Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update(config): Add more samples for Dashboard config #2876

Merged
merged 6 commits into from
Apr 1, 2025
Merged

update(config): Add more samples for Dashboard config #2876

merged 6 commits into from
Apr 1, 2025

Conversation

Meggielqk
Copy link
Collaborator

The customer support is asking for more config item explanations and samples in Dashboard configuration doc.

@Meggielqk
update(config): Add more samples for Dashboard config
4c9a5dc 
The customer support is asking for more config item explanations and samples in Dashboard configuration doc.
@Meggielqk Meggielqk requested a review from id March 27, 2025 07:57
id
id previously approved these changes Mar 27, 2025
View reviewed changes
en_US/configuration/dashboard.md Outdated
- `bind = "0.0.0.0:18083"`: Address and port number that the listener will bind to. In this case, the listener will bind to all available network interfaces (`0.0.0.0`) on port `18083`. set to port number `0` will disable this listener.
- `max_connections = 512`: Set the maximum number of concurrent connections that the listener will accept. In this case, the maximum number of connections is set to `512`.
- `ssl_options.certfile`: Path to the PEM format certificates chain file. Server certificate as the first one, followed by its immediate issuer certificate then the issuer's issuer certificate, and so on. Root CA certificate is optional. The path prefix (only prefix) can be an environment variable.
- `ssl_options.keyfile`: Path to the PEM format private key file.
- `default_password`: The password used to **initialize** the database record for `admin` user. NOTE: Changing this config after EMQX has booted for the first time has no effect. Once initialized, the default password `public` (which comes with the installation) must be changed from dashboard or CLI.
- `token_expired_time`: JWT token expiration time.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can add here that by default it's 60 minutes.
May be worth clarifying that this parameter is equivalent to "browser session expiration time". When user login to EMQX Dashboard, EMQX generates a JWT token which is stored as a cookie in browser along with a refresh token. While the session is active, dashboard will be refreshing the session token when it's close to expiration.

id
id reviewed Mar 27, 2025
View reviewed changes
en_US/configuration/dashboard.md Outdated
swagger_support = true
default_password = jEdOgGS6vzQ
sso {

Copy link
Contributor

@id id Mar 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Example

sso = {
  ldap = {
    enable = true
    backend = "ldap"
    query_timeout = "5s"
    server = "localhost:389"
    pool_size = 8
    username = "cn=admin,dc=example,dc=com"
    password = "secret"
    base_dn = "dc=example,dc=com"
    filter = "(& (objectClass=person) (uid=${username}))"
    request_timeout = "10s"
  }
  oidc = {
    enable = true
    backend = oidc
    issuer = "https://issuer.example.com"
    clientid = "your-client-id"
    secret = "your-client-secret"
    scopes = [
      "openid"
    ]
    name_var = "${sub}"
    dashboard_addr = "http://127.0.0.1:18083"
    session_expiry = "30s"
    require_pkce = false
    preferred_auth_methods = [
      "client_secret_post",
      "client_secret_basic",
      "none"
    ]
    provider = generic
    fallback_methods = [
      "RS256"
    ]
  }
  saml = {
    enable = true
    backend = "saml"
    dashboard_addr = "https://127.0.0.1:18083"
    idp_metadata_url = "https://idp.example.com"
    sp_sign_request = false
    sp_public_key = "Pub Key"
    sp_private_key = "SP Private Key"
  }
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Normally only one of ldap, oidc or saml will be active at the same time. Here we list all of them just for the illustration purposes.

@Meggielqk Meggielqk marked this pull request as ready for review March 31, 2025 01:00
@Meggielqk Meggielqk merged commit 0c5cfc9 into release-5.8 Apr 1, 2025
7 checks passed
@Meggielqk Meggielqk deleted the 20250327-dashboard-config-samples branch April 1, 2025 09:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@id id id left review comments

@zmstone zmstone zmstone approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Meggielqk @id @zmstone