log {
    to=console
    level=info
}

listeners.tcp {
  bind = "0.0.0.0:1883"
}


listeners.ssl {
  bind = "0.0.0.0:8883"

  keyfile = "/etc/certs/server.key"
  certfile = "/etc/certs/server.pem"
  cacertfile = "/etc/certs/ca.pem"

  # Change these settings to true if you want to deny
  # access for clients that don't have a certificate.
  verify_peer = false
  fail_if_no_peer_cert = false
}

listeners.ws {
  bind = "0.0.0.0:8083"
}

listeners.wss {
  bind = "0.0.0.0:8443"
}

auth {
  allow_anonymous = false
  no_match = deny
  deny_action = disconnect
  password = {include "/etc/nanomq_pwd.conf"}
  acl = {
    include "/etc/nanomq_acl.conf"
  }
}