# ======================================
# RabbbitMQ broker section
# ======================================

## Network Connectivity
## ====================
##
## By default, RabbitMQ will listen on all interfaces, using
## the standard (reserved) AMQP port.
##
listener.tcp.default = 5672


## To listen on a specific interface, provide an IP address with port.
## For example, to listen only on localhost for both IPv4 and IPv6:
##
# IPv4
# listener.tcp.local    = 127.0.0.1:5672
# IPv6
# listener.tcp.local_v6 = ::1:5672

## You can define multiple listeners using listener names
# listener.tcp.other_port = 5673
# listener.tcp.other_ip   = 10.10.10.10:5672


## SSL listeners are configured in the same fashion as TCP listeners,
## including the option to control the choice of interface.
##
# listener.ssl.default = 5671

## Number of Erlang processes that will accept connections for the TCP
## and SSL listeners.
##
num_acceptors.tcp = 10
num_acceptors.ssl = 1


## Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection
## and SSL handshake), in milliseconds.
##
handshake_timeout = 10000

## Set to 'true' to perform reverse DNS lookups when accepting a
## connection. Hostnames will then be shown instead of IP addresses
## in rabbitmqctl and the management plugin.
##
reverse_dns_lookups = true

##
## Security / AAA
## ==============
##

## The default "guest" user is only permitted to access the server
## via a loopback interface (e.g. localhost).
## {loopback_users, [<<"guest">>]},
##
loopback_user.guest = true

## Uncomment the following line if you want to allow access to the
## guest user from anywhere on the network.
# loopback_user.guest = false

## Configuring SSL.
## See http://www.rabbitmq.com/ssl.html for full documentation.
##
ssl_option.verify               = verify_peer
ssl_option.fail_if_no_peer_cert = false
# ssl_option.cacertfile           = /path/to/rabbitmq.crt
# ssl_option.certfile             = /path/to/rabbitmq.crt
# ssl_option.keyfile              = /path/to/rabbitmq.key

## Choose the available SASL mechanism(s) to expose.
## The two default (built in) mechanisms are 'PLAIN' and
## 'AMQPLAIN'. Additional mechanisms can be added via
## plugins.
##
## See http://www.rabbitmq.com/authentication.html for more details.
##
auth_mechanism.plain = PLAIN
auth_mechanism.amqplain = AMQPLAIN

## Select an authentication database to use. RabbitMQ comes bundled
## with a built-in auth-database, based on mnesia.
##
auth_backends.1   = internal

auth_backends.2.authn = ldap
auth_backends.2.authz = internal

auth_backends.3.authz = rabbit_auth_backend_uaa

## Configurations supporting the rabbitmq_auth_mechanism_ssl and
## rabbitmq_auth_backend_ldap plugins.
##
## NB: These options require that the relevant plugin is enabled.
## See http://www.rabbitmq.com/plugins.html for further details.


## The RabbitMQ-auth-mechanism-ssl plugin makes it possible to
## authenticate a user based on the client's SSL certificate.
##
## To use auth-mechanism-ssl, add to or replace the auth_mechanisms
## with EXTERNAL value.
##
#auth_mechanism.external = EXTERNAL

## The rabbitmq_auth_backend_ldap plugin allows the broker to
## perform authentication and authorisation by deferring to an
## external LDAP server.
##
## For more information about configuring the LDAP backend, see
## http://www.rabbitmq.com/ldap.html.
##
## Enable the LDAP auth backend by adding to or replacing the
## auth_backends entry:
##
# auth_backends.2 = rabbit_auth_backend_ldap

## Add another backend
# auth_backend.3 = rabbit_auth_backend_http


## This pertains to both the rabbitmq_auth_mechanism_ssl plugin and
## STOMP ssl_cert_login configurations. See the rabbitmq_stomp
## configuration section later in this file and the README in
## https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further
## details.
##
## To use the SSL cert's CN instead of its DN as the username
##
# ssl_cert_login_from   = common_name

## SSL handshake timeout, in milliseconds.
##
# ssl_handshake_timeout = 5000


## Password hashing implementation. Will only affect newly
## created users. To recalculate hash for an existing user
## it's necessary to update her password.
##
## To use SHA-512, set to rabbit_password_hashing_sha512.
##
password_hashing_module = rabbit_password_hashing_sha256

## When importing definitions exported from versions earlier
## than 3.6.0, it is possible to go back to MD5 (only do this
## as a temporary measure!) by setting this to rabbit_password_hashing_md5.
##
# password_hashing_module = rabbit_password_hashing_md5

##
## Default User / VHost
## ====================
##

## On first start RabbitMQ will create a vhost and a user. These
## config items control what gets created. See
## http://www.rabbitmq.com/access-control.html for further
## information about vhosts and access control.
##
default_vhost = /
default_user = guest
default_pass = guest

default_permissions.configure = .*
default_permissions.read = .*
default_permissions.write = .*

## Tags for default user
##
## For more details about tags, see the documentation for the
## Management Plugin at http://www.rabbitmq.com/management.html.
##
default_user_tags.administrator = true

## Define other tags like this:
# default_user_tags.management = true
# default_user_tags.custom_tag = true

##
## Additional network and protocol related configuration
## =====================================================
##

## Set the default AMQP heartbeat delay (in seconds).
##
heartbeat = 600

## Set the max permissible size of an AMQP frame (in bytes).
##
frame_max = 131072

## Set the max frame size the server will accept before connection
## tuning occurs
##
initial_frame_max = 4096

## Set the max permissible number of channels per connection.
## 0 means "no limit".
##
channel_max = 128

## Customising Socket Options.
##
## See (http://www.erlang.org/doc/man/inet.html#setopts-2) for
## further documentation.
##

tcp_listen_option.backlog = 128
tcp_listen_option.nodelay = true
tcp_listen_option.exit_on_close = false

##
## Resource Limits & Flow Control
## ==============================
##
## See http://www.rabbitmq.com/memory.html for full details.

## Memory-based Flow Control threshold.
##
vm_memory_high_watermark.relative = 0.4

## Alternatively, we can set a limit (in bytes) of RAM used by the node.
##
# vm_memory_high_watermark.absolute = 1073741824

## Or you can set absolute value using memory units (with RabbitMQ 3.6.0+).
## Absolute watermark will be ignored if relative is defined!
##
# vm_memory_high_watermark.absolute = 2GB
##
## Supported units suffixes:
##
## kb, KB: kibibytes (2^10 bytes)
## mb, MB: mebibytes (2^20)
## gb, GB: gibibytes (2^30)



## Fraction of the high watermark limit at which queues start to
## page message out to disc in order to free up memory.
##
## Values greater than 0.9 can be dangerous and should be used carefully.
##
vm_memory_high_watermark_paging_ratio = 0.5

## Interval (in milliseconds) at which we perform the check of the memory
## levels against the watermarks.
##
memory_monitor_interval = 2500

## Set disk free limit (in bytes). Once free disk space reaches this
## lower bound, a disk alarm will be set - see the documentation
## listed above for more details.
##
## Absolute watermark will be ignored if relative is defined!
disk_free_limit.absolute = 50000

## Or you can set it using memory units (same as in vm_memory_high_watermark)
## with RabbitMQ 3.6.0+.
# disk_free_limit.absolute = 500KB
# disk_free_limit.absolute = 50mb
# disk_free_limit.absolute = 5GB

## Alternatively, we can set a limit relative to total available RAM.
##
## Values lower than 1.0 can be dangerous and should be used carefully.
disk_free_limit.relative = 2.0

##
## Clustering
## =====================
##
cluster_partition_handling = ignore

## pause_if_all_down strategy require additional configuration
# cluster_partition_handling = pause_if_all_down

## Recover strategy. Can be either 'autoheal' or 'ignore'
# cluster_partition_handling.pause_if_all_down.recover = ignore

## Node names to check
# cluster_partition_handling.pause_if_all_down.node.rabbit = rabbit@localhost
# cluster_partition_handling.pause_if_all_down.node.hare   = hare@localhost

## Mirror sync batch size, in messages. Increasing this will speed
## up syncing but total batch size in bytes must not exceed 2 GiB.
## Available in RabbitMQ 3.6.0 or later.
##
mirroring_sync_batch_size = 4096

## Make clustering happen *automatically* at startup - only applied
## to nodes that have just been reset or started for the first time.
## See http://www.rabbitmq.com/clustering.html#auto-config for
## further details.
##
# cluster_nodes.disc.1 = rabbit@my.host.com

## You can define multiple nodes
# cluster_nodes.disc.2 = hare@my.host.com

## There can be also ram nodes.
## Ram nodes should not be defined together with disk nodes
# cluster_nodes.ram.1 = rabbit@my.host.com

## Interval (in milliseconds) at which we send keepalive messages
## to other cluster members. Note that this is not the same thing
## as net_ticktime; missed keepalive messages will not cause nodes
## to be considered down.
##
# cluster_keepalive_interval = 10000

##
## Statistics Collection
## =====================
##

## Set (internal) statistics collection granularity.
##
## Can be none, coarse or fine
collect_statistics = none

# collect_statistics = coarse

## Statistics collection interval (in milliseconds). Increasing
## this will reduce the load on management database.
##
collect_statistics_interval = 5000

##
## Misc/Advanced Options
## =====================
##
## NB: Change these only if you understand what you are doing!
##

## Explicitly enable/disable hipe compilation.
##
hipe_compile = false

## Timeout used when waiting for Mnesia tables in a cluster to
## become available.
##
mnesia_table_loading_timeout = 30000

## Size in bytes below which to embed messages in the queue index. See
## http://www.rabbitmq.com/persistence-conf.html
##
queue_index_embed_msgs_below = 4096

## You can also set this size in memory units
##
queue_index_embed_msgs_below = 4kb

## ----------------------------------------------------------------------------
## Advanced Erlang Networking/Clustering Options.
##
## See http://www.rabbitmq.com/clustering.html for details
## ----------------------------------------------------------------------------

# ======================================
# Kernel section
# ======================================

# kernel.net_ticktime = 60

## ----------------------------------------------------------------------------
## RabbitMQ Management Plugin
##
## See http://www.rabbitmq.com/management.html for details
## ----------------------------------------------------------------------------

# =======================================
# Management section
# =======================================

## Pre-Load schema definitions from the following JSON file. See
## http://www.rabbitmq.com/management.html#load-definitions
##
# management.load_definitions = /path/to/schema.json

## Log all requests to the management HTTP API to a file.
##
# management.http_log_dir = /path/to/access.log

## Change the port on which the HTTP listener listens,
## specifying an interface for the web server to bind to.
## Also set the listener to use SSL and provide SSL options.
##

# QA: Maybe use IP type like in tcp_listener?
management.listener.port = 12345
management.listener.ip   = 127.0.0.1
# management.listener.ssl  = true

# management.listener.ssl_opts.cacertfile = /path/to/cacert.pem
# management.listener.ssl_opts.certfile   = /path/to/cert.pem
# management.listener.ssl_opts.keyfile    = /path/to/key.pem

## One of 'basic', 'detailed' or 'none'. See
## http://www.rabbitmq.com/management.html#fine-stats for more details.
management.rates_mode = basic

## Configure how long aggregated data (such as message rates and queue
## lengths) is retained. Please read the plugin's documentation in
## http://www.rabbitmq.com/management.html#configuration for more
## details.
## Your can use 'minute', 'hour' and '24hours' keys or integer key (in seconds)
management.sample_retention_policies.global.minute    = 5
management.sample_retention_policies.global.hour  = 60
management.sample_retention_policies.global.day = 1200

management.sample_retention_policies.basic.minute   = 5
management.sample_retention_policies.basic.hour = 60

management.sample_retention_policies.detailed.10 = 5

## ----------------------------------------------------------------------------
## RabbitMQ Shovel Plugin
##
## See http://www.rabbitmq.com/shovel.html for details
## ----------------------------------------------------------------------------

## Shovel plugin config example is defined in additional.config file


## ----------------------------------------------------------------------------
## RabbitMQ Stomp Adapter
##
## See http://www.rabbitmq.com/stomp.html for details
## ----------------------------------------------------------------------------

# =======================================
# STOMP section
# =======================================

## Network Configuration - the format is generally the same as for the broker
##
stomp.listener.tcp.default = 61613

## Same for ssl listeners
##
# stomp.listener.ssl.default = 61614

## Number of Erlang processes that will accept connections for the TCP
## and SSL listeners.
##
stomp.num_acceptors.tcp = 10
stomp.num_acceptors.ssl = 1

## Additional SSL options

## Extract a name from the client's certificate when using SSL.
##
stomp.ssl_cert_login = true

## Set a default user name and password. This is used as the default login
## whenever a CONNECT frame omits the login and passcode headers.
##
## Please note that setting this will allow clients to connect without
## authenticating!
##
# stomp.default_user = guest
# stomp.default_pass = guest

## If a default user is configured, or you have configured use SSL client
## certificate based authentication, you can choose to allow clients to
## omit the CONNECT frame entirely. If set to true, the client is
## automatically connected as the default user or user supplied in the
## SSL certificate whenever the first frame sent on a session is not a
## CONNECT frame.
##
# stomp.implicit_connect = true

## ----------------------------------------------------------------------------
## RabbitMQ MQTT Adapter
##
## See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md
## for details
## ----------------------------------------------------------------------------

# =======================================
# MQTT section
# =======================================

## Set the default user name and password. Will be used as the default login
## if a connecting client provides no other login details.
##
## Please note that setting this will allow clients to connect without
## authenticating!
##
# mqtt.default_user = guest
# mqtt.default_pass = guest

## Enable anonymous access. If this is set to false, clients MUST provide
## login information in order to connect. See the default_user/default_pass
## configuration elements for managing logins without authentication.
##
# mqtt.allow_anonymous = true

## If you have multiple chosts, specify the one to which the
## adapter connects.
##
mqtt.vhost = /

## Specify the exchange to which messages from MQTT clients are published.
##
mqtt.exchange = amq.topic

## Specify TTL (time to live) to control the lifetime of non-clean sessions.
##
# mqtt.subscription_ttl = 1800000

## Set the prefetch count (governing the maximum number of unacknowledged
## messages that will be delivered).
##
mqtt.prefetch = 10

## TCP/SSL Configuration (as per the broker configuration).
##
mqtt.listener.tcp.default = 1883

## Same for ssl listener
##
# mqtt.listener.ssl.default = 1884

## Number of Erlang processes that will accept connections for the TCP
## and SSL listeners.
##
mqtt.num_acceptors.tcp = 10
mqtt.num_acceptors.ssl = 1

## TCP/Socket options (as per the broker configuration).
##
# mqtt.tcp_listen_option.backlog = 128
# mqtt.tcp_listen_option.nodelay = true

## ----------------------------------------------------------------------------
## RabbitMQ AMQP 1.0 Support
##
## See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md
## for details
## ----------------------------------------------------------------------------

# =======================================
# AMQP_1 section
# =======================================


## Connections that are not authenticated with SASL will connect as this
## account. See the README for more information.
##
## Please note that setting this will allow clients to connect without
## authenticating!
##
amqp1_0.default_user = guest

## Enable protocol strict mode. See the README for more information.
##
amqp1_0.protocol_strict_mode = false

## Lager controls logging.
## See https://github.com/basho/lager for more documentation
##
## Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default.
##
# log.dir = /var/log/rabbitmq

## Logging to console (can be true or false)
##
# log.console = false

## Loglevel to log to console
##
# log.console.level = info

## Logging to file. Can be false or filename.
## Default:
# log.file = rabbit.log

## To turn off:
# log.file = false

## Loglevel to log to file
##
# log.file.level = info

## File rotation config. No rotation by defualt.
## DO NOT SET rotation date to ''. Leave unset if require "" value
# log.file.rotation.date = $D0 
# log.file.rotation.size = 0


## QA: Config for syslog logging
# log.syslog = false
# log.syslog.identity = rabbitmq
# log.syslog.level    = info
# log.syslog.facility = daemon


## ----------------------------------------------------------------------------
## RabbitMQ LDAP Plugin
##
## See http://www.rabbitmq.com/ldap.html for details.
##
## ----------------------------------------------------------------------------

# =======================================
# LDAP section
# =======================================

##
## Connecting to the LDAP server(s)
## ================================
##

## Specify servers to bind to. You *must* set this in order for the plugin
## to work properly.
##
# ldap.servers.1 = your-server-name-goes-here

## You can define multiple servers
# ldap.servers.2 = your-other-server

## Connect to the LDAP server using SSL
##
# ldap.use_ssl = false

## Specify the LDAP port to connect to
##
# ldap.port = 389

## LDAP connection timeout, in milliseconds or 'infinity'
##
# ldap.timeout = infinity

## Or number
# ldap.timeout = 500

## Enable logging of LDAP queries.
## One of
##   - false (no logging is performed)
##   - true (verbose logging of the logic used by the plugin)
##   - network (as true, but additionally logs LDAP network traffic)
##
## Defaults to false.
##
# ldap.log = false

## Also can be true or network
# ldap.log = true
# ldap.log = network

##
## Authentication
## ==============
##

## Pattern to convert the username given through AMQP to a DN before
## binding
##
# ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com

## Alternatively, you can convert a username to a Distinguished
## Name via an LDAP lookup after binding. See the documentation for
## full details.

## When converting a username to a dn via a lookup, set these to
## the name of the attribute that represents the user name, and the
## base DN for the lookup query.
##
# ldap.dn_lookup_attribute = userPrincipalName
# ldap.dn_lookup_base      = DC=gopivotal,DC=com

## Controls how to bind for authorisation queries and also to
## retrieve the details of users logging in without presenting a
## password (e.g., SASL EXTERNAL).
## One of
##  - as_user (to bind as the authenticated user - requires a password)
##  - anon    (to bind anonymously)
##  - {UserDN, Password} (to bind with a specified user name and password)
##
## Defaults to 'as_user'.
##
# ldap.other_bind = as_user

## Or can be more complex:
# ldap.other_bind.user_dn  = User
# ldap.other_bind.password = Password

## If user_dn and password defined - other options is ignored.

# -----------------------------
# Too complex section of LDAP
# -----------------------------

##
## Authorisation
## =============
##

## The LDAP plugin can perform a variety of queries against your
## LDAP server to determine questions of authorisation. See
## http://www.rabbitmq.com/ldap.html#authorisation for more
## information.

## Following configuration should be defined in additional.config file
## DO NOT UNCOMMENT THIS LINES!

## Set the query to use when determining vhost access
##
## {vhost_access_query, {in_group,
##                       "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}},

## Set the query to use when determining resource (e.g., queue) access
##
## {resource_access_query, {constant, true}},

## Set queries to determine which tags a user has
##
## {tag_queries, []}
#   ]},
# -----------------------------