|
...
|
...
|
@@ -31,7 +31,7 @@ server: |
|
31
|
31
|
pem:
|
|
32
|
32
|
# Path to the server certificate file (holds server certificate or certificate chain, may include server private key)
|
|
33
|
33
|
cert_file: "${SSL_PEM_CERT:server.pem}"
|
|
34
|
|
- # Path to the server certificate private key file (optional)
|
|
|
34
|
+ # Path to the server certificate private key file. Optional by default. Required if the private key is not present in server certificate file;
|
|
35
|
35
|
key_file: "${SSL_PEM_KEY:server_key.pem}"
|
|
36
|
36
|
# Server certificate private key password (optional)
|
|
37
|
37
|
key_password: "${SSL_PEM_KEY_PASSWORD:server_key_password}"
|
|
...
|
...
|
@@ -54,7 +54,7 @@ server: |
|
54
|
54
|
log_controller_error_stack_trace: "${HTTP_LOG_CONTROLLER_ERROR_STACK_TRACE:false}"
|
|
55
|
55
|
ws:
|
|
56
|
56
|
send_timeout: "${TB_SERVER_WS_SEND_TIMEOUT:5000}"
|
|
57
|
|
- ping_timeout: "${TB_SERVER_WS_PING_TIMEOUT:30000}"
|
|
|
57
|
+ ping_timeout: "${TB_SERVER_WS_PING_TIMEOUT:15000}"
|
|
58
|
58
|
limits:
|
|
59
|
59
|
# Limit the amount of sessions and subscriptions available on each server. Put values to zero to disable particular limitation
|
|
60
|
60
|
max_sessions_per_tenant: "${TB_SERVER_WS_TENANT_RATE_LIMITS_MAX_SESSIONS_PER_TENANT:0}"
|
|
...
|
...
|
@@ -644,7 +644,7 @@ transport: |
|
644
|
644
|
bind_address: "${MQTT_SSL_BIND_ADDRESS:0.0.0.0}"
|
|
645
|
645
|
# MQTT SSL bind port
|
|
646
|
646
|
bind_port: "${MQTT_SSL_BIND_PORT:8883}"
|
|
647
|
|
- # SSL protocol: See http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext
|
|
|
647
|
+ # SSL protocol: See https://docs.oracle.com/en/java/javase/11/docs/specs/security/standard-names.html#sslcontext-algorithms
|
|
648
|
648
|
protocol: "${MQTT_SSL_PROTOCOL:TLSv1.2}"
|
|
649
|
649
|
# Server SSL credentials
|
|
650
|
650
|
credentials:
|
|
...
|
...
|
@@ -654,7 +654,7 @@ transport: |
|
654
|
654
|
pem:
|
|
655
|
655
|
# Path to the server certificate file (holds server certificate or certificate chain, may include server private key)
|
|
656
|
656
|
cert_file: "${MQTT_SSL_PEM_CERT:mqttserver.pem}"
|
|
657
|
|
- # Path to the server certificate private key file (optional)
|
|
|
657
|
+ # Path to the server certificate private key file. Optional by default. Required if the private key is not present in server certificate file;
|
|
658
|
658
|
key_file: "${MQTT_SSL_PEM_KEY:mqttserver_key.pem}"
|
|
659
|
659
|
# Server certificate private key password (optional)
|
|
660
|
660
|
key_password: "${MQTT_SSL_PEM_KEY_PASSWORD:server_key_password}"
|
|
...
|
...
|
@@ -666,7 +666,9 @@ transport: |
|
666
|
666
|
store_file: "${MQTT_SSL_KEY_STORE:mqttserver.jks}"
|
|
667
|
667
|
# Password used to access the key store
|
|
668
|
668
|
store_password: "${MQTT_SSL_KEY_STORE_PASSWORD:server_ks_password}"
|
|
669
|
|
- # Password used to access the key
|
|
|
669
|
+ # Optional alias of the private key; If not set, the platform will load the first private key from the keystore;
|
|
|
670
|
+ key_alias: "${MQTT_SSL_KEY_ALIAS:}"
|
|
|
671
|
+ # Optional password to access the private key. If not set, the platform will attempt to load the private keys that are not protected with the password;
|
|
670
|
672
|
key_password: "${MQTT_SSL_KEY_PASSWORD:server_key_password}"
|
|
671
|
673
|
# Skip certificate validity check for client certificates.
|
|
672
|
674
|
skip_validity_check_for_client_cert: "${MQTT_SSL_SKIP_VALIDITY_CHECK_FOR_CLIENT_CERT:false}"
|
|
...
|
...
|
@@ -694,7 +696,7 @@ transport: |
|
694
|
696
|
pem:
|
|
695
|
697
|
# Path to the server certificate file (holds server certificate or certificate chain, may include server private key)
|
|
696
|
698
|
cert_file: "${COAP_DTLS_PEM_CERT:coapserver.pem}"
|
|
697
|
|
- # Path to the server certificate private key file (optional)
|
|
|
699
|
+ # Path to the server certificate private key file. Optional by default. Required if the private key is not present in server certificate file;
|
|
698
|
700
|
key_file: "${COAP_DTLS_PEM_KEY:coapserver_key.pem}"
|
|
699
|
701
|
# Server certificate private key password (optional)
|
|
700
|
702
|
key_password: "${COAP_DTLS_PEM_KEY_PASSWORD:server_key_password}"
|
|
...
|
...
|
@@ -736,7 +738,7 @@ transport: |
|
736
|
738
|
pem:
|
|
737
|
739
|
# Path to the server certificate file (holds server certificate or certificate chain, may include server private key)
|
|
738
|
740
|
cert_file: "${LWM2M_SERVER_PEM_CERT:lwm2mserver.pem}"
|
|
739
|
|
- # Path to the server certificate private key file (optional)
|
|
|
741
|
+ # Path to the server certificate private key file. Optional by default. Required if the private key is not present in server certificate file;
|
|
740
|
742
|
key_file: "${LWM2M_SERVER_PEM_KEY:lwm2mserver_key.pem}"
|
|
741
|
743
|
# Server certificate private key password (optional)
|
|
742
|
744
|
key_password: "${LWM2M_SERVER_PEM_KEY_PASSWORD:server_key_password}"
|
|
...
|
...
|
@@ -772,7 +774,7 @@ transport: |
|
772
|
774
|
pem:
|
|
773
|
775
|
# Path to the server certificate file (holds server certificate or certificate chain, may include server private key)
|
|
774
|
776
|
cert_file: "${LWM2M_BS_PEM_CERT:lwm2mserver.pem}"
|
|
775
|
|
- # Path to the server certificate private key file (optional)
|
|
|
777
|
+ # Path to the server certificate private key file. Optional by default. Required if the private key is not present in server certificate file;
|
|
776
|
778
|
key_file: "${LWM2M_BS_PEM_KEY:lwm2mserver_key.pem}"
|
|
777
|
779
|
# Server certificate private key password (optional)
|
|
778
|
780
|
key_password: "${LWM2M_BS_PEM_KEY_PASSWORD:server_key_password}"
|
...
|
...
|
|
