Lines Matching full:to
5 # Default values are shown, uncomment to change.
7 # Use the # character to indicate a comment, but only if it is the
18 # If this option is set to true, then all authentication and access control
31 # Note that if set to true, then a durable client (i.e. with clean session set
32 # to false) that has disconnected will use the ACL settings defined for the
33 # listener that it was most recently connected to.
35 # The default behaviour is for this to be set to false, which maintains the
40 # This option controls whether a client is allowed to connect with a zero
42 # and later. If set to false, clients connecting with a zero length client id
43 # are disconnected. If set to true, clients will be allocated a client id by
45 # to true.
48 # If allow_zero_length_clientid is true, this option allows you to set a prefix
49 # to automatically generated client ids to aid visibility in logs.
50 # Defaults to 'auto-'
53 # This option affects the scenario when a client subscribes to a topic that has
55 # message to the topic had access at the time they published, but that access
56 # has been subsequently removed. If check_retain_source is set to true, the
58 # before it is republished. When set to false, no check will be made and the
63 # is exceeded. Defaults to 0. (No maximum)
70 # those that are being retried. Defaults to 20. Set to 0 for no
71 # maximum. Setting to 1 will guarantee in-order delivery of QoS 1
75 # For MQTT v5 clients, it is possible to have the server send a "server
77 # This is intended to be used as a mechanism to say that the server will
79 # use the new keepalive value. The max_keepalive option allows you to specify
80 # that clients may only connect with keepalive less than or equal to this
81 # value, otherwise they will be sent a server keepalive telling them to use
82 # max_keepalive. This only applies to MQTT v5 clients. The default, and maximum
85 # Set to 0 to allow clients to set keepalive = 0, which means no keepalive
90 # For MQTT v3.1.1 and v3.1 clients, there is no mechanism to tell the client
97 # For MQTT v5 clients, it is possible to have the server send a "maximum packet
99 # with size greater than max_packet_size bytes. This applies to the full MQTT
100 # packet, not just the payload. Setting this option to a positive value will
101 # set the maximum packet size to that number of bytes. If a client sends a
103 # to all clients regardless of the protocol version they are using, but v3.1.1
105 # information. Defaults to no limit. Setting below 20 bytes is forbidden
106 # because it is likely to interfere with ordinary client operation, even with
111 # client until this limit is exceeded. Defaults to 0. (No maximum)
121 # The maximum number of QoS 1 and 2 messages to hold in a queue per client
122 # above those that are currently in-flight. Defaults to 1000. Set
123 # to 0 for no maximum (not recommended).
135 # Defaults to no limit.
145 # session set to false) that are not currently connected to be removed if they
147 # in MQTT v3.1. MQTT v3.1.1 and v5.0 allow brokers to remove client sessions.
149 # Badly designed clients may set clean session to false whilst using a randomly
150 # generated client id. This leads to persistent clients that connect once and
151 # never reconnect. This option allows these clients to be removed. This option
152 # allows persistent clients (those with clean session set to false) to be
162 # The default if not set is to never expire persistent clients.
165 # Write process id to a file. Default is a blank string which means
167 # This should be set to /var/run/mosquitto/mosquitto.pid if mosquitto is
172 # Set to true to queue messages with QoS 0 when a persistent client is
175 # Defaults to false.
180 # Set to false to disable retained message support. If a client publishes a
181 # message with the retain bit set, it will be disconnected if this is set to
191 # Set to 0 to disable the publishing of the $SYS tree.
194 # The MQTT specification requires that the QoS of a message delivered to a
195 # subscriber is never upgraded to match the QoS of the subscription. Enabling
197 # messages sent to a subscriber will always match the QoS of its subscription.
201 # When run as root, drop privileges to this user and its primary
203 # Set to root to stay as root, but this is not recommended.
204 # If set to "mosquitto", or left unset, and the "mosquitto" user does not exist
205 # then it will drop privileges to the "nobody" user instead.
208 # the user you wish it to run as.
219 # The port number to listen on must be given. Optionally, an ip
221 # this case, mosquitto will attempt to bind the listener to that
222 # address and so restrict access to the associated network and
224 # Note that for a websockets listener it is not possible to bind to a host
228 # to create a # Unix socket rather than opening a TCP socket. In
229 # this case, the port number should be set to 0 and a unix socket
236 # By default, a listener will attempt to listen on all supported IP protocol
237 # versions. If you do not have an IPv4 or IPv6 interface you may wish to
239 # that due to the limitations of the websockets library, it will only ever
240 # attempt to open IPv6 sockets if IPv6 support is compiled in, and so will fail
243 # Set to `ipv4` to force the listener to only use IPv4, or set to `ipv6` to
244 # force the listener to only use IPv6. If you want support for both IPv4 and
249 # Bind the listener to a specific interface. This is similar to
259 # When a listener is using the websockets protocol, it is possible to serve
260 # http data as well. Set http_dir to a directory which contains the files you
261 # wish to serve. If this option is not specified, then no normal http
265 # The maximum number of client connections to allow. This is
273 # The listener can be restricted to operating within a topic hierarchy using
275 # to all topics for any clients connected to this listener. This prefixing only
276 # happens internally to the broker; the client will not see the prefix.
279 # Choose the protocol to use when listening.
285 # Set use_username_as_clientid to true to replace the clientid that a client
286 # connected with its username. This allows authentication to be tied to
287 # the clientid, which means that it is possible to prevent one client
290 # authorised when this option is set to true.
297 # possible to set per listener. This option sets the size of the buffer used in
299 # header data such as cookies then you may need to increase this value. If left
300 # unset, or set to 0, then the default of 1024 bytes will be used.
306 # The following options can be used to enable certificate based SSL/TLS support
314 # Both of certfile and keyfile must be defined to enable certificate based
317 # Path to the PEM encoded server certificate.
320 # Path to the PEM encoded keyfile.
323 # If you wish to control which encryption ciphers are used, use the ciphers
326 # that command. This applies to TLS 1.2 and earlier versions only. Use
331 # Defaults to "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
334 # If you have require_certificate set to true, you can create a certificate
335 # revocation list file to revoke access to particular client certificates. If
336 # you have done this, use crlfile to point to the PEM encoded revocation file.
339 # To allow the use of ephemeral DH key exchange, which provides forward
345 # By default an TLS enabled listener will operate in a similar fashion to a
348 # is encryption of the network traffic. By setting require_certificate to true,
350 # connection to proceed. This allows access to the broker to be controlled
357 # cafile defines the path to a file containing the CA certificates.
359 # containing the CA certificates. For capath to work correctly, the
361 # "openssl rehash <path to capath>" each time you add/remove a certificate.
366 # If require_certificate is true, you may set use_identity_as_username to true
367 # to use the CN value from the client certificate as a username. If this is
374 # The following options can be used to enable PSK based SSL/TLS support for
383 # acts as an identifier for this listener. The hint is sent to clients and may
384 # be used locally to aid authentication. The hint is a free form string that
385 # doesn't have much meaning in itself, so feel free to be creative.
386 # If this option is provided, see psk_file to define the pre-shared keys to be
387 # used or create a security plugin to handle them.
391 # available PSK ciphers. If you want to control which ciphers are available,
397 # Set use_identity_as_username to have the psk identity sent by the client used
408 # If persistence is enabled, save the in-memory database to disk
409 # every autosave_interval seconds. If set to 0, the persistence
418 # autosave_interval then the in-memory database will be saved to disk.
419 # If false, mosquitto will save the in-memory database to disk by treating
423 # Save persistent message data to disk (true/false).
430 # The filename to use for the persistent database, not including
436 # Set to e.g. /var/lib/mosquitto if running as a proper service on Linux or
445 # Places to log to. Use multiple log_dest lines for multiple
449 # stdout and stderr log to the console on the named output.
454 # topic logs to the broker topic '$SYS/broker/log/<severity>',
457 # the subscribe/unsubscribe log_types and publishes log messages to
460 # The file destination requires an additional parameter which is the file to be
461 # logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be
468 # Note that if the broker is running as a Windows service it will default to
470 # Use "log_dest none" if you wish to disable logging.
473 # Types of messages to log. Use multiple log_type lines for logging
485 # If set to true, client connection and disconnection messages will be included
489 # If using syslog logging (not on Windows), messages will be logged to the
490 # "daemon" facility by default. Use the log_facility option to choose which of
491 # local0 to local7 to log to instead. The option value should be an integer
492 # value, e.g. "log_facility 5" to use local5.
495 # If set to true, add a timestamp value to each log message.
500 # This is a free text string which will be passed to the strftime function. To
506 # possible to set per listener. This is an integer that is interpreted by
518 # clientid will be allowed to connect to the broker. By default,
525 # without providing a username are allowed to connect. If set to
527 # password_file option) to control authenticated client access.
529 # Defaults to false, unless there are no listeners defined in the configuration
530 # file, in which case it is set to true, but connections are only allowed from
538 # Control access to the broker using a password file. This file can be
553 # TLS-PSK support and a listener configured to use it. The file should be text
560 # Control access to topics on the broker using an access control list
574 # The "deny" option can used to explicity deny access to a topic that would
578 # The first set of topics are applied to anonymous clients, assuming
584 # The username referred to here is the same as in password_file. It is
588 # If is also possible to define ACLs based on pattern substitution within the
591 # %c to match the client id of the client
592 # %u to match the username of the client
598 # Pattern ACLs apply to all users even if the "user" keyword has previously
620 # plugin option. This is a path to a loadable plugin. See also the
623 # The plugin option can be specified multiple times to load multiple
628 # If the per_listener_settings option is false, the plugin will be apply to all
629 # listeners. If per_listener_settings is true, then the plugin will apply to
637 # If the plugin option above is used, define options to pass to the
639 # using the format plugin_opt_* will be passed to the plugin, for example:
657 # address and at least one topic to subscribe to.
664 # are required to specify a port.
669 # topic option. The default QoS level is 0, to change the QoS the topic
672 # The local and remote prefix options allow a topic to be remapped when it is
673 # bridged to/from the remote broker. This provides the ability to place a topic
679 # not to create any loops.
681 # If you are using bridges with cleansession set to false (the default), then
683 # topics you are subscribing to. This is because the remote broker keeps the
685 # with cleansession set to true, then reconnect with cleansession set to false
691 # If you need to have the bridge connect over a particular network interface,
692 # use bridge_bind_address to tell the bridge which local IP address the socket
693 # should bind to, e.g. `bridge_bind_address 192.168.1.10`
696 # If a bridge has topics that have "out" direction, the default behaviour is to
697 # send an unsubscribe request to the remote broker on that topic. This means
698 # that changing a topic direction from "in" to "out" will not keep receiving
700 # desirable, setting bridge_attempt_unsubscribe to false will disable sending
704 # Set the version of the MQTT protocol to use with for this bridge. Can be one
705 # of mqttv50, mqttv311 or mqttv31. Defaults to mqttv311.
709 # When set to true, when the bridge disconnects for any reason, all
711 # broker. Note that with cleansession set to true, there may be a
714 # When set to false, the subscriptions and messages are kept on the
719 # it will be stopped. Defaults to 60 seconds.
726 # Set the clientid to use on the local broker. If not defined, this defaults to
727 # 'local.<clientid>'. If you are bridging a broker to itself, it is important
731 # If set to true, publish notification messages to the local and remote brokers
733 # messages are published to the topic $SYS/broker/connection/<clientid>/state
745 # Set the client id to use on the remote end of this bridge connection. If not
746 # defined, this defaults to 'name.hostname' where name is the connection name
748 # This replaces the old "clientid" option to avoid confusion. "clientid"
752 # Set the password to use when connecting to a broker that requires
754 # This replaces the old "password" option to avoid confusion. "password"
758 # Set the username to use when connecting to a broker that requires
760 # This replaces the old "username" option to avoid confusion. "username"
765 # until attempting to reconnect.
766 # This option can be configured to use a constant delay time in seconds, or to
768 # of randomness to when the restart occurs.
777 # Defaults to jitter with a base of 5 and cap of 30
785 # turn. Whilst connected to a secondary bridge, the bridge will periodically
786 # attempt to reconnect to the main bridge until successful.
803 # "idle_timeout" parameter. Use this start type if you wish the connection to
810 # Set the number of messages that need to be queued for a bridge with lazy
811 # start type to be restarted. Defaults to 10 messages.
815 # If try_private is set to true, the bridge will attempt to indicate to the
819 # be necessary to set try_private to false if your bridge does not connect
824 # for brokers to tell clients that they do not support retained messages, but
825 # this is not possible for MQTT v3.1.1 or v3.1. If you need to bridge to a
827 # bridge_outgoing_retain option to false. This will remove the retain bit on
828 # all outgoing messages to that bridge, regardless of any other setting.
831 # If you wish to restrict the size of messages sent to a remote bridge, use the
836 # Set to 0 for "unlimited".
843 # Either bridge_cafile or bridge_capath must be defined to enable TLS support
845 # bridge_cafile defines the path to a file containing the
849 # the CA certificates. For bridge_capath to work correctly, the certificate
851 # <path to capath>" each time you add/remove a certificate.
857 # MQTT and WebSockets, then use bridge_alpn to configure which protocol is
864 # a malicious third party to impersonate your server through DNS spoofing, for
865 # example. Use this option in testing only. If you need to resort to using this
870 # Path to the PEM encoded client certificate, if required by the remote broker.
873 # Path to the PEM encoded client private key, if required by the remote broker.
879 # Pre-shared-key encryption provides an alternative to certificate based
880 # encryption. A bridge can be configured to use PSK with the bridge_identity
896 # a configuration file. It is best to have this as the last option