhook1'
## is registered before a webhook with the name 'webhook2'.
## 
## Acceptable values:
##   - one of: auth_on_register, auth_on_publish, auth_on_subscribe, on_register, on_publish, on_subscribe, on_unsubscribe, on_deliver, on_offline_message, on_client_wakeup, on_client_offline, on_client_gone, on_session_expired, auth_on_register_m5, auth_on_publish_m5, auth_on_subscribe_m5, on_register_m5, on_publish_m5, on_subscribe_m5, on_unsubscribe_m5, on_deliver_m5, on_auth_m5
## vmq_webhooks.webhook1.hook = auth_on_register

## Associate an endpoint with a name.
## 
## Acceptable values:
##   - text
## vmq_webhooks.webhook1.endpoint = http://localhost/myendpoints

## Configure TLS version for HTTPS webhook calls
## HTTPS webhooks.
## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## vmq_webhooks.tls_version = tlsv1.2

## Specify the address and port of the bridge to connect to. Several
## bridges can configured by using different bridge names (e.g. br0). If the
## connection supports SSL encryption bridge.ssl.<name> can be used.
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0 = 127.0.0.1:1889

## Set the clean session option for the bridge. By default this is disabled,
## which means that all subscriptions on the remote broker are kept in case of
## the network connection dropping. If enabled, all subscriptions and messages
## on the remote broker will be cleaned up if the connection drops.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## vmq_bridge.tcp.br0.cleansession = off

## Set the client id for this bridge connection. If not defined, this
## defaults to 'name.hostname', where name is the connection name and hostname
## is the hostname of this computer.
## 
## Default: auto
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0.client_id = auto

## Set the number of seconds after which the bridge should send a ping if
## no other traffic has occurred.
## 
## Default: 60
## 
## Acceptable values:
##   - an integer
## vmq_bridge.tcp.br0.keepalive_interval = 60

## Configure a username for the bridge. This is used for authentication
## purposes when connecting to a broker that support MQTT v3.1 and requires a
## username and/or password to connect. See also the password option.
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0.username = my_remote_user

## Configure a password for the bridge. This is used for authentication
## purposes when connecting to a broker that support MQTT v3.1 and requires a
## username and/or password to connect. This option is only valid if a username
## is also supplied.
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0.password = my_remote_password

## Define one or more topic pattern to be shared between the two brokers.
## Any topics matching the pattern (including wildcards) are shared.
## The following format is used:
## pattern [[[ out | in | both ] qos-level] local-prefix remote-prefix]
## [ out | in | both ]: specifies that this bridge exports messages (out), imports
## messages (in) or shared in both directions (both). If undefined we default to
## export (out).
## qos-level: specifies the publish/subscribe QoS level used for this
## toppic. If undefined we default to QoS 0.
## local-prefix and remote-prefix: For incoming topics, the bridge
## will prepend the pattern with the remote prefix and subscribe to
## the resulting topic on the remote broker.  When a matching
## incoming message is received, the remote prefix will be removed
## from the topic and then the local prefix added.
## For outgoing topics, the bridge will prepend the pattern with the
## local prefix and subscribe to the resulting topic on the local
## broker. When an outgoing message is processed, the local prefix
## will be removed from the topic then the remote prefix added.
## For shared subscriptions topic prefixes are applied only to the
## topic part of the subscription.
## 
## Acceptable values:
##   - text
## vmq_bridge.tcp.br0.topic.1 = topic

## Set the amount of time a bridge using the automatic start type will wait
## until attempting to reconnect. Defaults to 30 seconds.
## 
## Default: 10
## 
## Acceptable values:
##   - an integer
## vmq_bridge.tcp.br0.restart_timeout = 10

## If try_private is enabled, the bridge will attempt to indicate to the
## remote broker that it is a bridge not an ordinary client.
## Note that loop detection for bridges is not yet implemented.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
## vmq_bridge.tcp.br0.try_private = on

## Set the MQTT protocol version to be used by the bridge.
## 
## Default: 3
## 
## Acceptable values:
##   - one of: 3, 4
## vmq_bridge.tcp.br0.mqtt_version = on

## Maximum number of outgoing messages the bridge will buffer
## while not connected to the remote broker. Messages published while
## the buffer is full are dropped. A value of 0 means buffering is
## disabled.
## 
## Default: 0
## 
## Acceptable values:
##   - an integer
## vmq_bridge.tcp.br0.max_outgoing_buffered_messages = 0

## The cafile is used to define the path to a file containing
## the PEM encoded CA certificates that are trusted.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_bridge.ssl.sbr0.cafile = ./etc/cacerts.pem

## Set the path to the PEM encoded server certificate.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_bridge.ssl.sbr0.certfile = ./etc/cert.pem

## Set the path to the PEM encoded key file.
## 
## Default: 
## 
## Acceptable values:
##   - the path to a file
## vmq_bridge.ssl.sbr0.keyfile = ./etc/key.pem

## When using certificate based TLS, the bridge will attempt to verify the
## hostname provided in the remote certificate matches the host/address being
## connected to. This may cause problems in testing scenarios, so this option
## may be enabled to disable the hostname verification.
## Setting this option to true means that a malicious third party could
## potentially inpersonate your server, so it should always be disabled in
## production environments.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
## vmq_bridge.ssl.sbr0.insecure = off

## Configure the TLS protocol version (tlsv1, tlsv1.1, or tlsv1.2) to be
## used for this bridge.
## 
## Default: tlsv1.2
## 
## Acceptable values:
##   - text
## vmq_bridge.ssl.sbr0.tls_version = tlsv1.2

## Pre-shared-key encryption provides an alternative to certificate based
## encryption. This option specifies the identity used.
## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_bridge.ssl.sbr0.identity = 

## Pre-shared-key encryption provides an alternative to certificate based
## encryption. This option specifies the shared secret used in hexadecimal
## format without leading '0x'.
## 
## Default: 
## 
## Acceptable values:
##   - text
## vmq_bridge.ssl.sbr0.psk = 

## Allow the bridge to open SSL connections to remote broker with wildcard certs
## 
## Default: https
## 
## Acceptable values:
##   - one of: https
## vmq_bridge.ssl.name.customize_hostname_check = on

## Specifies the auth method used after the API call has been authenticated
## /authorized by the endpoint. The only possible values is "on-behalf-of" and
## "predefined"
## If you specify "on-behalf-of" every HTTP call needs to provide a client-id,
## a username and a password. Those are only used to authenticated/authorize
## the request. They have no impact on any client with the same id already
## connected. You should anyway consider using  dedicated users and clients for
## HTTP calls.
## It is possible to set the app_auth setting on each listener.
## listener.https.$name$.http_modules.vmq_http_pub.app_auth
## listener.http.$name$.http_modules.vmq_http_pub.app_auth
## Using HTTP is not recommended.
## 
## Default: on-behalf-of
## 
## Acceptable values:
##   - text
## vmq_http_pub.mqtt_auth.mode = on-behalf-of

## 
## Default: mqtt
## 
## Acceptable values:
##   - text
## vmq_http_pub.mqtt_auth.auth_plugin = mqtt

## Where to emit the default log messages (typically at 'info'
## severity):
## off: disabled
## file: the file specified by log.console.file
## console: to standard output (seen when using `vmq attach-direct`)
## both: log.console.file and standard out.
## 
## Default: file
## 
## Acceptable values:
##   - one of: off, file, console, both
log.console = file

## The severity level of the console log, default is 'info'.
## 
## Default: info
## 
## Acceptable values:
##   - one of: debug, info, warning, error
log.console.level = info

## When 'log.console' is set to 'file' or 'both', the file where
## console messages will be logged.
## 
## Default: ./log/console.log
## 
## Acceptable values:
##   - the path to a file
log.console.file = ./log/console.log

## The file where error messages will be logged.
## 
## Default: ./log/error.log
## 
## Acceptable values:
##   - the path to a file
log.error.file = ./log/error.log

## When set to 'on', enables log output to syslog.
## 
## Default: off
## 
## Acceptable values:
##   - on or off
log.syslog = off

## Whether to enable the crash log.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
log.crash = on

## If the crash log is enabled, the file where its messages will
## be written.
## 
## Default: ./log/crash.log
## 
## Acceptable values:
##   - the path to a file
log.crash.file = ./log/crash.log

## Maximum size in bytes of individual messages in the crash log
## 
## Default: 64KB
## 
## Acceptable values:
##   - a byte size with units, e.g. 10GB
log.crash.maximum_message_size = 64KB

## Maximum size of the crash log in bytes, before it is rotated
## 
## Default: 10MB
## 
## Acceptable values:
##   - a byte size with units, e.g. 10GB
log.crash.size = 10MB

## The schedule on which to rotate the crash log. For more
## information see:
## https://github.com/basho/lager/blob/master/README.md#internal-log-rotation
## 
## Default: $D0
## 
## Acceptable values:
##   - text
log.crash.rotation = $D0

## The number of rotated crash logs to keep. When set to
## 'current', only the current open log file is kept.
## 
## Default: 5
## 
## Acceptable values:
##   - an integer
##   - the text "current"
log.crash.rotation.keep = 5

## Name of the Erlang node
## Default: VerneMQ@127.0.0.1
## Acceptable values:
## - text
## 
## Default: VerneMQ@127.0.0.1
## 
## Acceptable values:
##   - text
nodename = VerneMQ@127.0.0.1

## Cookie for distributed node communication.  All nodes in the
## same cluster should use the same cookie or they will not be able to
## communicate.
## IMPORTANT!!! SET the cookie to a private value! DO NOT LEAVE AT DEFAULT!
## 
## Default: vmq
## 
## Acceptable values:
##   - text
distributed_cookie = vmq

## Sets the number of threads in async thread pool, valid range
## is 0-1024. If thread support is available, the default is 64.
## More information at: http://erlang.org/doc/man/erl.html
## 
## Default: 64
## 
## Acceptable values:
##   - an integer
erlang.async_threads = 64

## The number of concurrent ports/sockets
## Valid range is 1024-134217727
## 
## Default: 262144
## 
## Acceptable values:
##   - an integer
erlang.max_ports = 262144

## Set scheduler forced wakeup interval. All run queues will be
## scanned each Interval milliseconds. While there are sleeping
## schedulers in the system, one scheduler will be woken for each
## non-empty run queue found. An Interval of zero disables this
## feature, which also is the default.
## This feature is a workaround for lengthy executing native code, and
## native code that do not bump reductions properly.
## More information: http://www.erlang.org/doc/man/erl.html#+sfwi
## 
## Acceptable values:
##   - an integer
## erlang.schedulers.force_wakeup_interval = 500

## Enable or disable scheduler compaction of load. By default
## scheduler compaction of load is enabled. When enabled, load
## balancing will strive for a load distribution which causes as many
## scheduler threads as possible to be fully loaded (i.e., not run out
## of work). This is accomplished by migrating load (e.g. runnable
## processes) into a smaller set of schedulers when schedulers
## frequently run out of work. When disabled, the frequency with which
## schedulers run out of work will not be taken into account by the
## load balancing logic.
## More information: http://www.erlang.org/doc/man/erl.html#+scl
## 
## Acceptable values:
##   - one of: true, false
## erlang.schedulers.compaction_of_load = false

## Enable or disable scheduler utilization balancing of load. By
## default scheduler utilization balancing is disabled and instead
## scheduler compaction of load is enabled which will strive for a
## load distribution which causes as many scheduler threads as
## possible to be fully loaded (i.e., not run out of work). When
## scheduler utilization balancing is enabled the system will instead
## try to balance scheduler utilization between schedulers. That is,
## strive for equal scheduler utilization on all schedulers.
## More information: http://www.erlang.org/doc/man/erl.html#+sub
## 
## Acceptable values:
##   - one of: true, false
## erlang.schedulers.utilization_balancing = true

## This parameter defines the percentage of total server memory
## to assign to LevelDB. LevelDB will dynamically adjust its internal
## cache sizes to stay within this size.  The memory size can
## alternately be assigned as a byte count via leveldb.maximum_memory
## instead.
## 
## Default: 70
## 
## Acceptable values:
##   - an integer
leveldb.maximum_memory.percent = 70

## Enables or disables the compression of data on disk.
## Enabling (default) saves disk space.  Disabling may reduce read
## latency but increase overall disk activity.  Option can be
## changed at any time, but will not impact data on disk until
## next time a file requires compaction.
## 
## Default: on
## 
## Acceptable values:
##   - on or off
leveldb.compression = on

## Selection of compression algorithms.  snappy is
## original compression supplied for leveldb.  lz4 is new
## algorithm that compresses to similar volume but averages twice
## as fast on writes and four times as fast on reads.
## 
## Acceptable values:
##   - one of: snappy, lz4
leveldb.compression.algorithm = lz4

include conf.d/*.conf

########## Start ##########
vmq_diversity.mysql.port=3306
vmq_diversity.mysql.host=mysql_nest
vmq_diversity.mysql.password=vernemq
plugins.vmq_acl=off
vmq_diversity.mysql.user=vernemq
vmq_diversity.auth_mysql.enabled=on
vmq_diversity.mysql.database=vernemq_db
vmq_diversity.mysql.password_hash_method=md5
plugins.vmq_passwd=off
plugins.vmq_diversity=on
accept_eula=yes
max_message_rate=2
log.console=console
allow_anonymous=off
erlang.distribution.port_range.minimum = 9100
erlang.distribution.port_range.maximum = 9109
listener.tcp.default = 192.168.64.4:1883
listener.ws.default = 192.168.64.4:8080
listener.vmq.clustering = 192.168.64.4:44053
listener.http.metrics = 192.168.64.4:8888
########## End ##########

Code of Conduct

  • I agree to follow the VerneMQ's Code of Conduct
@ioolkos
Copy link
Contributor

ioolkos commented Aug 3, 2023

This works by throttling in the session state machine if I remember correctly. So you might still have a big TCP receive buffer before the publisher experiences backpressure, but the consumer should see throttled messages. Is the latter not the case?

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

@bilal-haider-cowlar
Copy link
Author

Thanks for the response. I was just testing its power before integrating into project with 2 to 3 clients and publishing 10 to 15 messages per second but all the subscribed clients are receiving all messages even when i have applied the max_message_rate =2.

@ioolkos
Copy link
Contributor

ioolkos commented Aug 3, 2023

Some more info.

  • An auth_on_register hook can give back a modifier with a rate: {ok, [{max_message_rate, 2}]}
  • An auth_on_publish hook can give back a modifier with throttling milliseconds: {ok, [{throttle, 100}]}
    (those are the MQTT v3 forms of modifiers, as an example)

The global max_message_rate should work too... as if applied to every authenticated session individually. I'll have to trace/review this a bit to see what happens exactly and whether this is maybe a regression, or still happening due to TCP buffers.

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

@bilal-haider-cowlar
Copy link
Author

Thanks for the response.

@ioolkos ioolkos changed the title [Bug]: <title> [Bug]: Question on max_message_rate Aug 3, 2023
@mths1
Copy link
Contributor

mths1 commented Aug 16, 2023

I wonder why this "throttling" was implemented (which I also couldn't get to work). Wouldn't it be more natural to just reject the publish if it is too often - or even disconnect the client? Given all the problems a throttling has with network buffers etc...

@ioolkos
Copy link
Contributor

ioolkos commented Aug 16, 2023

The throttling for auth_on_publish was implemented on a user's request and enabled them to implement certain platform business logic. It works as intended.

As for max_message_rate, I'm happy to talk about improvements. We always tried to avoid heavy accounting/counters per session, this might have influenced the current implementation. Also, note that MQTT v5 has PUBACK reason codes, while v3 has not. There's a "quota exceeded" RC (151) in v5.
This will not work for QoS 0, of course, so on a general layer we cannot "reject a Publish".

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ioolkos @mths1 @bilal-haider-cowlar