https://github.com/rabbitmq/rabbitmq-server/blob/stable/docs/rabbitmq.config.example
%% ---------------------------------------------------------------------------- | |
%% RabbitMQ Sample Configuration File. | |
%% | |
%% See http://www.rabbitmq.com/configure.html for details. | |
%% ---------------------------------------------------------------------------- | |
[ | |
{rabbit, | |
[%% | |
%% Network Connectivity | |
%% ==================== | |
%% | |
%% By default, RabbitMQ will listen on all interfaces, using | |
%% the standard (reserved) AMQP port. | |
%% | |
%% {tcp_listeners, [5672]}, | |
%% To listen on a specific interface, provide a tuple of {IpAddress, Port}. | |
%% For example, to listen only on localhost for both IPv4 and IPv6: | |
%% | |
%% {tcp_listeners, [{"127.0.0.1", 5672}, | |
%% {"::1", 5672}]}, | |
%% SSL listeners are configured in the same fashion as TCP listeners, | |
%% including the option to control the choice of interface. | |
%% | |
%% {ssl_listeners, [5671]}, | |
%% Number of Erlang processes that will accept connections for the TCP | |
%% and SSL listeners. | |
%% | |
%% {num_tcp_acceptors, 10}, | |
%% {num_ssl_acceptors, 1}, | |
%% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection | |
%% and SSL handshake), in milliseconds. | |
%% | |
%% {handshake_timeout, 10000}, | |
%% Log levels (currently just used for connection logging). | |
%% One of ‘debug‘, ‘info‘, ‘warning‘, ‘error‘ or ‘none‘, in decreasing | |
%% order of verbosity. Defaults to ‘info‘. | |
%% | |
%% {log_levels, [{connection, info}, {channel, info}]}, | |
%% Set to ‘true‘ to perform reverse DNS lookups when accepting a | |
%% connection. Hostnames will then be shown instead of IP addresses | |
%% in rabbitmqctl and the management plugin. | |
%% | |
%% {reverse_dns_lookups, true}, | |
%% | |
%% Security / AAA | |
%% ============== | |
%% | |
%% The default "guest" user is only permitted to access the server | |
%% via a loopback interface (e.g. localhost). | |
%% {loopback_users, [<<"guest">>]}, | |
%% | |
%% Uncomment the following line if you want to allow access to the | |
%% guest user from anywhere on the network. | |
%% {loopback_users, []}, | |
%% Configuring SSL. | |
%% See http://www.rabbitmq.com/ssl.html for full documentation. | |
%% | |
%% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, | |
%% {certfile, "/path/to/server/cert.pem"}, | |
%% {keyfile, "/path/to/server/key.pem"}, | |
%% {verify, verify_peer}, | |
%% {fail_if_no_peer_cert, false}]}, | |
%% Choose the available SASL mechanism(s) to expose. | |
%% The two default (built in) mechanisms are ‘PLAIN‘ and | |
%% ‘AMQPLAIN‘. Additional mechanisms can be added via | |
%% plugins. | |
%% | |
%% See http://www.rabbitmq.com/authentication.html for more details. | |
%% | |
%% {auth_mechanisms, [‘PLAIN‘, ‘AMQPLAIN‘]}, | |
%% Select an authentication database to use. RabbitMQ comes bundled | |
%% with a built-in auth-database, based on mnesia. | |
%% | |
%% {auth_backends, [rabbit_auth_backend_internal]}, | |
%% Configurations supporting the rabbitmq_auth_mechanism_ssl and | |
%% rabbitmq_auth_backend_ldap plugins. | |
%% | |
%% NB: These options require that the relevant plugin is enabled. | |
%% See http://www.rabbitmq.com/plugins.html for further details. | |
%% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to | |
%% authenticate a user based on the client‘s SSL certificate. | |
%% | |
%% To use auth-mechanism-ssl, add to or replace the auth_mechanisms | |
%% list with the entry ‘EXTERNAL‘. | |
%% | |
%% {auth_mechanisms, [‘EXTERNAL‘]}, | |
%% The rabbitmq_auth_backend_ldap plugin allows the broker to | |
%% perform authentication and authorisation by deferring to an | |
%% external LDAP server. | |
%% | |
%% For more information about configuring the LDAP backend, see | |
%% http://www.rabbitmq.com/ldap.html. | |
%% | |
%% Enable the LDAP auth backend by adding to or replacing the | |
%% auth_backends entry: | |
%% | |
%% {auth_backends, [rabbit_auth_backend_ldap]}, | |
%% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and | |
%% STOMP ssl_cert_login configurations. See the rabbitmq_stomp | |
%% configuration section later in this file and the README in | |
%% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further | |
%% details. | |
%% | |
%% To use the SSL cert‘s CN instead of its DN as the username | |
%% | |
%% {ssl_cert_login_from, common_name}, | |
%% SSL handshake timeout, in milliseconds. | |
%% | |
%% {ssl_handshake_timeout, 5000}, | |
%% Password hashing implementation. Will only affect newly | |
%% created users. To recalculate hash for an existing user | |
%% it‘s necessary to update her password. | |
%% | |
%% {password_hashing_module, rabbit_password_hashing_sha256}, | |
%% Configuration entry encryption. | |
%% See http://www.rabbitmq.com/configure.html#configuration-encryption | |
%% | |
%% To specify the passphrase in the configuration file: | |
%% | |
%% {config_entry_decoder, [{passphrase, <<"mypassphrase">>}]} | |
%% | |
%% To specify the passphrase in an external file: | |
%% | |
%% {config_entry_decoder, [{passphrase, {file, "/path/to/passphrase/file"}}]} | |
%% | |
%% To make the broker request the passphrase when it starts: | |
%% | |
%% {config_entry_decoder, [{passphrase, prompt}]} | |
%% | |
%% To change encryption settings: | |
%% | |
%% {config_entry_decoder, [{cipher, aes_cbc256}, | |
%% {hash, sha512}, | |
%% {iterations, 1000}]} | |
%% | |
%% Default User / VHost | |
%% ==================== | |
%% | |
%% On first start RabbitMQ will create a vhost and a user. These | |
%% config items control what gets created. See | |
%% http://www.rabbitmq.com/access-control.html for further | |
%% information about vhosts and access control. | |
%% | |
%% {default_vhost, <<"/">>}, | |
%% {default_user, <<"guest">>}, | |
%% {default_pass, <<"guest">>}, | |
%% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, | |
%% Tags for default user | |
%% | |
%% For more details about tags, see the documentation for the | |
%% Management Plugin at http://www.rabbitmq.com/management.html. | |
%% | |
%% {default_user_tags, [administrator]}, | |
%% | |
%% Additional network and protocol related configuration | |
%% ===================================================== | |
%% | |
%% Set the default AMQP heartbeat delay (in seconds). | |
%% | |
%% {heartbeat, 60}, | |
%% Set the max permissible size of an AMQP frame (in bytes). | |
%% | |
%% {frame_max, 131072}, | |
%% Set the max frame size the server will accept before connection | |
%% tuning occurs | |
%% | |
%% {initial_frame_max, 4096}, | |
%% Set the max permissible number of channels per connection. | |
%% 0 means "no limit". | |
%% | |
%% {channel_max, 128}, | |
%% Customising Socket Options. | |
%% | |
%% See (http://www.erlang.org/doc/man/inet.html#setopts-2) for | |
%% further documentation. | |
%% | |
%% {tcp_listen_options, [{backlog, 128}, | |
%% {nodelay, true}, | |
%% {exit_on_close, false}]}, | |
%% | |
%% Resource Limits & Flow Control | |
%% ============================== | |
%% | |
%% See http://www.rabbitmq.com/memory.html for full details. | |
%% Memory-based Flow Control threshold. | |
%% | |
%% {vm_memory_high_watermark, 0.4}, | |
%% Alternatively, we can set a limit (in bytes) of RAM used by the node. | |
%% | |
%% {vm_memory_high_watermark, {absolute, 1073741824}}, | |
%% | |
%% Or you can set absolute value using memory units. | |
%% | |
%% {vm_memory_high_watermark, {absolute, "1024M"}}, | |
%% | |
%% Supported units suffixes: | |
%% | |
%% k, kiB: kibibytes (2^10 bytes) | |
%% M, MiB: mebibytes (2^20) | |
%% G, GiB: gibibytes (2^30) | |
%% kB: kilobytes (10^3) | |
%% MB: megabytes (10^6) | |
%% GB: gigabytes (10^9) | |
%% Fraction of the high watermark limit at which queues start to | |
%% page message out to disc in order to free up memory. | |
%% | |
%% Values greater than 0.9 can be dangerous and should be used carefully. | |
%% | |
%% {vm_memory_high_watermark_paging_ratio, 0.5}, | |
%% Interval (in milliseconds) at which we perform the check of the memory | |
%% levels against the watermarks. | |
%% | |
%% {memory_monitor_interval, 2500}, | |
%% Set disk free limit (in bytes). Once free disk space reaches this | |
%% lower bound, a disk alarm will be set - see the documentation | |
%% listed above for more details. | |
%% | |
%% {disk_free_limit, 50000000}, | |
%% | |
%% Or you can set it using memory units (same as in vm_memory_high_watermark) | |
%% {disk_free_limit, "50MB"}, | |
%% {disk_free_limit, "50000kB"}, | |
%% {disk_free_limit, "2GB"}, | |
%% Alternatively, we can set a limit relative to total available RAM. | |
%% | |
%% Values lower than 1.0 can be dangerous and should be used carefully. | |
%% {disk_free_limit, {mem_relative, 2.0}}, | |
%% | |
%% Misc/Advanced Options | |
%% ===================== | |
%% | |
%% NB: Change these only if you understand what you are doing! | |
%% | |
%% To announce custom properties to clients on connection: | |
%% | |
%% {server_properties, []}, | |
%% How to respond to cluster partitions. | |
%% See http://www.rabbitmq.com/partitions.html for further details. | |
%% | |
%% {cluster_partition_handling, ignore}, | |
%% Make clustering happen *automatically* at startup - only applied | |
%% to nodes that have just been reset or started for the first time. | |
%% See http://www.rabbitmq.com/clustering.html#auto-config for | |
%% further details. | |
%% | |
%% {cluster_nodes, {[‘[email protected]‘], disc}}, | |
%% Interval (in milliseconds) at which we send keepalive messages | |
%% to other cluster members. Note that this is not the same thing | |
%% as net_ticktime; missed keepalive messages will not cause nodes | |
%% to be considered down. | |
%% | |
%% {cluster_keepalive_interval, 10000}, | |
%% Set (internal) statistics collection granularity. | |
%% | |
%% {collect_statistics, none}, | |
%% Statistics collection interval (in milliseconds). | |
%% | |
%% {collect_statistics_interval, 5000}, | |
%% Explicitly enable/disable hipe compilation. | |
%% | |
%% {hipe_compile, true}, | |
%% Timeout used when waiting for Mnesia tables in a cluster to | |
%% become available. | |
%% | |
%% {mnesia_table_loading_timeout, 30000}, | |
%% Size in bytes below which to embed messages in the queue index. See | |
%% http://www.rabbitmq.com/persistence-conf.html | |
%% | |
%% {queue_index_embed_msgs_below, 4096} | |
]}, | |
%% ---------------------------------------------------------------------------- | |
%% Advanced Erlang Networking/Clustering Options. | |
%% | |
%% See http://www.rabbitmq.com/clustering.html for details | |
%% ---------------------------------------------------------------------------- | |
{kernel, | |
[%% Sets the net_kernel tick time. | |
%% Please see http://erlang.org/doc/man/kernel_app.html and | |
%% http://www.rabbitmq.com/nettick.html for further details. | |
%% | |
%% {net_ticktime, 60} | |
]}, | |
%% ---------------------------------------------------------------------------- | |
%% RabbitMQ Management Plugin | |
%% | |
%% See http://www.rabbitmq.com/management.html for details | |
%% ---------------------------------------------------------------------------- | |
{rabbitmq_management, | |
[%% Pre-Load schema definitions from the following JSON file. See | |
%% http://www.rabbitmq.com/management.html#load-definitions | |
%% | |
%% {load_definitions, "/path/to/schema.json"}, | |
%% Log all requests to the management HTTP API to a file. | |
%% | |
%% {http_log_dir, "/path/to/access.log"}, | |
%% Change the port on which the HTTP listener listens, | |
%% specifying an interface for the web server to bind to. | |
%% Also set the listener to use SSL and provide SSL options. | |
%% | |
%% {listener, [{port, 12345}, | |
%% {ip, "127.0.0.1"}, | |
%% {ssl, true}, | |
%% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, | |
%% {certfile, "/path/to/cert.pem"}, | |
%% {keyfile, "/path/to/key.pem"}]}]}, | |
%% One of ‘basic‘, ‘detailed‘ or ‘none‘. See | |
%% http://www.rabbitmq.com/management.html#fine-stats for more details. | |
%% {rates_mode, basic}, | |
%% Configure how long aggregated data (such as message rates and queue | |
%% lengths) is retained. Please read the plugin‘s documentation in | |
%% http://www.rabbitmq.com/management.html#configuration for more | |
%% details. | |
%% | |
%% {sample_retention_policies, | |
%% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, | |
%% {basic, [{60, 5}, {3600, 60}]}, | |
%% {detailed, [{10, 5}]}]} | |
]}, | |
%% ---------------------------------------------------------------------------- | |
%% RabbitMQ Shovel Plugin | |
%% | |
%% See http://www.rabbitmq.com/shovel.html for details | |
%% ---------------------------------------------------------------------------- | |
{rabbitmq_shovel, | |
[{shovels, | |
[%% A named shovel worker. | |
%% {my_first_shovel, | |
%% [ | |
%% List the source broker(s) from which to consume. | |
%% | |
%% {sources, | |
%% [%% URI(s) and pre-declarations for all source broker(s). | |
%% {brokers, ["amqp://user:[email protected]/my_vhost"]}, | |
%% {declarations, []} | |
%% ]}, | |
%% List the destination broker(s) to publish to. | |
%% {destinations, | |
%% [%% A singular version of the ‘brokers‘ element. | |
%% {broker, "amqp://"}, | |
%% {declarations, []} | |
%% ]}, | |
%% Name of the queue to shovel messages from. | |
%% | |
%% {queue, <<"your-queue-name-goes-here">>}, | |
%% Optional prefetch count. | |
%% | |
%% {prefetch_count, 10}, | |
%% when to acknowledge messages: | |
%% - no_ack: never (auto) | |
%% - on_publish: after each message is republished | |
%% - on_confirm: when the destination broker confirms receipt | |
%% | |
%% {ack_mode, on_confirm}, | |
%% Overwrite fields of the outbound basic.publish. | |
%% | |
%% {publish_fields, [{exchange, <<"my_exchange">>}, | |
%% {routing_key, <<"from_shovel">>}]}, | |
%% Static list of basic.properties to set on re-publication. | |
%% | |
%% {publish_properties, [{delivery_mode, 2}]}, | |
%% The number of seconds to wait before attempting to | |
%% reconnect in the event of a connection failure. | |
%% | |
%% {reconnect_delay, 2.5} | |
%% ]} %% End of my_first_shovel | |
]} | |
%% Rather than specifying some values per-shovel, you can specify | |
%% them for all shovels here. | |
%% | |
%% {defaults, [{prefetch_count, 0}, | |
%% {ack_mode, on_confirm}, | |
%% {publish_fields, []}, | |
%% {publish_properties, [{delivery_mode, 2}]}, | |
%% {reconnect_delay, 2.5}]} | |
]}, | |
%% ---------------------------------------------------------------------------- | |
%% RabbitMQ Stomp Adapter | |
%% | |
%% See http://www.rabbitmq.com/stomp.html for details | |
%% ---------------------------------------------------------------------------- | |
{rabbitmq_stomp, | |
[%% Network Configuration - the format is generally the same as for the broker | |
%% Listen only on localhost (ipv4 & ipv6) on a specific port. | |
%% {tcp_listeners, [{"127.0.0.1", 61613}, | |
%% {"::1", 61613}]}, | |
%% Listen for SSL connections on a specific port. | |
%% {ssl_listeners, [61614]}, | |
%% Number of Erlang processes that will accept connections for the TCP | |
%% and SSL listeners. | |
%% | |
%% {num_tcp_acceptors, 10}, | |
%% {num_ssl_acceptors, 1}, | |
%% Additional SSL options | |
%% Extract a name from the client‘s certificate when using SSL. | |
%% | |
%% {ssl_cert_login, true}, | |
%% Set a default user name and password. This is used as the default login | |
%% whenever a CONNECT frame omits the login and passcode headers. | |
%% | |
%% Please note that setting this will allow clients to connect without | |
%% authenticating! | |
%% | |
%% {default_user, [{login, "guest"}, | |
%% {passcode, "guest"}]}, | |
%% If a default user is configured, or you have configured use SSL client | |
%% certificate based authentication, you can choose to allow clients to | |
%% omit the CONNECT frame entirely. If set to true, the client is | |
%% automatically connected as the default user or user supplied in the | |
%% SSL certificate whenever the first frame sent on a session is not a | |
%% CONNECT frame. | |
%% | |
%% {implicit_connect, true} | |
]}, | |
%% ---------------------------------------------------------------------------- | |
%% RabbitMQ MQTT Adapter | |
%% | |
%% See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md | |
%% for details | |
%% ---------------------------------------------------------------------------- | |
{rabbitmq_mqtt, | |
[%% Set the default user name and password. Will be used as the default login | |
%% if a connecting client provides no other login details. | |
%% | |
%% Please note that setting this will allow clients to connect without | |
%% authenticating! | |
%% | |
%% {default_user, <<"guest">>}, | |
%% {default_pass, <<"guest">>}, | |
%% Enable anonymous access. If this is set to false, clients MUST provide | |
%% login information in order to connect. See the default_user/default_pass | |
%% configuration elements for managing logins without authentication. | |
%% | |
%% {allow_anonymous, true}, | |
%% If you have multiple chosts, specify the one to which the | |
%% adapter connects. | |
%% | |
%% {vhost, <<"/">>}, | |
%% Specify the exchange to which messages from MQTT clients are published. | |
%% | |
%% {exchange, <<"amq.topic">>}, | |
%% Specify TTL (time to live) to control the lifetime of non-clean sessions. | |
%% | |
%% {subscription_ttl, 1800000}, | |
%% Set the prefetch count (governing the maximum number of unacknowledged | |
%% messages that will be delivered). | |
%% | |
%% {prefetch, 10}, | |
%% TCP/SSL Configuration (as per the broker configuration). | |
%% | |
%% {tcp_listeners, [1883]}, | |
%% {ssl_listeners, []}, | |
%% Number of Erlang processes that will accept connections for the TCP | |
%% and SSL listeners. | |
%% | |
%% {num_tcp_acceptors, 10}, | |
%% {num_ssl_acceptors, 1}, | |
%% TCP/Socket options (as per the broker configuration). | |
%% | |
%% {tcp_listen_options, [{backlog, 128}, | |
%% {nodelay, true}]} | |
]}, | |
%% ---------------------------------------------------------------------------- | |
%% RabbitMQ AMQP 1.0 Support | |
%% | |
%% See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md | |
%% for details | |
%% ---------------------------------------------------------------------------- | |
{rabbitmq_amqp1_0, | |
[%% Connections that are not authenticated with SASL will connect as this | |
%% account. See the README for more information. | |
%% | |
%% Please note that setting this will allow clients to connect without | |
%% authenticating! | |
%% | |
%% {default_user, "guest"}, | |
%% Enable protocol strict mode. See the README for more information. | |
%% | |
%% {protocol_strict_mode, false} | |
]}, | |
%% ---------------------------------------------------------------------------- | |
%% RabbitMQ LDAP Plugin | |
%% | |
%% See http://www.rabbitmq.com/ldap.html for details. | |
%% | |
%% ---------------------------------------------------------------------------- | |
{rabbitmq_auth_backend_ldap, | |
[%% | |
%% Connecting to the LDAP server(s) | |
%% ================================ | |
%% | |
%% Specify servers to bind to. You *must* set this in order for the plugin | |
%% to work properly. | |
%% | |
%% {servers, ["your-server-name-goes-here"]}, | |
%% Connect to the LDAP server using SSL | |
%% | |
%% {use_ssl, false}, | |
%% Specify the LDAP port to connect to | |
%% | |
%% {port, 389}, | |
%% LDAP connection timeout, in milliseconds or ‘infinity‘ | |
%% | |
%% {timeout, infinity}, | |
%% Enable logging of LDAP queries. | |
%% One of | |
%% - false (no logging is performed) | |
%% - true (verbose logging of the logic used by the plugin) | |
%% - network (as true, but additionally logs LDAP network traffic) | |
%% | |
%% Defaults to false. | |
%% | |
%% {log, false}, | |
%% | |
%% Authentication | |
%% ============== | |
%% | |
%% Pattern to convert the username given through AMQP to a DN before | |
%% binding | |
%% | |
%% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"}, | |
%% Alternatively, you can convert a username to a Distinguished | |
%% Name via an LDAP lookup after binding. See the documentation for | |
%% full details. | |
%% When converting a username to a dn via a lookup, set these to | |
%% the name of the attribute that represents the user name, and the | |
%% base DN for the lookup query. | |
%% | |
%% {dn_lookup_attribute, "userPrincipalName"}, | |
%% {dn_lookup_base, "DC=gopivotal,DC=com"}, | |
%% Controls how to bind for authorisation queries and also to | |
%% retrieve the details of users logging in without presenting a | |
%% password (e.g., SASL EXTERNAL). | |
%% One of | |
%% - as_user (to bind as the authenticated user - requires a password) | |
%% - anon (to bind anonymously) | |
%% - {UserDN, Password} (to bind with a specified user name and password) | |
%% | |
%% Defaults to ‘as_user‘. | |
%% | |
%% {other_bind, as_user}, | |
%% | |
%% Authorisation | |
%% ============= | |
%% | |
%% The LDAP plugin can perform a variety of queries against your | |
%% LDAP server to determine questions of authorisation. See | |
%% http://www.rabbitmq.com/ldap.html#authorisation for more | |
%% information. | |
%% Set the query to use when determining vhost access | |
%% | |
%% {vhost_access_query, {in_group, | |
%% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, | |
%% Set the query to use when determining resource (e.g., queue) access | |
%% | |
%% {resource_access_query, {constant, true}}, | |
%% Set queries to determine which tags a user has | |
%% | |
%% {tag_queries, []} | |
]} | |
]. |
时间: 2024-10-07 12:36:52