]>
Commit | Line | Data |
---|---|---|
1 | %% -*- mode: erlang -*- | |
2 | %% ---------------------------------------------------------------------------- | |
3 | %% RabbitMQ Sample Configuration File. | |
4 | %% | |
5 | %% See http://www.rabbitmq.com/configure.html for details. | |
6 | %% ---------------------------------------------------------------------------- | |
7 | [ | |
8 | {rabbit, | |
9 | [%% | |
10 | %% Network Connectivity | |
11 | %% ==================== | |
12 | %% | |
13 | ||
14 | %% By default, RabbitMQ will listen on all interfaces, using | |
15 | %% the standard (reserved) AMQP port. | |
16 | %% | |
17 | %% {tcp_listeners, [5672]}, | |
18 | ||
19 | %% To listen on a specific interface, provide a tuple of {IpAddress, Port}. | |
20 | %% For example, to listen only on localhost for both IPv4 and IPv6: | |
21 | %% | |
22 | %% {tcp_listeners, [{"127.0.0.1", 5672}, | |
23 | %% {"::1", 5672}]}, | |
24 | ||
25 | %% SSL listeners are configured in the same fashion as TCP listeners, | |
26 | %% including the option to control the choice of interface. | |
27 | %% | |
28 | %% {ssl_listeners, [5671]}, | |
29 | ||
30 | %% Number of Erlang processes that will accept connections for the TCP | |
31 | %% and SSL listeners. | |
32 | %% | |
33 | %% {num_tcp_acceptors, 10}, | |
34 | %% {num_ssl_acceptors, 1}, | |
35 | ||
36 | %% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection | |
37 | %% and SSL handshake), in milliseconds. | |
38 | %% | |
39 | %% {handshake_timeout, 10000}, | |
40 | ||
41 | %% Log levels (currently just used for connection logging). | |
42 | %% One of 'debug', 'info', 'warning', 'error' or 'none', in decreasing | |
43 | %% order of verbosity. Defaults to 'info'. | |
44 | %% | |
45 | %% {log_levels, [{connection, info}, {channel, info}]}, | |
46 | ||
47 | %% Set to 'true' to perform reverse DNS lookups when accepting a | |
48 | %% connection. Hostnames will then be shown instead of IP addresses | |
49 | %% in rabbitmqctl and the management plugin. | |
50 | %% | |
51 | %% {reverse_dns_lookups, true}, | |
52 | ||
53 | %% | |
54 | %% Security / AAA | |
55 | %% ============== | |
56 | %% | |
57 | ||
58 | %% The default "guest" user is only permitted to access the server | |
59 | %% via a loopback interface (e.g. localhost). | |
60 | %% {loopback_users, [<<"guest">>]}, | |
61 | %% | |
62 | %% Uncomment the following line if you want to allow access to the | |
63 | %% guest user from anywhere on the network. | |
64 | %% {loopback_users, []}, | |
65 | ||
66 | %% Configuring SSL. | |
67 | %% See http://www.rabbitmq.com/ssl.html for full documentation. | |
68 | %% | |
69 | %% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, | |
70 | %% {certfile, "/path/to/server/cert.pem"}, | |
71 | %% {keyfile, "/path/to/server/key.pem"}, | |
72 | %% {verify, verify_peer}, | |
73 | %% {fail_if_no_peer_cert, false}]}, | |
74 | ||
75 | %% Choose the available SASL mechanism(s) to expose. | |
76 | %% The two default (built in) mechanisms are 'PLAIN' and | |
77 | %% 'AMQPLAIN'. Additional mechanisms can be added via | |
78 | %% plugins. | |
79 | %% | |
80 | %% See http://www.rabbitmq.com/authentication.html for more details. | |
81 | %% | |
82 | %% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, | |
83 | ||
84 | %% Select an authentication database to use. RabbitMQ comes bundled | |
85 | %% with a built-in auth-database, based on mnesia. | |
86 | %% | |
87 | %% {auth_backends, [rabbit_auth_backend_internal]}, | |
88 | ||
89 | %% Configurations supporting the rabbitmq_auth_mechanism_ssl and | |
90 | %% rabbitmq_auth_backend_ldap plugins. | |
91 | %% | |
92 | %% NB: These options require that the relevant plugin is enabled. | |
93 | %% See http://www.rabbitmq.com/plugins.html for further details. | |
94 | ||
95 | %% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to | |
96 | %% authenticate a user based on the client's SSL certificate. | |
97 | %% | |
98 | %% To use auth-mechanism-ssl, add to or replace the auth_mechanisms | |
99 | %% list with the entry 'EXTERNAL'. | |
100 | %% | |
101 | %% {auth_mechanisms, ['EXTERNAL']}, | |
102 | ||
103 | %% The rabbitmq_auth_backend_ldap plugin allows the broker to | |
104 | %% perform authentication and authorisation by deferring to an | |
105 | %% external LDAP server. | |
106 | %% | |
107 | %% For more information about configuring the LDAP backend, see | |
108 | %% http://www.rabbitmq.com/ldap.html. | |
109 | %% | |
110 | %% Enable the LDAP auth backend by adding to or replacing the | |
111 | %% auth_backends entry: | |
112 | %% | |
113 | %% {auth_backends, [rabbit_auth_backend_ldap]}, | |
114 | ||
115 | %% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and | |
116 | %% STOMP ssl_cert_login configurations. See the rabbitmq_stomp | |
117 | %% configuration section later in this file and the README in | |
118 | %% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further | |
119 | %% details. | |
120 | %% | |
121 | %% To use the SSL cert's CN instead of its DN as the username | |
122 | %% | |
123 | %% {ssl_cert_login_from, common_name}, | |
124 | ||
125 | %% SSL handshake timeout, in milliseconds. | |
126 | %% | |
127 | %% {ssl_handshake_timeout, 5000}, | |
128 | ||
129 | %% Password hashing implementation. Will only affect newly | |
130 | %% created users. To recalculate hash for an existing user | |
131 | %% it's necessary to update her password. | |
132 | %% | |
133 | %% {password_hashing_module, rabbit_password_hashing_sha256}, | |
134 | ||
135 | %% Configuration entry encryption. | |
136 | %% See http://www.rabbitmq.com/configure.html#configuration-encryption | |
137 | %% | |
138 | %% To specify the passphrase in the configuration file: | |
139 | %% | |
140 | %% {config_entry_decoder, [{passphrase, <<"mypassphrase">>}]} | |
141 | %% | |
142 | %% To specify the passphrase in an external file: | |
143 | %% | |
144 | %% {config_entry_decoder, [{passphrase, {file, "/path/to/passphrase/file"}}]} | |
145 | %% | |
146 | %% To make the broker request the passphrase when it starts: | |
147 | %% | |
148 | %% {config_entry_decoder, [{passphrase, prompt}]} | |
149 | %% | |
150 | %% To change encryption settings: | |
151 | %% | |
152 | %% {config_entry_decoder, [{cipher, aes_cbc256}, | |
153 | %% {hash, sha512}, | |
154 | %% {iterations, 1000}]} | |
155 | ||
156 | %% | |
157 | %% Default User / VHost | |
158 | %% ==================== | |
159 | %% | |
160 | ||
161 | %% On first start RabbitMQ will create a vhost and a user. These | |
162 | %% config items control what gets created. See | |
163 | %% http://www.rabbitmq.com/access-control.html for further | |
164 | %% information about vhosts and access control. | |
165 | %% | |
166 | %% {default_vhost, <<"/">>}, | |
167 | %% {default_user, <<"guest">>}, | |
168 | %% {default_pass, <<"guest">>}, | |
169 | %% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, | |
170 | ||
171 | %% Tags for default user | |
172 | %% | |
173 | %% For more details about tags, see the documentation for the | |
174 | %% Management Plugin at http://www.rabbitmq.com/management.html. | |
175 | %% | |
176 | %% {default_user_tags, [administrator]}, | |
177 | ||
178 | %% | |
179 | %% Additional network and protocol related configuration | |
180 | %% ===================================================== | |
181 | %% | |
182 | ||
183 | %% Set the default AMQP heartbeat delay (in seconds). | |
184 | %% | |
185 | %% {heartbeat, 60}, | |
186 | ||
187 | %% Set the max permissible size of an AMQP frame (in bytes). | |
188 | %% | |
189 | %% {frame_max, 131072}, | |
190 | ||
191 | %% Set the max frame size the server will accept before connection | |
192 | %% tuning occurs | |
193 | %% | |
194 | %% {initial_frame_max, 4096}, | |
195 | ||
196 | %% Set the max permissible number of channels per connection. | |
197 | %% 0 means "no limit". | |
198 | %% | |
199 | %% {channel_max, 128}, | |
200 | ||
201 | %% Customising Socket Options. | |
202 | %% | |
203 | %% See (http://www.erlang.org/doc/man/inet.html#setopts-2) for | |
204 | %% further documentation. | |
205 | %% | |
206 | %% {tcp_listen_options, [{backlog, 128}, | |
207 | %% {nodelay, true}, | |
208 | %% {exit_on_close, false}]}, | |
209 | ||
210 | %% | |
211 | %% Resource Limits & Flow Control | |
212 | %% ============================== | |
213 | %% | |
214 | %% See http://www.rabbitmq.com/memory.html for full details. | |
215 | ||
216 | %% Memory-based Flow Control threshold. | |
217 | %% | |
218 | %% {vm_memory_high_watermark, 0.4}, | |
219 | ||
220 | %% Alternatively, we can set a limit (in bytes) of RAM used by the node. | |
221 | %% | |
222 | %% {vm_memory_high_watermark, {absolute, 1073741824}}, | |
223 | %% | |
224 | %% Or you can set absolute value using memory units. | |
225 | %% | |
226 | %% {vm_memory_high_watermark, {absolute, "1024M"}}, | |
227 | %% | |
228 | %% Supported units suffixes: | |
229 | %% | |
230 | %% k, kiB: kibibytes (2^10 bytes) | |
231 | %% M, MiB: mebibytes (2^20) | |
232 | %% G, GiB: gibibytes (2^30) | |
233 | %% kB: kilobytes (10^3) | |
234 | %% MB: megabytes (10^6) | |
235 | %% GB: gigabytes (10^9) | |
236 | ||
237 | %% Fraction of the high watermark limit at which queues start to | |
238 | %% page message out to disc in order to free up memory. | |
239 | %% | |
240 | %% Values greater than 0.9 can be dangerous and should be used carefully. | |
241 | %% | |
242 | %% {vm_memory_high_watermark_paging_ratio, 0.5}, | |
243 | ||
244 | %% Interval (in milliseconds) at which we perform the check of the memory | |
245 | %% levels against the watermarks. | |
246 | %% | |
247 | %% {memory_monitor_interval, 2500}, | |
248 | ||
249 | %% Set disk free limit (in bytes). Once free disk space reaches this | |
250 | %% lower bound, a disk alarm will be set - see the documentation | |
251 | %% listed above for more details. | |
252 | %% | |
253 | %% {disk_free_limit, 50000000}, | |
254 | %% | |
255 | %% Or you can set it using memory units (same as in vm_memory_high_watermark) | |
256 | %% {disk_free_limit, "50MB"}, | |
257 | %% {disk_free_limit, "50000kB"}, | |
258 | %% {disk_free_limit, "2GB"}, | |
259 | ||
260 | %% Alternatively, we can set a limit relative to total available RAM. | |
261 | %% | |
262 | %% Values lower than 1.0 can be dangerous and should be used carefully. | |
263 | %% {disk_free_limit, {mem_relative, 2.0}}, | |
264 | ||
265 | %% | |
266 | %% Misc/Advanced Options | |
267 | %% ===================== | |
268 | %% | |
269 | %% NB: Change these only if you understand what you are doing! | |
270 | %% | |
271 | ||
272 | %% To announce custom properties to clients on connection: | |
273 | %% | |
274 | %% {server_properties, []}, | |
275 | ||
276 | %% How to respond to cluster partitions. | |
277 | %% See http://www.rabbitmq.com/partitions.html for further details. | |
278 | %% | |
279 | %% {cluster_partition_handling, ignore}, | |
280 | ||
281 | %% Make clustering happen *automatically* at startup - only applied | |
282 | %% to nodes that have just been reset or started for the first time. | |
283 | %% See http://www.rabbitmq.com/clustering.html#auto-config for | |
284 | %% further details. | |
285 | %% | |
286 | %% {cluster_nodes, {['rabbit@my.host.com'], disc}}, | |
287 | ||
288 | %% Interval (in milliseconds) at which we send keepalive messages | |
289 | %% to other cluster members. Note that this is not the same thing | |
290 | %% as net_ticktime; missed keepalive messages will not cause nodes | |
291 | %% to be considered down. | |
292 | %% | |
293 | %% {cluster_keepalive_interval, 10000}, | |
294 | ||
295 | %% Set (internal) statistics collection granularity. | |
296 | %% | |
297 | %% {collect_statistics, none}, | |
298 | ||
299 | %% Statistics collection interval (in milliseconds). | |
300 | %% | |
301 | %% {collect_statistics_interval, 5000}, | |
302 | ||
303 | %% Explicitly enable/disable hipe compilation. | |
304 | %% | |
305 | %% {hipe_compile, true}, | |
306 | ||
307 | %% Number of times to retry while waiting for Mnesia tables in a cluster to | |
308 | %% become available. | |
309 | %% | |
310 | %% {mnesia_table_loading_retry_limit, 10}, | |
311 | ||
312 | %% Time to wait per retry for Mnesia tables in a cluster to become | |
313 | %% available. | |
314 | %% | |
315 | %% {mnesia_table_loading_retry_timeout, 30000}, | |
316 | ||
317 | %% Size in bytes below which to embed messages in the queue index. See | |
318 | %% http://www.rabbitmq.com/persistence-conf.html | |
319 | %% | |
320 | %% {queue_index_embed_msgs_below, 4096}, | |
321 | ||
322 | %% Whether or not to enable background GC. | |
323 | %% | |
324 | %% {background_gc_enabled, true}, | |
325 | %% | |
326 | %% Interval (in milliseconds) at which we run background GC. | |
327 | %% | |
328 | %% {background_gc_target_interval, 60000} | |
329 | ||
330 | ]}, | |
331 | ||
332 | %% ---------------------------------------------------------------------------- | |
333 | %% Advanced Erlang Networking/Clustering Options. | |
334 | %% | |
335 | %% See http://www.rabbitmq.com/clustering.html for details | |
336 | %% ---------------------------------------------------------------------------- | |
337 | {kernel, | |
338 | [%% Sets the net_kernel tick time. | |
339 | %% Please see http://erlang.org/doc/man/kernel_app.html and | |
340 | %% http://www.rabbitmq.com/nettick.html for further details. | |
341 | %% | |
342 | %% {net_ticktime, 60} | |
343 | ]}, | |
344 | ||
345 | %% ---------------------------------------------------------------------------- | |
346 | %% RabbitMQ Management Plugin | |
347 | %% | |
348 | %% See http://www.rabbitmq.com/management.html for details | |
349 | %% ---------------------------------------------------------------------------- | |
350 | ||
351 | {rabbitmq_management, | |
352 | [%% Pre-Load schema definitions from the following JSON file. See | |
353 | %% http://www.rabbitmq.com/management.html#load-definitions | |
354 | %% | |
355 | %% {load_definitions, "/path/to/schema.json"}, | |
356 | ||
357 | %% Log all requests to the management HTTP API to a file. | |
358 | %% | |
359 | %% {http_log_dir, "/path/to/access.log"}, | |
360 | ||
361 | %% Change the port on which the HTTP listener listens, | |
362 | %% specifying an interface for the web server to bind to. | |
363 | %% Also set the listener to use SSL and provide SSL options. | |
364 | %% | |
365 | %% {listener, [{port, 12345}, | |
366 | %% {ip, "127.0.0.1"}, | |
367 | %% {ssl, true}, | |
368 | %% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, | |
369 | %% {certfile, "/path/to/cert.pem"}, | |
370 | %% {keyfile, "/path/to/key.pem"}]}]}, | |
371 | ||
372 | %% One of 'basic', 'detailed' or 'none'. See | |
373 | %% http://www.rabbitmq.com/management.html#fine-stats for more details. | |
374 | %% {rates_mode, basic}, | |
375 | ||
376 | %% Configure how long aggregated data (such as message rates and queue | |
377 | %% lengths) is retained. Please read the plugin's documentation in | |
378 | %% http://www.rabbitmq.com/management.html#configuration for more | |
379 | %% details. | |
380 | %% | |
381 | %% {sample_retention_policies, | |
382 | %% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, | |
383 | %% {basic, [{60, 5}, {3600, 60}]}, | |
384 | %% {detailed, [{10, 5}]}]} | |
385 | ]}, | |
386 | ||
387 | %% ---------------------------------------------------------------------------- | |
388 | %% RabbitMQ Shovel Plugin | |
389 | %% | |
390 | %% See http://www.rabbitmq.com/shovel.html for details | |
391 | %% ---------------------------------------------------------------------------- | |
392 | ||
393 | {rabbitmq_shovel, | |
394 | [{shovels, | |
395 | [%% A named shovel worker. | |
396 | %% {my_first_shovel, | |
397 | %% [ | |
398 | ||
399 | %% List the source broker(s) from which to consume. | |
400 | %% | |
401 | %% {sources, | |
402 | %% [%% URI(s) and pre-declarations for all source broker(s). | |
403 | %% {brokers, ["amqp://user:password@host.domain/my_vhost"]}, | |
404 | %% {declarations, []} | |
405 | %% ]}, | |
406 | ||
407 | %% List the destination broker(s) to publish to. | |
408 | %% {destinations, | |
409 | %% [%% A singular version of the 'brokers' element. | |
410 | %% {broker, "amqp://"}, | |
411 | %% {declarations, []} | |
412 | %% ]}, | |
413 | ||
414 | %% Name of the queue to shovel messages from. | |
415 | %% | |
416 | %% {queue, <<"your-queue-name-goes-here">>}, | |
417 | ||
418 | %% Optional prefetch count. | |
419 | %% | |
420 | %% {prefetch_count, 10}, | |
421 | ||
422 | %% when to acknowledge messages: | |
423 | %% - no_ack: never (auto) | |
424 | %% - on_publish: after each message is republished | |
425 | %% - on_confirm: when the destination broker confirms receipt | |
426 | %% | |
427 | %% {ack_mode, on_confirm}, | |
428 | ||
429 | %% Overwrite fields of the outbound basic.publish. | |
430 | %% | |
431 | %% {publish_fields, [{exchange, <<"my_exchange">>}, | |
432 | %% {routing_key, <<"from_shovel">>}]}, | |
433 | ||
434 | %% Static list of basic.properties to set on re-publication. | |
435 | %% | |
436 | %% {publish_properties, [{delivery_mode, 2}]}, | |
437 | ||
438 | %% The number of seconds to wait before attempting to | |
439 | %% reconnect in the event of a connection failure. | |
440 | %% | |
441 | %% {reconnect_delay, 2.5} | |
442 | ||
443 | %% ]} %% End of my_first_shovel | |
444 | ]} | |
445 | %% Rather than specifying some values per-shovel, you can specify | |
446 | %% them for all shovels here. | |
447 | %% | |
448 | %% {defaults, [{prefetch_count, 0}, | |
449 | %% {ack_mode, on_confirm}, | |
450 | %% {publish_fields, []}, | |
451 | %% {publish_properties, [{delivery_mode, 2}]}, | |
452 | %% {reconnect_delay, 2.5}]} | |
453 | ]}, | |
454 | ||
455 | %% ---------------------------------------------------------------------------- | |
456 | %% RabbitMQ Stomp Adapter | |
457 | %% | |
458 | %% See http://www.rabbitmq.com/stomp.html for details | |
459 | %% ---------------------------------------------------------------------------- | |
460 | ||
461 | {rabbitmq_stomp, | |
462 | [%% Network Configuration - the format is generally the same as for the broker | |
463 | ||
464 | %% Listen only on localhost (ipv4 & ipv6) on a specific port. | |
465 | %% {tcp_listeners, [{"127.0.0.1", 61613}, | |
466 | %% {"::1", 61613}]}, | |
467 | ||
468 | %% Listen for SSL connections on a specific port. | |
469 | %% {ssl_listeners, [61614]}, | |
470 | ||
471 | %% Number of Erlang processes that will accept connections for the TCP | |
472 | %% and SSL listeners. | |
473 | %% | |
474 | %% {num_tcp_acceptors, 10}, | |
475 | %% {num_ssl_acceptors, 1}, | |
476 | ||
477 | %% Additional SSL options | |
478 | ||
479 | %% Extract a name from the client's certificate when using SSL. | |
480 | %% | |
481 | %% {ssl_cert_login, true}, | |
482 | ||
483 | %% Set a default user name and password. This is used as the default login | |
484 | %% whenever a CONNECT frame omits the login and passcode headers. | |
485 | %% | |
486 | %% Please note that setting this will allow clients to connect without | |
487 | %% authenticating! | |
488 | %% | |
489 | %% {default_user, [{login, "guest"}, | |
490 | %% {passcode, "guest"}]}, | |
491 | ||
492 | %% If a default user is configured, or you have configured use SSL client | |
493 | %% certificate based authentication, you can choose to allow clients to | |
494 | %% omit the CONNECT frame entirely. If set to true, the client is | |
495 | %% automatically connected as the default user or user supplied in the | |
496 | %% SSL certificate whenever the first frame sent on a session is not a | |
497 | %% CONNECT frame. | |
498 | %% | |
499 | %% {implicit_connect, true} | |
500 | ]}, | |
501 | ||
502 | %% ---------------------------------------------------------------------------- | |
503 | %% RabbitMQ MQTT Adapter | |
504 | %% | |
505 | %% See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md | |
506 | %% for details | |
507 | %% ---------------------------------------------------------------------------- | |
508 | ||
509 | {rabbitmq_mqtt, | |
510 | [%% Set the default user name and password. Will be used as the default login | |
511 | %% if a connecting client provides no other login details. | |
512 | %% | |
513 | %% Please note that setting this will allow clients to connect without | |
514 | %% authenticating! | |
515 | %% | |
516 | %% {default_user, <<"guest">>}, | |
517 | %% {default_pass, <<"guest">>}, | |
518 | ||
519 | %% Enable anonymous access. If this is set to false, clients MUST provide | |
520 | %% login information in order to connect. See the default_user/default_pass | |
521 | %% configuration elements for managing logins without authentication. | |
522 | %% | |
523 | %% {allow_anonymous, true}, | |
524 | ||
525 | %% If you have multiple chosts, specify the one to which the | |
526 | %% adapter connects. | |
527 | %% | |
528 | %% {vhost, <<"/">>}, | |
529 | ||
530 | %% Specify the exchange to which messages from MQTT clients are published. | |
531 | %% | |
532 | %% {exchange, <<"amq.topic">>}, | |
533 | ||
534 | %% Specify TTL (time to live) to control the lifetime of non-clean sessions. | |
535 | %% | |
536 | %% {subscription_ttl, 1800000}, | |
537 | ||
538 | %% Set the prefetch count (governing the maximum number of unacknowledged | |
539 | %% messages that will be delivered). | |
540 | %% | |
541 | %% {prefetch, 10}, | |
542 | ||
543 | %% TCP/SSL Configuration (as per the broker configuration). | |
544 | %% | |
545 | %% {tcp_listeners, [1883]}, | |
546 | %% {ssl_listeners, []}, | |
547 | ||
548 | %% Number of Erlang processes that will accept connections for the TCP | |
549 | %% and SSL listeners. | |
550 | %% | |
551 | %% {num_tcp_acceptors, 10}, | |
552 | %% {num_ssl_acceptors, 1}, | |
553 | ||
554 | %% TCP/Socket options (as per the broker configuration). | |
555 | %% | |
556 | %% {tcp_listen_options, [{backlog, 128}, | |
557 | %% {nodelay, true}]} | |
558 | ]}, | |
559 | ||
560 | %% ---------------------------------------------------------------------------- | |
561 | %% RabbitMQ AMQP 1.0 Support | |
562 | %% | |
563 | %% See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md | |
564 | %% for details | |
565 | %% ---------------------------------------------------------------------------- | |
566 | ||
567 | {rabbitmq_amqp1_0, | |
568 | [%% Connections that are not authenticated with SASL will connect as this | |
569 | %% account. See the README for more information. | |
570 | %% | |
571 | %% Please note that setting this will allow clients to connect without | |
572 | %% authenticating! | |
573 | %% | |
574 | %% {default_user, "guest"}, | |
575 | ||
576 | %% Enable protocol strict mode. See the README for more information. | |
577 | %% | |
578 | %% {protocol_strict_mode, false} | |
579 | ]}, | |
580 | ||
581 | %% ---------------------------------------------------------------------------- | |
582 | %% RabbitMQ LDAP Plugin | |
583 | %% | |
584 | %% See http://www.rabbitmq.com/ldap.html for details. | |
585 | %% | |
586 | %% ---------------------------------------------------------------------------- | |
587 | ||
588 | {rabbitmq_auth_backend_ldap, | |
589 | [%% | |
590 | %% Connecting to the LDAP server(s) | |
591 | %% ================================ | |
592 | %% | |
593 | ||
594 | %% Specify servers to bind to. You *must* set this in order for the plugin | |
595 | %% to work properly. | |
596 | %% | |
597 | %% {servers, ["your-server-name-goes-here"]}, | |
598 | ||
599 | %% Connect to the LDAP server using SSL | |
600 | %% | |
601 | %% {use_ssl, false}, | |
602 | ||
603 | %% Specify the LDAP port to connect to | |
604 | %% | |
605 | %% {port, 389}, | |
606 | ||
607 | %% LDAP connection timeout, in milliseconds or 'infinity' | |
608 | %% | |
609 | %% {timeout, infinity}, | |
610 | ||
611 | %% Enable logging of LDAP queries. | |
612 | %% One of | |
613 | %% - false (no logging is performed) | |
614 | %% - true (verbose logging of the logic used by the plugin) | |
615 | %% - network (as true, but additionally logs LDAP network traffic) | |
616 | %% | |
617 | %% Defaults to false. | |
618 | %% | |
619 | %% {log, false}, | |
620 | ||
621 | %% | |
622 | %% Authentication | |
623 | %% ============== | |
624 | %% | |
625 | ||
626 | %% Pattern to convert the username given through AMQP to a DN before | |
627 | %% binding | |
628 | %% | |
629 | %% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"}, | |
630 | ||
631 | %% Alternatively, you can convert a username to a Distinguished | |
632 | %% Name via an LDAP lookup after binding. See the documentation for | |
633 | %% full details. | |
634 | ||
635 | %% When converting a username to a dn via a lookup, set these to | |
636 | %% the name of the attribute that represents the user name, and the | |
637 | %% base DN for the lookup query. | |
638 | %% | |
639 | %% {dn_lookup_attribute, "userPrincipalName"}, | |
640 | %% {dn_lookup_base, "DC=gopivotal,DC=com"}, | |
641 | ||
642 | %% Controls how to bind for authorisation queries and also to | |
643 | %% retrieve the details of users logging in without presenting a | |
644 | %% password (e.g., SASL EXTERNAL). | |
645 | %% One of | |
646 | %% - as_user (to bind as the authenticated user - requires a password) | |
647 | %% - anon (to bind anonymously) | |
648 | %% - {UserDN, Password} (to bind with a specified user name and password) | |
649 | %% | |
650 | %% Defaults to 'as_user'. | |
651 | %% | |
652 | %% {other_bind, as_user}, | |
653 | ||
654 | %% | |
655 | %% Authorisation | |
656 | %% ============= | |
657 | %% | |
658 | ||
659 | %% The LDAP plugin can perform a variety of queries against your | |
660 | %% LDAP server to determine questions of authorisation. See | |
661 | %% http://www.rabbitmq.com/ldap.html#authorisation for more | |
662 | %% information. | |
663 | ||
664 | %% Set the query to use when determining vhost access | |
665 | %% | |
666 | %% {vhost_access_query, {in_group, | |
667 | %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, | |
668 | ||
669 | %% Set the query to use when determining resource (e.g., queue) access | |
670 | %% | |
671 | %% {resource_access_query, {constant, true}}, | |
672 | ||
673 | %% Set queries to determine which tags a user has | |
674 | %% | |
675 | %% {tag_queries, []} | |
676 | ]} | |
677 | ]. |