| # |
| # Licensed to the Apache Software Foundation (ASF) under one |
| # or more contributor license agreements. See the NOTICE file |
| # distributed with this work for additional information |
| # regarding copyright ownership. The ASF licenses this file |
| # to you under the Apache License, Version 2.0 (the |
| # "License"); you may not use this file except in compliance |
| # with the License. You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, |
| # software distributed under the License is distributed on an |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| # KIND, either express or implied. See the License for the |
| # specific language governing permissions and limitations |
| # under the License. |
| # |
| |
| ### --- Web Socket proxy settings --- ### |
| |
| # Configuration Store connection string |
| configurationMetadataStoreUrl= |
| |
| # Metadata store session timeout in milliseconds |
| metadataStoreSessionTimeoutMillis=30000 |
| |
| # Metadata store cache expiry time in seconds |
| metadataStoreCacheExpirySeconds=300 |
| |
| # Pulsar cluster url to connect to broker (optional if configurationStoreServers present) |
| serviceUrl= |
| serviceUrlTls= |
| brokerServiceUrl= |
| brokerServiceUrlTls= |
| |
| # Port to use to server HTTP request |
| webServicePort=8080 |
| # Port to use to server HTTPS request |
| webServicePortTls= |
| |
| # Path for the file used to determine the rotation status for the proxy-instance when responding |
| # to service discovery health checks |
| statusFilePath= |
| |
| # Hostname or IP address the service binds on, default is 0.0.0.0. |
| bindAddress=0.0.0.0 |
| |
| # Enable or disable the use of HA proxy protocol for resolving the client IP for http/https requests. |
| webServiceHaProxyProtocolEnabled=false |
| |
| # Trust X-Forwarded-For header for resolving the client IP for http/https requests. Default is false. |
| webServiceTrustXForwardedFor=false |
| |
| # Add detailed client/remote and server/local addresses and ports to http/https request logging. |
| # Defaults to true when either webServiceHaProxyProtocolEnabled or webServiceTrustXForwardedFor is enabled. |
| webServiceLogDetailedAddresses= |
| |
| # Name of the pulsar cluster to connect to |
| clusterName= |
| |
| # Number of IO threads in Pulsar Client used in WebSocket proxy |
| webSocketNumIoThreads= |
| |
| # Number of threads used by Websocket service |
| webSocketNumServiceThreads= |
| |
| # Number of threads to use in HTTP server. Default is Runtime.getRuntime().availableProcessors() |
| numHttpServerThreads= |
| |
| # Number of connections per Broker in Pulsar Client used in WebSocket proxy |
| webSocketConnectionsPerBroker= |
| |
| # Time in milliseconds that idle WebSocket session times out |
| webSocketSessionIdleTimeoutMillis=300000 |
| |
| # The maximum size of a text message during parsing in WebSocket proxy |
| webSocketMaxTextFrameSize=1048576 |
| |
| # Capacity for thread pool queue in the HTTP server |
| httpServerThreadPoolQueueSize=8192 |
| |
| # Capacity for accept queue in the HTTP server |
| httpServerAcceptQueueSize=8192 |
| |
| # Maximum number of inbound http connections. (0 to disable limiting) |
| maxHttpServerConnections=2048 |
| |
| # Max concurrent web requests |
| maxConcurrentHttpRequests=1024 |
| |
| ### --- Authentication --- ### |
| |
| # Enable authentication |
| authenticationEnabled=false |
| |
| # Authentication provider name list, which is comma separated list of class names |
| authenticationProviders= |
| |
| # Enforce authorization |
| authorizationEnabled=false |
| |
| # Authorization provider fully qualified class-name |
| authorizationProvider=org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider |
| |
| # Allow wildcard matching in authorization |
| # (wildcard matching only applicable if wildcard-char: |
| # * presents at first or last position eg: *.pulsar.service, pulsar.service.*) |
| authorizationAllowWildcardsMatching=false |
| |
| # Role names that are treated as "super-user", meaning they will be able to do all admin |
| # operations and publish/consume from all topics |
| superUserRoles= |
| |
| # Authentication settings of the proxy itself. Used to connect to brokers |
| brokerClientTlsEnabled=false |
| brokerClientAuthenticationPlugin= |
| brokerClientAuthenticationParameters= |
| brokerClientTrustCertsFilePath= |
| |
| # Whether the hostname is validated when connecting to the broker. |
| tlsHostnameVerificationEnabled=false |
| |
| # You can add extra configuration options for the Pulsar Client |
| # by prefixing them with "brokerClient_". These configurations are applied after hard coded configuration |
| # and before the above brokerClient configurations named above. |
| |
| # When this parameter is not empty, unauthenticated users perform as anonymousUserRole |
| anonymousUserRole= |
| |
| ### --- TLS --- ### |
| ## Note that some of the above TLS configs also apply to the KeyStore TLS configuration. |
| |
| # Deprecated - use webServicePortTls and brokerClientTlsEnabled instead |
| tlsEnabled=false |
| |
| # Accept untrusted TLS certificate from client |
| tlsAllowInsecureConnection=false |
| |
| # Path for the TLS certificate file |
| tlsCertificateFilePath= |
| |
| # Path for the TLS private key file |
| tlsKeyFilePath= |
| |
| # Path for the trusted TLS certificate file |
| tlsTrustCertsFilePath= |
| |
| # Specify whether Client certificates are required for TLS |
| # Reject the Connection if the Client Certificate is not trusted. |
| tlsRequireTrustedClientCertOnConnect=false |
| |
| # Tls cert refresh duration in seconds (set 0 to check on every new connection) |
| tlsCertRefreshCheckDurationSec=300 |
| |
| # Specify the TLS provider for the WebSocket: SunJSSE, Conscrypt and etc. |
| tlsProvider=Conscrypt |
| |
| # Enable TLS with KeyStore type configuration in WebSocket. |
| tlsEnabledWithKeyStore=false |
| |
| # TLS KeyStore type configuration in WebSocket: JKS, PKCS12 |
| tlsKeyStoreType=JKS |
| |
| # TLS KeyStore path in WebSocket |
| tlsKeyStore= |
| |
| # TLS KeyStore password for WebSocket |
| tlsKeyStorePassword= |
| |
| # TLS TrustStore type configuration in WebSocket: JKS, PKCS12 |
| tlsTrustStoreType=JKS |
| |
| # TLS TrustStore path in WebSocket |
| tlsTrustStore= |
| |
| # TLS TrustStore password in WebSocket, default value is empty password |
| tlsTrustStorePassword= |
| |
| # Specify the tls protocols the proxy's web service will use to negotiate during TLS handshake |
| # (a comma-separated list of protocol names). |
| # Examples: |
| # webServiceTlsProtocols=TLSv1.3,TLSv1.2 |
| webServiceTlsProtocols= |
| |
| # Specify the tls cipher the proxy will use to negotiate during TLS Handshake |
| # (a comma-separated list of ciphers). |
| # Examples: |
| # webServiceTlsCiphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| webServiceTlsCiphers= |
| |
| ### --- Deprecated config variables --- ### |
| |
| # Deprecated. Use configurationStoreServers |
| globalZookeeperServers= |
| |
| # Deprecated. Use configurationMetadataStoreUrl |
| configurationStoreServers= |
| |
| # Zookeeper session timeout in milliseconds |
| # Deprecated: use metadataStoreSessionTimeoutMillis |
| zooKeeperSessionTimeoutMillis=-1 |
| |
| # ZooKeeper cache expiry time in seconds |
| # Deprecated: use metadataStoreCacheExpirySeconds |
| zooKeeperCacheExpirySeconds=-1 |
| |
| # CryptoKeyReader factory classname to support encryption at websocket. |
| cryptoKeyReaderFactoryClassName= |
