Order options in example mosquitto.conf.

7 years ago · a9cb78d980
parent 27b8bcf320
commit a9cb78d980
1 changed files with 346 additions and 344 deletions
--- a/mosquitto.conf
+++ b/mosquitto.conf
@ -11,105 +11,25 @@
 # General configuration
 # =================================================================
-# Time in seconds between updates of the $SYS tree.
+# Use per listener security settings.
 # Set to 0 to disable the publishing of the $SYS tree.
 #sys_interval 10
 # Time in seconds between cleaning the internal message store of 
 # unreferenced messages. Lower values will result in lower memory 
 # usage but more processor time, higher values will have the 
 # opposite effect.
 # Setting a value of 0 means the unreferenced messages will be 
 # disposed of as quickly as possible.
 #store_clean_interval 10
 # Write process id to a file. Default is a blank string which means 
 # a pid file shouldn't be written.
 # This should be set to /var/run/mosquitto.pid if mosquitto is
 # being run automatically on boot with an init script and 
 # start-stop-daemon or similar.
 #pid_file
 # When run as root, drop privileges to this user and its primary 
 # group.
 # Set to root to stay as root, but this is not recommended.
 # If run as a non-root user, this setting has no effect.
 # Note that on Windows this has no effect and so mosquitto should 
 # be started by the user you wish it to run as.
 #user mosquitto
 # The maximum number of QoS 1 and 2 messages currently inflight per 
 # client.
 # This includes messages that are partway through handshakes and 
 # those that are being retried. Defaults to 20. Set to 0 for no 
 # maximum. Setting to 1 will guarantee in-order delivery of QoS 1 
 # and 2 messages.
 #max_inflight_messages 20
 # QoS 1 and 2 messages will be allowed inflight per client until this limit
 # is exceeded.  Defaults to 0. (No maximum)
 # See also max_inflight_messages
 #max_inflight_bytes 0
 # The maximum number of QoS 1 and 2 messages to hold in a queue per client
 # above those that are currently in-flight.  Defaults to 100. Set 
 # to 0 for no maximum (not recommended).
 # See also queue_qos0_messages.
 # See also max_queued_bytes.
 #max_queued_messages 100
 # QoS 1 and 2 messages above those currently in-flight will be queued per
 # client until this limit is exceeded.  Defaults to 0. (No maximum)
 # See also max_queued_messages.
 # If both max_queued_messages and max_queued_bytes are specified, packets will
 # be queued until the first limit is reached.
 #max_queued_bytes 0
 # Set to true to queue messages with QoS 0 when a persistent client is
 # disconnected. These messages are included in the limit imposed by
 # max_queued_messages and max_queued_bytes
 # Defaults to false.
 # This is a non-standard option for the MQTT v3.1 spec but is allowed in
 # v3.1.1.
 #queue_qos0_messages false
 # This option sets the maximum publish payload size that the broker will allow.
 # Received messages that exceed this size will not be accepted by the broker.
 # The default value is 0, which means that all valid MQTT messages are
 # accepted. MQTT imposes a maximum payload size of 268435455 bytes. 
 #message_size_limit 0
 # This option controls whether a client is allowed to connect with a zero
 # length client id or not. This option only affects clients using MQTT v3.1.1
 # and later. If set to false, clients connecting with a zero length client id
 # are disconnected. If set to true, clients will be allocated a client id by
 # the broker. This means it is only useful for clients with clean session set
 # to true.
 #allow_zero_length_clientid true
 # If allow_zero_length_clientid is true, this option allows you to set a prefix
 # to automatically generated client ids to aid visibility in logs.
 # Defaults to 'auto-'
 #auto_id_prefix auto-
 # This option allows persistent clients (those with clean session set to false)
 # to be removed if they do not reconnect within a certain time frame.
 #
-# This is a non-standard option in MQTT V3.1 but allowed in MQTT v3.1.1.
+# It is recommended this option be set before any other options.
 #
-# Badly designed clients may set clean session to false whilst using a randomly
+# If this option is set to true, then all authentication and access control
-# generated client id. This leads to persistent clients that will never
+# options are controlled on a per listener basis. The following options are
-# reconnect. This option allows these clients to be removed.
+# affected:
 #
-# The expiration period should be an integer followed by one of h d w m y for
+# password_file acl_file psk_file auth_plugin auth_opt_* allow_anonymous
-# hour, day, week, month and year respectively. For example
+# auto_id_prefix allow_zero_length_clientid
 #
-# persistent_client_expiration 2m
+# Note that if set to true, then a durable client (i.e. with clean session set
-# persistent_client_expiration 14d
+# to false) that has disconnected will use the ACL settings defined for the
-# persistent_client_expiration 1y
+# listener that it was most recently connected to.
 #
-# The default if not set is to never expire persistent clients.
+# The default behaviour is for this to be set to false, which maintains the
-#persistent_client_expiration
+# setting behaviour from previous versions of mosquitto.
 #per_listener_settings false
 # If a client is subscribed to multiple subscriptions that overlap, e.g. foo/#
 # and foo/+/baz , then MQTT expects that when the broker receives a message on
@ -125,33 +45,18 @@
 # correctly deal with duplicate messages even when then have QoS=2.
 #allow_duplicate_messages false
-# The MQTT specification requires that the QoS of a message delivered to a
+# This option controls whether a client is allowed to connect with a zero
-# subscriber is never upgraded to match the QoS of the subscription. Enabling
+# length client id or not. This option only affects clients using MQTT v3.1.1
-# this option changes this behaviour. If upgrade_outgoing_qos is set true,
+# and later. If set to false, clients connecting with a zero length client id
-# messages sent to a subscriber will always match the QoS of its subscription.
+# are disconnected. If set to true, clients will be allocated a client id by
-# This is a non-standard option explicitly disallowed by the spec.
+# the broker. This means it is only useful for clients with clean session set
-#upgrade_outgoing_qos false
+# to true.
-
+#allow_zero_length_clientid true
 # Disable Nagle's algorithm on client sockets. This has the effect of reducing
 # latency of individual messages at the potential cost of increasing the number
 # of packets being sent.
 #set_tcp_nodelay false
-# Use per listener security settings.
+# If allow_zero_length_clientid is true, this option allows you to set a prefix
-# If this option is set to true, then all authentication and access control
+# to automatically generated client ids to aid visibility in logs.
-# options are controlled on a per listener basis. The following options are
+# Defaults to 'auto-'
-# affected:
+#auto_id_prefix auto-
 #
 # password_file acl_file psk_file auth_plugin auth_opt_* allow_anonymous
 # auto_id_prefix allow_zero_length_clientid
 #
 # Note that if set to true, then a durable client (i.e. with clean session set
 # to false) that has disconnected will use the ACL settings defined for the
 # listener that it was most recently connected to.
 #
 # The default behaviour is for this to be set to false, which maintains the 
 # setting behaviour from previous versions of mosquitto.
 #per_listener_settings false
 # This option affects the scenario when a client subscribes to a topic that has
 # retained messages. It is possible that the client that published the retained
@ -162,11 +67,18 @@
 # retained message will always be published. This affects all listeners.
 #check_retain_source true
 # QoS 1 and 2 messages will be allowed inflight per client until this limit
 # is exceeded.  Defaults to 0. (No maximum)
 # See also max_inflight_messages
 #max_inflight_bytes 0
-# Set to false to disable retained message support. If a client publishes a
+# The maximum number of QoS 1 and 2 messages currently inflight per
-# message with the retain bit set, it will be disconnected if this is set to
+# client.
-# false.
+# This includes messages that are partway through handshakes and
-#retain_available true
+# those that are being retried. Defaults to 20. Set to 0 for no
 # maximum. Setting to 1 will guarantee in-order delivery of QoS 1
 # and 2 messages.
 #max_inflight_messages 20
 # For MQTT v5 clients, it is possible to have the server send a "server
 # keepalive" value that will override the keepalive value set by the client.
@ -179,7 +91,6 @@
 # allowable is 65535. Do not set below 10.
 #max_keepalive 65535
 # For MQTT v5 clients, it is possible to have the server send a "maximum packet
 # size" value that will instruct the client it will not accept MQTT packets
 # with size greater than max_packet_size bytes. This applies to the full MQTT
@ -193,7 +104,20 @@
 # very small payloads.
 #max_packet_size 0
 # QoS 1 and 2 messages above those currently in-flight will be queued per
 # client until this limit is exceeded.  Defaults to 0. (No maximum)
 # See also max_queued_messages.
 # If both max_queued_messages and max_queued_bytes are specified, packets will
 # be queued until the first limit is reached.
 #max_queued_bytes 0
 # The maximum number of QoS 1 and 2 messages to hold in a queue per client
 # above those that are currently in-flight.  Defaults to 100. Set
 # to 0 for no maximum (not recommended).
 # See also queue_qos0_messages.
 # See also max_queued_bytes.
 #max_queued_messages 100
 #
 # This option sets the maximum number of heap memory bytes that the broker will
 # allocate, and hence sets a hard limit on memory use by the broker.  Memory
 # requests that exceed this value will be denied. The effect will vary
@ -204,6 +128,83 @@
 # Defaults to no limit.
 #memory_limit 0
 # This option sets the maximum publish payload size that the broker will allow.
 # Received messages that exceed this size will not be accepted by the broker.
 # The default value is 0, which means that all valid MQTT messages are
 # accepted. MQTT imposes a maximum payload size of 268435455 bytes.
 #message_size_limit 0
 # This option allows persistent clients (those with clean session set to false)
 # to be removed if they do not reconnect within a certain time frame.
 #
 # This is a non-standard option in MQTT V3.1 but allowed in MQTT v3.1.1.
 #
 # Badly designed clients may set clean session to false whilst using a randomly
 # generated client id. This leads to persistent clients that will never
 # reconnect. This option allows these clients to be removed.
 #
 # The expiration period should be an integer followed by one of h d w m y for
 # hour, day, week, month and year respectively. For example
 #
 # persistent_client_expiration 2m
 # persistent_client_expiration 14d
 # persistent_client_expiration 1y
 #
 # The default if not set is to never expire persistent clients.
 #persistent_client_expiration
 # Write process id to a file. Default is a blank string which means
 # a pid file shouldn't be written.
 # This should be set to /var/run/mosquitto.pid if mosquitto is
 # being run automatically on boot with an init script and
 # start-stop-daemon or similar.
 #pid_file
 # Set to true to queue messages with QoS 0 when a persistent client is
 # disconnected. These messages are included in the limit imposed by
 # max_queued_messages and max_queued_bytes
 # Defaults to false.
 # This is a non-standard option for the MQTT v3.1 spec but is allowed in
 # v3.1.1.
 #queue_qos0_messages false
 # Set to false to disable retained message support. If a client publishes a
 # message with the retain bit set, it will be disconnected if this is set to
 # false.
 #retain_available true
 # Disable Nagle's algorithm on client sockets. This has the effect of reducing
 # latency of individual messages at the potential cost of increasing the number
 # of packets being sent.
 #set_tcp_nodelay false
 # Time in seconds between cleaning the internal message store of
 # unreferenced messages. Lower values will result in lower memory
 # usage but more processor time, higher values will have the
 # opposite effect.
 # Setting a value of 0 means the unreferenced messages will be
 # disposed of as quickly as possible.
 #store_clean_interval 10
 # Time in seconds between updates of the $SYS tree.
 # Set to 0 to disable the publishing of the $SYS tree.
 #sys_interval 10
 # The MQTT specification requires that the QoS of a message delivered to a
 # subscriber is never upgraded to match the QoS of the subscription. Enabling
 # this option changes this behaviour. If upgrade_outgoing_qos is set true,
 # messages sent to a subscriber will always match the QoS of its subscription.
 # This is a non-standard option explicitly disallowed by the spec.
 #upgrade_outgoing_qos false
 # When run as root, drop privileges to this user and its primary
 # group.
 # Set to root to stay as root, but this is not recommended.
 # If run as a non-root user, this setting has no effect.
 # Note that on Windows this has no effect and so mosquitto should
 # be started by the user you wish it to run as.
 #user mosquitto
 # =================================================================
 # Default listener
 # =================================================================
@ -225,6 +226,12 @@
 # Example: bind_interface eth0
 #bind_interface
 # When a listener is using the websockets protocol, it is possible to serve
 # http data as well. Set http_dir to a directory which contains the files you
 # wish to serve. If this option is not specified, then no normal http
 # connections will be possible.
 #http_dir
 # The maximum number of client connections to allow. This is
 # a per listener setting.
 # Default is -1, which means unlimited connections.
@ -240,12 +247,6 @@
 # only the cafile, certfile, keyfile and ciphers options are supported.
 #protocol mqtt
 # When a listener is using the websockets protocol, it is possible to serve
 # http data as well. Set http_dir to a directory which contains the files you
 # wish to serve. If this option is not specified, then no normal http
 # connections will be possible.
 #http_dir
 # Set use_username_as_clientid to true to replace the clientid that a client
 # connected with with its username. This allows authentication to be tied to
 # the clientid, which means that it is possible to prevent one client
@ -283,10 +284,24 @@
 # Path to the PEM encoded keyfile.
 #keyfile
-# This option defines the version of the TLS protocol to use for this listener.
+
-# The default value allows all of v1.3, v1.2 and v1.1. The valid values are
+# If you have require_certificate set to true, you can create a certificate
-# tlsv1.3 tlsv1.2 and tlsv1.1.
+# revocation list file to revoke access to particular client certificates. If
-#tls_version
+# you have done this, use crlfile to point to the PEM encoded revocation file.
 #crlfile
 # If you wish to control which encryption ciphers are used, use the ciphers
 # option. The list of available ciphers can be obtained using the "openssl
 # ciphers" command and should be provided in the same format as the output of
 # that command.
 # If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
 #ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
 # To allow the use of ephemeral DH key exchange, which provides forward
 # security, the listener must load DH parameters. This can be specified with
 # the dhparamfile option. The dhparamfile can be generated with the command
 # e.g. "openssl dhparam -out dhparam.pem 2048"
 #dhparamfile
 # By default a TLS enabled listener will operate in a similar fashion to a
 # https enabled web server, in that the server has a certificate signed by a CA
@ -297,6 +312,11 @@
 # outside of the mechanisms provided by MQTT.
 #require_certificate false
 # This option defines the version of the TLS protocol to use for this listener.
 # The default value allows all of v1.3, v1.2 and v1.1. The valid values are
 # tlsv1.3 tlsv1.2 and tlsv1.1.
 #tls_version
 # If require_certificate is true, you may set use_identity_as_username to true
 # to use the CN value from the client certificate as a username. If this is
 # true, the password_file option will not be used for this listener.
@ -310,24 +330,6 @@
 # See also use_identity_as_username
 #use_subject_as_username false
 # If you have require_certificate set to true, you can create a certificate
 # revocation list file to revoke access to particular client certificates. If
 # you have done this, use crlfile to point to the PEM encoded revocation file.
 #crlfile
 # If you wish to control which encryption ciphers are used, use the ciphers
 # option. The list of available ciphers can be obtained using the "openssl
 # ciphers" command and should be provided in the same format as the output of
 # that command.
 # If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
 #ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
 # To allow the use of ephemeral DH key exchange, which provides forward
 # security, the listener must load DH parameters. This can be specified with
 # the dhparamfile option. The dhparamfile can be generated with the command
 # e.g. "openssl dhparam -out dhparam.pem 2048"
 #dhparamfile
 # -----------------------------------------------------------------
 # Pre-shared-key based SSL/TLS support
 # -----------------------------------------------------------------
@ -342,16 +344,10 @@
 # The psk_hint option enables pre-shared-key support for this listener and also
 # acts as an identifier for this listener. The hint is sent to clients and may
 # be used locally to aid authentication. The hint is a free form string that
-# doesn't have much meaning in itself, so feel free to be creative.
+# doesn't have much meaning in itself, so feel free to be creative.
-# If this option is provided, see psk_file to define the pre-shared keys to be
+# If this option is provided, see psk_file to define the pre-shared keys to be
-# used or create a security plugin to handle them.
+# used or create a security plugin to handle them.
-#psk_hint
+#psk_hint
 # Set use_identity_as_username to have the psk identity sent by the client used
 # as its username. Authentication will be carried out using the PSK rather than
 # the MQTT username/password and so password_file will not be used for this
 # listener.
 #use_identity_as_username false
 # When using PSK, the encryption ciphers used will be chosen from the list of
 # available PSK ciphers. If you want to control which ciphers are available,
@ -360,6 +356,13 @@
 # as the output of that command.
 #ciphers
 # Set use_identity_as_username to have the psk identity sent by the client used
 # as its username. Authentication will be carried out using the PSK rather than
 # the MQTT username/password and so password_file will not be used for this
 # listener.
 #use_identity_as_username false
 # =================================================================
 # Extra listeners
 # =================================================================
@ -389,6 +392,12 @@
 # Example: bind_interface eth0
 #bind_interface
 # When a listener is using the websockets protocol, it is possible to serve
 # http data as well. Set http_dir to a directory which contains the files you
 # wish to serve. If this option is not specified, then no normal http
 # connections will be possible.
 #http_dir
 # The maximum number of client connections to allow. This is
 # a per listener setting.
 # Default is -1, which means unlimited connections.
@ -409,12 +418,6 @@
 # cafile, certfile, keyfile and ciphers options are supported.
 #protocol mqtt
 # When a listener is using the websockets protocol, it is possible to serve
 # http data as well. Set http_dir to a directory which contains the files you
 # wish to serve. If this option is not specified, then no normal http
 # connections will be possible.
 #http_dir
 # Set use_username_as_clientid to true to replace the clientid that a client
 # connected with with its username. This allows authentication to be tied to
 # the clientid, which means that it is possible to prevent one client
@ -425,6 +428,13 @@
 # See also use_identity_as_username.
 #use_username_as_clientid
 # Change the websockets headers size. This is a global option, it is not
 # possible to set per listener. This option sets the size of the buffer used in
 # the libwebsockets library when reading HTTP headers. If you are passing large
 # header data such as cookies then you may need to increase this value. If left
 # unset, or set to 0, then the default of 1024 bytes will be used.
 #websockets_headers_size
 # -----------------------------------------------------------------
 # Certificate based SSL/TLS support
 # -----------------------------------------------------------------
@ -454,6 +464,24 @@
 # Path to the PEM encoded keyfile.
 #keyfile
 # If you wish to control which encryption ciphers are used, use the ciphers
 # option. The list of available ciphers can be optained using the "openssl
 # ciphers" command and should be provided in the same format as the output of
 # that command.
 #ciphers
 # If you have require_certificate set to true, you can create a certificate
 # revocation list file to revoke access to particular client certificates. If
 # you have done this, use crlfile to point to the PEM encoded revocation file.
 #crlfile
 # To allow the use of ephemeral DH key exchange, which provides forward
 # security, the listener must load DH parameters. This can be specified with
 # the dhparamfile option. The dhparamfile can be generated with the command
 # e.g. "openssl dhparam -out dhparam.pem 2048"
 #dhparamfile
 # By default an TLS enabled listener will operate in a similar fashion to a
 # https enabled web server, in that the server has a certificate signed by a CA
 # and the client will verify that it is a trusted certificate. The overall aim
@ -468,23 +496,6 @@
 # true, the password_file option will not be used for this listener.
 #use_identity_as_username false
 # If you have require_certificate set to true, you can create a certificate
 # revocation list file to revoke access to particular client certificates. If
 # you have done this, use crlfile to point to the PEM encoded revocation file.
 #crlfile
 # If you wish to control which encryption ciphers are used, use the ciphers
 # option. The list of available ciphers can be optained using the "openssl
 # ciphers" command and should be provided in the same format as the output of
 # that command.
 #ciphers
 # To allow the use of ephemeral DH key exchange, which provides forward
 # security, the listener must load DH parameters. This can be specified with
 # the dhparamfile option. The dhparamfile can be generated with the command
 # e.g. "openssl dhparam -out dhparam.pem 2048"
 #dhparamfile
 # -----------------------------------------------------------------
 # Pre-shared-key based SSL/TLS support
 # -----------------------------------------------------------------
@ -504,12 +515,6 @@
 # used or create a security plugin to handle them.
 #psk_hint
 # Set use_identity_as_username to have the psk identity sent by the client used
 # as its username. Authentication will be carried out using the PSK rather than
 # the MQTT username/password and so password_file will not be used for this
 # listener.
 #use_identity_as_username false
 # When using PSK, the encryption ciphers used will be chosen from the list of
 # available PSK ciphers. If you want to control which ciphers are available,
 # use the "ciphers" option.  The list of available ciphers can be optained
@ -517,6 +522,13 @@
 # as the output of that command.
 #ciphers
 # Set use_identity_as_username to have the psk identity sent by the client used
 # as its username. Authentication will be carried out using the PSK rather than
 # the MQTT username/password and so password_file will not be used for this
 # listener.
 #use_identity_as_username false
 # =================================================================
 # Persistence
 # =================================================================
@ -553,6 +565,7 @@
 # similar.
 #persistence_location
 # =================================================================
 # Logging
 # =================================================================
@ -582,12 +595,6 @@
 # Use "log_dest none" if you wish to disable logging.
 #log_dest stderr
 # If using syslog logging (not on Windows), messages will be logged to the
 # "daemon" facility by default. Use the log_facility option to choose which of
 # local0 to local7 to log to instead. The option value should be an integer
 # value, e.g. "log_facility 5" to use local5.
 #log_facility
 # Types of messages to log. Use multiple log_type lines for logging
 # multiple types of messages.
 # Possible types are: debug, error, warning, notice, information,
@ -599,24 +606,17 @@
 #log_type notice
 #log_type information
 # Change the websockets logging level. This is a global option, it is not
 # possible to set per listener. This is an integer that is interpreted by
 # libwebsockets as a bit mask for its lws_log_levels enum. See the
 # libwebsockets documentation for more details. "log_type websockets" must also
 # be enabled.
 #websockets_log_level 0
 # Change the websockets headers size. This is a global option, it is not
 # possible to set per listener. This option sets the size of the buffer used in
 # the libwebsockets library when reading HTTP headers. If you are passing large
 # header data such as cookies then you may need to increase this value. If left
 # unset, or set to 0, then the default of 1024 bytes will be used.
 #websockets_headers_size
 # If set to true, client connection and disconnection messages will be included
 # in the log.
 #connection_messages true
 # If using syslog logging (not on Windows), messages will be logged to the
 # "daemon" facility by default. Use the log_facility option to choose which of
 # local0 to local7 to log to instead. The option value should be an integer
 # value, e.g. "log_facility 5" to use local5.
 #log_facility
 # If set to true, add a timestamp value to each log message.
 #log_timestamp true
@ -627,6 +627,14 @@
 # log_timestamp_format %Y-%m-%dT%H:%M:%S
 #log_timestamp_format
 # Change the websockets logging level. This is a global option, it is not
 # possible to set per listener. This is an integer that is interpreted by
 # libwebsockets as a bit mask for its lws_log_levels enum. See the
 # libwebsockets documentation for more details. "log_type websockets" must also
 # be enabled.
 #websockets_log_level 0
 # =================================================================
 # Security
 # =================================================================
@ -793,9 +801,6 @@
 #address <host>[:<port>] [<host>[:<port>]]
 #topic <topic> [[[out | in | both] qos-level] local-prefix remote-prefix]
 # Set the version of the MQTT protocol to use with for this bridge. Can be one
 # of mqttv311 or mqttv11. Defaults to mqttv311.
 #bridge_protocol_version mqttv311
 # If a bridge has topics that have "out" direction, the default behaviour is to
 # send an unsubscribe request to the remote broker on that topic. This means
@ -805,29 +810,9 @@
 # the unsubscribe request.
 #bridge_attempt_unsubscribe true
-# If the bridge has more than one address given in the address/addresses
+# Set the version of the MQTT protocol to use with for this bridge. Can be one
-# configuration, the round_robin option defines the behaviour of the bridge on
+# of mqttv311 or mqttv11. Defaults to mqttv311.
-# a failure of the bridge connection. If round_robin is false, the default
+#bridge_protocol_version mqttv311
 # value, then the first address is treated as the main bridge connection. If
 # the connection fails, the other secondary addresses will be attempted in
 # turn. Whilst connected to a secondary bridge, the bridge will periodically
 # attempt to reconnect to the main bridge until successful.
 # If round_robin is true, then all addresses are treated as equals. If a
 # connection fails, the next address will be tried and if successful will
 # remain connected until it fails
 #round_robin false
 # Set the client id to use on the remote end of this bridge connection. If not
 # defined, this defaults to 'name.hostname' where name is the connection name
 # and hostname is the hostname of this computer.
 # This replaces the old "clientid" option to avoid confusion. "clientid"
 # remains valid for the time being.
 #remote_clientid
 # Set the clientid to use on the local broker. If not defined, this defaults to
 # 'local.<clientid>'. If you are bridging a broker to itself, it is important
 # that local_clientid and clientid do not match.
 #local_clientid
 # Set the clean session variable for this bridge.
 # When set to true, when the bridge disconnects for any reason, all
@ -839,12 +824,26 @@
 # remote broker, and delivered when the bridge reconnects.
 #cleansession false
 # Set the amount of time a bridge using the lazy start type must be idle before
 # it will be stopped. Defaults to 60 seconds.
 #idle_timeout 60
 # Set the keepalive interval for this bridge connection, in
 # seconds.
 #keepalive_interval 60
 # Set the clientid to use on the local broker. If not defined, this defaults to
 # 'local.<clientid>'. If you are bridging a broker to itself, it is important
 # that local_clientid and clientid do not match.
 #local_clientid
 # If set to true, publish notification messages to the local and remote brokers
 # giving information about the state of the bridge connection. Retained
 # messages are published to the topic $SYS/broker/connection/<clientid>/state
 # unless the notification_topic option is used.
 # If the message is 1 then the connection is active, or 0 if the connection has
 # failed.
 # This uses the last will and testament feature.
 #notifications true
 # Choose the topic on which notification messages for this bridge are
@ -852,27 +851,24 @@
 # $SYS/broker/connection/<clientid>/state
 #notification_topic
-# Set the keepalive interval for this bridge connection, in 
+# Set the client id to use on the remote end of this bridge connection. If not
-# seconds.
+# defined, this defaults to 'name.hostname' where name is the connection name
-#keepalive_interval 60
+# and hostname is the hostname of this computer.
 # This replaces the old "clientid" option to avoid confusion. "clientid"
 # remains valid for the time being.
 #remote_clientid
-# Set the start type of the bridge. This controls how the bridge starts and
+# Set the password to use when connecting to a broker that requires
-# can be one of three types: automatic, lazy and once. Note that RSMB provides
+# authentication. This option is only used if remote_username is also set.
-# a fourth start type "manual" which isn't currently supported by mosquitto.
+# This replaces the old "password" option to avoid confusion. "password"
-#
+# remains valid for the time being.
-# "automatic" is the default start type and means that the bridge connection
+#remote_password
-# will be started automatically when the broker starts and also restarted
+
-# after a short delay (30 seconds) if the connection fails.
+# Set the username to use when connecting to a broker that requires
-#
+# authentication.
-# Bridges using the "lazy" start type will be started automatically when the
+# This replaces the old "username" option to avoid confusion. "username"
-# number of queued messages exceeds the number set with the "threshold"
+# remains valid for the time being.
-# parameter. It will be stopped automatically after the time set by the
+#remote_username
 # "idle_timeout" parameter. Use this start type if you wish the connection to
 # only be active when it is needed.
 #
 # A bridge using the "once" start type will be started automatically when the
 # broker starts but will not be restarted if the connection fails.
 #start_type automatic
 # Set the amount of time a bridge using the automatic start type will wait
 # until attempting to reconnect.
@ -890,9 +886,35 @@
 # Defaults to jitter with a base of 5 and cap of 30
 #restart_timeout 5 30
-# Set the amount of time a bridge using the lazy start type must be idle before
+# If the bridge has more than one address given in the address/addresses
-# it will be stopped. Defaults to 60 seconds.
+# configuration, the round_robin option defines the behaviour of the bridge on
-#idle_timeout 60
+# a failure of the bridge connection. If round_robin is false, the default
 # value, then the first address is treated as the main bridge connection. If
 # the connection fails, the other secondary addresses will be attempted in
 # turn. Whilst connected to a secondary bridge, the bridge will periodically
 # attempt to reconnect to the main bridge until successful.
 # If round_robin is true, then all addresses are treated as equals. If a
 # connection fails, the next address will be tried and if successful will
 # remain connected until it fails
 #round_robin false
 # Set the start type of the bridge. This controls how the bridge starts and
 # can be one of three types: automatic, lazy and once. Note that RSMB provides
 # a fourth start type "manual" which isn't currently supported by mosquitto.
 #
 # "automatic" is the default start type and means that the bridge connection
 # will be started automatically when the broker starts and also restarted
 # after a short delay (30 seconds) if the connection fails.
 #
 # Bridges using the "lazy" start type will be started automatically when the
 # number of queued messages exceeds the number set with the "threshold"
 # parameter. It will be stopped automatically after the time set by the
 # "idle_timeout" parameter. Use this start type if you wish the connection to
 # only be active when it is needed.
 #
 # A bridge using the "once" start type will be started automatically when the
 # broker starts but will not be restarted if the connection fails.
 #start_type automatic
 # Set the number of messages that need to be queued for a bridge with lazy
 # start type to be restarted. Defaults to 10 messages.
@ -907,18 +929,6 @@
 # properly.
 #try_private true
 # Set the username to use when connecting to a broker that requires
 # authentication.
 # This replaces the old "username" option to avoid confusion. "username"
 # remains valid for the time being.
 #remote_username
 # Set the password to use when connecting to a broker that requires
 # authentication. This option is only used if remote_username is also set.
 # This replaces the old "password" option to avoid confusion. "password"
 # remains valid for the time being.
 #remote_password
 # -----------------------------------------------------------------
 # Certificate based SSL/TLS support
 # -----------------------------------------------------------------
@ -934,11 +944,11 @@
 #bridge_cafile
 #bridge_capath
 # Path to the PEM encoded client certificate, if required by the remote broker.
 #bridge_certfile
-# Path to the PEM encoded client private key, if required by the remote broker.
+# If the remote broker has more than one protocol available on its port, e.g.
-#bridge_keyfile
+# MQTT and WebSockets, then use bridge_alpn to configure which protocol is
 # requested. Note that WebSockets support for bridges is not yet available.
 #bridge_alpn
 # When using certificate based encryption, bridge_insecure disables
 # verification of the server hostname in the server certificate. This can be
@ -949,10 +959,11 @@
 # point using encryption.
 #bridge_insecure false
-# If the remote broker has more than one protocol available on its port, e.g.
+# Path to the PEM encoded client certificate, if required by the remote broker.
-# MQTT and WebSockets, then use bridge_alpn to configure which protocol is
+#bridge_certfile
-# requested. Note that WebSockets support for bridges is not yet available.
+
-#bridge_alpn
+# Path to the PEM encoded client private key, if required by the remote broker.
 #bridge_keyfile
 # -----------------------------------------------------------------
 # PSK based SSL/TLS support
@ -983,12 +994,3 @@
 # given multiple times, all of the files from the first instance will be
 # processed before the next instance. See the man page for examples.
 #include_dir
 # =================================================================
 # rsmb options - unlikely to ever be supported
 # =================================================================
 #ffdc_output
 #max_log_entries
 #trace_level
 #trace_output