2 #####################################
3 # Akka Remote Reference Config File #
4 #####################################
6 # This is the reference config file that contains all the default settings.
7 # Make your edits/overrides in your application.conf.
9 # comments about akka.actor settings left out where they are already in akka-
10 # actor.jar, because otherwise they would be repeated in config rendering.
12 # For the configuration of the new remoting implementation (Artery) please look
13 # at the bottom section of this file as it is listed separately.
20 akka-containers = "akka.remote.serialization.MessageContainerSerializer"
21 akka-misc = "akka.remote.serialization.MiscMessageSerializer"
22 artery = "akka.remote.serialization.ArteryMessageSerializer"
23 proto = "akka.remote.serialization.ProtobufSerializer"
24 daemon-create = "akka.remote.serialization.DaemonMsgCreateSerializer"
25 akka-system-msg = "akka.remote.serialization.SystemMessageSerializer"
28 serialization-bindings {
29 "akka.actor.ActorSelectionMessage" = akka-containers
31 "akka.remote.DaemonMsgCreate" = daemon-create
33 "akka.remote.artery.ArteryMessage" = artery
35 # Since akka.protobuf.Message does not extend Serializable but
36 # GeneratedMessage does, need to use the more specific one here in order
38 # This is only loaded if akka-protobuf is on the classpath
39 # It should not be used and users should migrate to using the protobuf classes
42 "akka.protobuf.GeneratedMessage" = proto
44 "akka.protobufv3.internal.GeneratedMessageV3" = proto
46 # Since com.google.protobuf.Message does not extend Serializable but
47 # GeneratedMessage does, need to use the more specific one here in order
49 # This com.google.protobuf serialization binding is only used if the class can be loaded,
50 # i.e. com.google.protobuf dependency has been added in the application project.
51 "com.google.protobuf.GeneratedMessage" = proto
52 "com.google.protobuf.GeneratedMessageV3" = proto
54 "akka.actor.Identify" = akka-misc
55 "akka.actor.ActorIdentity" = akka-misc
56 "scala.Some" = akka-misc
57 "scala.None$" = akka-misc
58 "java.util.Optional" = akka-misc
59 "akka.actor.Status$Success" = akka-misc
60 "akka.actor.Status$Failure" = akka-misc
61 "akka.actor.ActorRef" = akka-misc
62 "akka.actor.PoisonPill$" = akka-misc
63 "akka.actor.Kill$" = akka-misc
64 "akka.remote.RemoteWatcher$Heartbeat$" = akka-misc
65 "akka.remote.RemoteWatcher$HeartbeatRsp" = akka-misc
66 "akka.Done" = akka-misc
67 "akka.NotUsed" = akka-misc
68 "akka.actor.Address" = akka-misc
69 "akka.remote.UniqueAddress" = akka-misc
71 "akka.actor.ActorInitializationException" = akka-misc
72 "akka.actor.IllegalActorStateException" = akka-misc
73 "akka.actor.ActorKilledException" = akka-misc
74 "akka.actor.InvalidActorNameException" = akka-misc
75 "akka.actor.InvalidMessageException" = akka-misc
76 "java.util.concurrent.TimeoutException" = akka-misc
77 "akka.remote.serialization.ThrowableNotSerializableException" = akka-misc
79 "akka.actor.LocalScope$" = akka-misc
80 "akka.remote.RemoteScope" = akka-misc
82 "com.typesafe.config.impl.SimpleConfig" = akka-misc
83 "com.typesafe.config.Config" = akka-misc
85 "akka.routing.FromConfig" = akka-misc
86 "akka.routing.DefaultResizer" = akka-misc
87 "akka.routing.BalancingPool" = akka-misc
88 "akka.routing.BroadcastGroup" = akka-misc
89 "akka.routing.BroadcastPool" = akka-misc
90 "akka.routing.RandomGroup" = akka-misc
91 "akka.routing.RandomPool" = akka-misc
92 "akka.routing.RoundRobinGroup" = akka-misc
93 "akka.routing.RoundRobinPool" = akka-misc
94 "akka.routing.ScatterGatherFirstCompletedGroup" = akka-misc
95 "akka.routing.ScatterGatherFirstCompletedPool" = akka-misc
96 "akka.routing.SmallestMailboxPool" = akka-misc
97 "akka.routing.TailChoppingGroup" = akka-misc
98 "akka.routing.TailChoppingPool" = akka-misc
99 "akka.remote.routing.RemoteRouterConfig" = akka-misc
101 "akka.pattern.StatusReply" = akka-misc
103 "akka.dispatch.sysmsg.SystemMessage" = akka-system-msg
105 # Java Serializer is by default used for exceptions and will by default
106 # not be allowed to be serialized, but in certain cases they are replaced
107 # by `akka.remote.serialization.ThrowableNotSerializableException` if
108 # no specific serializer has been defined:
109 # - when wrapped in `akka.actor.Status.Failure` for ask replies
110 # - when wrapped in system messages for exceptions from remote deployed child actors
112 # It's recommended that you implement custom serializer for exceptions that are
113 # sent remotely, You can add binding to akka-misc (MiscMessageSerializer) for the
114 # exceptions that have a constructor with single message String or constructor with
115 # message String as first parameter and cause Throwable as second parameter. Note that it's not
116 # safe to add this binding for general exceptions such as IllegalArgumentException
117 # because it may have a subclass without required constructor.
118 "java.lang.Throwable" = java
121 serialization-identifiers {
122 "akka.remote.serialization.ProtobufSerializer" = 2
123 "akka.remote.serialization.DaemonMsgCreateSerializer" = 3
124 "akka.remote.serialization.MessageContainerSerializer" = 6
125 "akka.remote.serialization.MiscMessageSerializer" = 16
126 "akka.remote.serialization.ArteryMessageSerializer" = 17
128 "akka.remote.serialization.SystemMessageSerializer" = 22
130 # deprecated in 2.6.0, moved to akka-actor
131 "akka.remote.serialization.LongSerializer" = 18
132 # deprecated in 2.6.0, moved to akka-actor
133 "akka.remote.serialization.IntSerializer" = 19
134 # deprecated in 2.6.0, moved to akka-actor
135 "akka.remote.serialization.StringSerializer" = 20
136 # deprecated in 2.6.0, moved to akka-actor
137 "akka.remote.serialization.ByteStringSerializer" = 21
144 # if this is set to a valid remote address, the named actor will be
145 # deployed at that node e.g. "akka://sys@host:port"
150 # A list of hostnames and ports for instantiating the children of a
152 # The format should be on "akka://sys@host:port", where:
153 # - sys is the remote actor system name
154 # - hostname can be either hostname or IP address the remote actor
156 # - port should be the port for the remote server on the other node
157 # The number of actor instances to be spawned is still taken from the
158 # nr-of-instances setting as for local routers; the instances will be
159 # distributed round-robin among the given nodes.
168 ### Settings shared by classic remoting and Artery (the new implementation of remoting)
170 # Using remoting directly is typically not desirable, so a warning will
171 # be shown to make this clear. Set this setting to 'off' to suppress that
173 warn-about-direct-use = on
176 # If Cluster is not used, remote watch and deployment are disabled.
177 # To optionally use them while not using Cluster, set to 'on'.
178 use-unsafe-remote-features-outside-cluster = off
180 # A warning will be logged on remote watch attempts if Cluster
181 # is not in use and 'use-unsafe-remote-features-outside-cluster'
182 # is 'off'. Set this to 'off' to suppress these.
183 warn-unsafe-watch-outside-cluster = on
185 # Settings for the Phi accrual failure detector (http://www.jaist.ac.jp/~defago/files/pdf/IS_RR_2004_010.pdf
186 # [Hayashibara et al]) used for remote death watch.
187 # The default PhiAccrualFailureDetector will trigger if there are no heartbeats within
188 # the duration heartbeat-interval + acceptable-heartbeat-pause + threshold_adjustment,
189 # i.e. around 12.5 seconds with default settings.
190 watch-failure-detector {
192 # FQCN of the failure detector implementation.
193 # It must implement akka.remote.FailureDetector and have
194 # a public constructor with a com.typesafe.config.Config and
195 # akka.actor.EventStream parameter.
196 implementation-class = "akka.remote.PhiAccrualFailureDetector"
198 # How often keep-alive heartbeat messages should be sent to each connection.
199 heartbeat-interval = 1 s
201 # Defines the failure detector threshold.
202 # A low threshold is prone to generate many wrong suspicions but ensures
203 # a quick detection in the event of a real crash. Conversely, a high
204 # threshold generates fewer mistakes but needs more time to detect
208 # Number of the samples of inter-heartbeat arrival times to adaptively
209 # calculate the failure timeout for connections.
210 max-sample-size = 200
212 # Minimum standard deviation to use for the normal distribution in
213 # AccrualFailureDetector. Too low standard deviation might result in
214 # too much sensitivity for sudden, but normal, deviations in heartbeat
215 # inter arrival times.
216 min-std-deviation = 100 ms
218 # Number of potentially lost/delayed heartbeats that will be
219 # accepted before considering it to be an anomaly.
220 # This margin is important to be able to survive sudden, occasional,
221 # pauses in heartbeat arrivals, due to for example garbage collect or
223 acceptable-heartbeat-pause = 10 s
226 # How often to check for nodes marked as unreachable by the failure
228 unreachable-nodes-reaper-interval = 1s
230 # After the heartbeat request has been sent the first failure detection
231 # will start after this period, even though no heartbeat mesage has
233 expected-response-after = 1 s
237 # remote deployment configuration section
239 # deprecated, use `enable-allow-list`
240 enable-whitelist = off
242 # If true, will only allow specific classes listed in `allowed-actor-classes` to be instanciated on this
243 # system via remote deployment
244 enable-allow-list = ${akka.remote.deployment.enable-whitelist}
247 # deprecated, use `allowed-actor-classes`
250 allowed-actor-classes = ${akka.remote.deployment.whitelist}
253 ### Default dispatcher for the remoting subsystem
254 default-remote-dispatcher {
256 executor = "fork-join-executor"
259 parallelism-factor = 0.5
274 ### Configuration for classic remoting. Classic remoting is deprecated, use artery.
277 # If set to a nonempty string remoting will use the given dispatcher for
278 # its internal actors otherwise the default dispatcher is used. Please note
279 # that since remoting can load arbitrary 3rd party drivers (see
280 # "enabled-transport" and "adapters" entries) it is not guaranteed that
281 # every module will respect this setting.
282 use-dispatcher = "akka.remote.default-remote-dispatcher"
284 # Settings for the failure detector to monitor connections.
285 # For TCP it is not important to have fast failure detection, since
286 # most connection failures are captured by TCP itself.
287 # The default DeadlineFailureDetector will trigger if there are no heartbeats within
288 # the duration heartbeat-interval + acceptable-heartbeat-pause, i.e. 124 seconds
289 # with the default settings.
290 transport-failure-detector {
292 # FQCN of the failure detector implementation.
293 # It must implement akka.remote.FailureDetector and have
294 # a public constructor with a com.typesafe.config.Config and
295 # akka.actor.EventStream parameter.
296 implementation-class = "akka.remote.DeadlineFailureDetector"
298 # How often keep-alive heartbeat messages should be sent to each connection.
299 heartbeat-interval = 4 s
301 # Number of potentially lost/delayed heartbeats that will be
302 # accepted before considering it to be an anomaly.
303 # A margin to the `heartbeat-interval` is important to be able to survive sudden,
304 # occasional, pauses in heartbeat arrivals, due to for example garbage collect or
306 acceptable-heartbeat-pause = 120 s
310 # Timeout after which the startup of the remoting subsystem is considered
311 # to be failed. Increase this value if your transport drivers (see the
312 # enabled-transports section) need longer time to be loaded.
313 startup-timeout = 10 s
315 # Timout after which the graceful shutdown of the remoting subsystem is
316 # considered to be failed. After the timeout the remoting system is
317 # forcefully shut down. Increase this value if your transport drivers
318 # (see the enabled-transports section) need longer time to stop properly.
319 shutdown-timeout = 10 s
321 # Before shutting down the drivers, the remoting subsystem attempts to flush
322 # all pending writes. This setting controls the maximum time the remoting is
323 # willing to wait before moving on to shut down the drivers.
324 flush-wait-on-shutdown = 2 s
326 # Reuse inbound connections for outbound messages
327 use-passive-connections = on
329 # Controls the backoff interval after a refused write is reattempted.
330 # (Transports may refuse writes if their internal buffer is full)
331 backoff-interval = 5 ms
333 # Acknowledgment timeout of management commands sent to the transport stack.
334 command-ack-timeout = 30 s
336 # The timeout for outbound associations to perform the handshake.
337 # If the transport is akka.remote.classic.netty.tcp or akka.remote.classic.netty.ssl
338 # the configured connection-timeout for the transport will be used instead.
339 handshake-timeout = 15 s
341 ### Security settings
343 # Enable untrusted mode for full security of server managed actors, prevents
344 # system messages to be send by clients, e.g. messages like 'Create',
345 # 'Suspend', 'Resume', 'Terminate', 'Supervise', 'Link' etc.
348 # When 'untrusted-mode=on' inbound actor selections are by default discarded.
349 # Actors with paths defined in this list are granted permission to receive actor
350 # selections messages.
351 # E.g. trusted-selection-paths = ["/user/receptionist", "/user/namingService"]
352 trusted-selection-paths = []
356 # If this is "on", Akka will log all inbound messages at DEBUG level,
357 # if off then they are not logged
358 log-received-messages = off
360 # If this is "on", Akka will log all outbound messages at DEBUG level,
361 # if off then they are not logged
362 log-sent-messages = off
364 # Sets the log granularity level at which Akka logs remoting events. This setting
365 # can take the values OFF, ERROR, WARNING, INFO, DEBUG, or ON. For compatibility
366 # reasons the setting "on" will default to "debug" level. Please note that the effective
367 # logging level is still determined by the global logging level of the actor system:
368 # for example debug level remoting events will be only logged if the system
369 # is running with debug level logging.
370 # Failures to deserialize received messages also fall under this flag.
371 log-remote-lifecycle-events = on
373 # Logging of message types with payload size in bytes larger than
374 # this value. Maximum detected size per message type is logged once,
375 # with an increase threshold of 10%.
376 # By default this feature is turned off. Activate it by setting the property to
377 # a value in bytes, such as 1000b. Note that for all messages larger than this
378 # limit there will be extra performance and scalability cost.
379 log-frame-size-exceeding = off
381 # Log warning if the number of messages in the backoff buffer in the endpoint
382 # writer exceeds this limit. It can be disabled by setting the value to off.
383 log-buffer-size-exceeding = 50000
385 # After failed to establish an outbound connection, the remoting will mark the
386 # address as failed. This configuration option controls how much time should
387 # be elapsed before reattempting a new connection. While the address is
388 # gated, all messages sent to the address are delivered to dead-letters.
389 # Since this setting limits the rate of reconnects setting it to a
390 # very short interval (i.e. less than a second) may result in a storm of
391 # reconnect attempts.
392 retry-gate-closed-for = 5 s
394 # After catastrophic communication failures that result in the loss of system
395 # messages or after the remote DeathWatch triggers the remote system gets
396 # quarantined to prevent inconsistent behavior.
397 # This setting controls how long the Quarantine marker will be kept around
398 # before being removed to avoid long-term memory leaks.
399 # WARNING: DO NOT change this to a small value to re-enable communication with
400 # quarantined nodes. Such feature is not supported and any behavior between
401 # the affected systems after lifting the quarantine is undefined.
402 prune-quarantine-marker-after = 5 d
404 # If system messages have been exchanged between two systems (i.e. remote death
405 # watch or remote deployment has been used) a remote system will be marked as
406 # quarantined after the two system has no active association, and no
407 # communication happens during the time configured here.
408 # The only purpose of this setting is to avoid storing system message redelivery
409 # data (sequence number state, etc.) for an undefined amount of time leading to long
410 # term memory leak. Instead, if a system has been gone for this period,
412 # - there is no association between the two systems (TCP connection, if TCP transport is used)
413 # - neither side has been attempting to communicate with the other
414 # - there are no pending system messages to deliver
415 # for the amount of time configured here, the remote system will be quarantined and all state
416 # associated with it will be dropped.
418 # Maximum value depends on the scheduler's max limit (default 248 days) and if configured
419 # to a longer duration this feature will effectively be disabled. Setting the value to
420 # 'off' will also disable the feature. Note that if disabled there is a risk of a long
422 quarantine-after-silence = 2 d
424 # This setting defines the maximum number of unacknowledged system messages
425 # allowed for a remote system. If this limit is reached the remote system is
426 # declared to be dead and its UID marked as tainted.
427 system-message-buffer-size = 20000
429 # This setting defines the maximum idle time after an individual
430 # acknowledgement for system messages is sent. System message delivery
431 # is guaranteed by explicit acknowledgement messages. These acks are
432 # piggybacked on ordinary traffic messages. If no traffic is detected
433 # during the time period configured here, the remoting will send out
435 system-message-ack-piggyback-timeout = 0.3 s
437 # This setting defines the time after internal management signals
438 # between actors (used for DeathWatch and supervision) that have not been
439 # explicitly acknowledged or negatively acknowledged are resent.
440 # Messages that were negatively acknowledged are always immediately
442 resend-interval = 2 s
444 # Maximum number of unacknowledged system messages that will be resent
445 # each 'resend-interval'. If you watch many (> 1000) remote actors you can
446 # increase this value to for example 600, but a too large limit (e.g. 10000)
447 # may flood the connection and might cause false failure detection to trigger.
448 # Test such a configuration by watching all actors at the same time and stop
449 # all watched actors at the same time.
452 # WARNING: this setting should not be not changed unless all of its consequences
453 # are properly understood which assumes experience with remoting internals
455 # This setting defines the time after redelivery attempts of internal management
456 # signals are stopped to a remote system that has been not confirmed to be alive by
457 # this system before.
458 initial-system-message-delivery-timeout = 3 m
460 ### Transports and adapters
462 # List of the transport drivers that will be loaded by the remoting.
463 # A list of fully qualified config paths must be provided where
464 # the given configuration path contains a transport-class key
465 # pointing to an implementation class of the Transport interface.
466 # If multiple transports are provided, the address of the first
467 # one will be used as a default address.
468 enabled-transports = ["akka.remote.classic.netty.tcp"]
470 # Transport drivers can be augmented with adapters by adding their
471 # name to the applied-adapters setting in the configuration of a
472 # transport. The available adapters should be configured in this
473 # section by providing a name, and the fully qualified name of
474 # their corresponding implementation. The class given here
475 # must implement akka.akka.remote.transport.TransportAdapterProvider
476 # and have public constructor without parameters.
478 gremlin = "akka.remote.transport.FailureInjectorProvider"
479 trttl = "akka.remote.transport.ThrottlerProvider"
482 ### Default configuration for the Netty based transport drivers
485 # The class given here must implement the akka.remote.transport.Transport
486 # interface and offer a public constructor which takes two arguments:
487 # 1) akka.actor.ExtendedActorSystem
488 # 2) com.typesafe.config.Config
489 transport-class = "akka.remote.transport.netty.NettyTransport"
491 # Transport drivers can be augmented with adapters by adding their
492 # name to the applied-adapters list. The last adapter in the
493 # list is the adapter immediately above the driver, while
494 # the first one is the top of the stack below the standard
496 applied-adapters = []
498 # The default remote server port clients should connect to.
499 # Default is 2552 (AKKA), use 0 if you want a random available port
500 # This port needs to be unique for each actor system on the same machine.
503 # The hostname or ip clients should connect to.
504 # InetAddress.getLocalHost.getHostAddress is used if empty
507 # Use this setting to bind a network interface to a different port
508 # than remoting protocol expects messages at. This may be used
509 # when running akka nodes in a separated networks (under NATs or docker containers).
510 # Use 0 if you want a random available port. Examples:
512 # akka.remote.classic.netty.tcp.port = 2552
513 # akka.remote.classic.netty.tcp.bind-port = 2553
514 # Network interface will be bound to the 2553 port, but remoting protocol will
515 # expect messages sent to port 2552.
517 # akka.remote.classic.netty.tcp.port = 0
518 # akka.remote.classic.netty.tcp.bind-port = 0
519 # Network interface will be bound to a random port, and remoting protocol will
520 # expect messages sent to the bound port.
522 # akka.remote.classic.netty.tcp.port = 2552
523 # akka.remote.classic.netty.tcp.bind-port = 0
524 # Network interface will be bound to a random port, but remoting protocol will
525 # expect messages sent to port 2552.
527 # akka.remote.classic.netty.tcp.port = 0
528 # akka.remote.classic.netty.tcp.bind-port = 2553
529 # Network interface will be bound to the 2553 port, and remoting protocol will
530 # expect messages sent to the bound port.
532 # akka.remote.classic.netty.tcp.port = 2552
533 # akka.remote.classic.netty.tcp.bind-port = ""
534 # Network interface will be bound to the 2552 port, and remoting protocol will
535 # expect messages sent to the bound port.
537 # akka.remote.classic.netty.tcp.port if empty
540 # Use this setting to bind a network interface to a different hostname or ip
541 # than remoting protocol expects messages at.
542 # Use "0.0.0.0" to bind to all interfaces.
543 # akka.remote.classic.netty.tcp.hostname if empty
546 # Enables SSL support on this transport
549 # Sets the connectTimeoutMillis of all outbound connections,
550 # i.e. how long a connect may take until it is timed out
551 connection-timeout = 15 s
553 # If set to "<id.of.dispatcher>" then the specified dispatcher
554 # will be used to accept inbound connections, and perform IO. If "" then
555 # dedicated threads will be used.
556 # Please note that the Netty driver only uses this configuration and does
557 # not read the "akka.remote.use-dispatcher" entry. Instead it has to be
558 # configured manually to point to the same dispatcher if needed.
559 use-dispatcher-for-io = ""
561 # Sets the high water mark for the in and outbound sockets,
562 # set to 0b for platform default
563 write-buffer-high-water-mark = 0b
565 # Sets the low water mark for the in and outbound sockets,
566 # set to 0b for platform default
567 write-buffer-low-water-mark = 0b
569 # Sets the send buffer size of the Sockets,
570 # set to 0b for platform default
571 send-buffer-size = 256000b
573 # Sets the receive buffer size of the Sockets,
574 # set to 0b for platform default
575 receive-buffer-size = 256000b
577 # Maximum message size the transport will accept, but at least
579 # Please note that UDP does not support arbitrary large datagrams,
580 # so this setting has to be chosen carefully when using UDP.
581 # Both send-buffer-size and receive-buffer-size settings has to
582 # be adjusted to be able to buffer messages of maximum size.
583 maximum-frame-size = 128000b
585 # Sets the size of the connection backlog
588 # Enables the TCP_NODELAY flag, i.e. disables Nagle’s algorithm
591 # Enables TCP Keepalive, subject to the O/S kernel’s configuration
594 # Enables SO_REUSEADDR, which determines when an ActorSystem can open
595 # the specified listen port (the meaning differs between *nix and Windows)
596 # Valid values are "on", "off" and "off-for-windows"
597 # due to the following Windows bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4476378
598 # "off-for-windows" of course means that it's "on" for all other platforms
599 tcp-reuse-addr = off-for-windows
601 # Used to configure the number of I/O worker threads on server sockets
602 server-socket-worker-pool {
603 # Min number of threads to cap factor-based number to
606 # The pool size factor is used to determine thread pool size
607 # using the following formula: ceil(available processors * factor).
608 # Resulting size is then bounded by the pool-size-min and
609 # pool-size-max values.
610 pool-size-factor = 1.0
612 # Max number of threads to cap factor-based number to
616 # Used to configure the number of I/O worker threads on client sockets
617 client-socket-worker-pool {
618 # Min number of threads to cap factor-based number to
621 # The pool size factor is used to determine thread pool size
622 # using the following formula: ceil(available processors * factor).
623 # Resulting size is then bounded by the pool-size-min and
624 # pool-size-max values.
625 pool-size-factor = 1.0
627 # Max number of threads to cap factor-based number to
634 netty.ssl = ${akka.remote.classic.netty.tcp}
636 # Enable SSL/TLS encryption.
637 # This must be enabled on both the client and server to work.
640 # Factory of SSLEngine.
641 # Must implement akka.remote.transport.netty.SSLEngineProvider and have a public
642 # constructor with an ActorSystem parameter.
643 # The default ConfigSSLEngineProvider is configured by properties in section
644 # akka.remote.classic.netty.ssl.security
646 # The SSLEngineProvider can also be defined via ActorSystemSetup with
647 # SSLEngineProviderSetup when starting the ActorSystem. That is useful when
648 # the SSLEngineProvider implementation requires other external constructor
649 # parameters or is created before the ActorSystem is created.
650 # If such SSLEngineProviderSetup is defined this config property is not used.
651 ssl-engine-provider = akka.remote.transport.netty.ConfigSSLEngineProvider
654 # This is the Java Key Store used by the server connection
655 key-store = "keystore"
657 # This password is used for decrypting the key store
658 key-store-password = "changeme"
660 # This password is used for decrypting the key
661 key-password = "changeme"
663 # This is the Java Key Store used by the client connection
664 trust-store = "truststore"
666 # This password is used for decrypting the trust store
667 trust-store-password = "changeme"
669 # Protocol to use for SSL encryption.
672 # Example: ["TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
673 # "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
674 # "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
675 # "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
676 # When doing rolling upgrades, make sure to include both the algorithm used
677 # by old nodes and the preferred algorithm.
678 # If you use a JDK 8 prior to 8u161 you need to install
679 # the JCE Unlimited Strength Jurisdiction Policy Files to use AES 256.
681 # https://www.oracle.com/java/technologies/javase-jce-all-downloads.html
682 enabled-algorithms = ["TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
683 "TLS_RSA_WITH_AES_128_CBC_SHA"]
685 # There are two options, and the default SecureRandom is recommended:
686 # "" or "SecureRandom" => (default)
687 # "SHA1PRNG" => Can be slow because of blocking issues on Linux
689 # Setting a value here may require you to supply the appropriate cipher
690 # suite (see enabled-algorithms section above)
691 random-number-generator = ""
693 # Require mutual authentication between TLS peers
695 # Without mutual authentication only the peer that actively establishes a connection (TLS client side)
696 # checks if the passive side (TLS server side) sends over a trusted certificate. With the flag turned on,
697 # the passive side will also request and verify a certificate from the connecting peer.
699 # To prevent man-in-the-middle attacks this setting is enabled by default.
701 # Note: Nodes that are configured with this setting to 'on' might not be able to receive messages from nodes that
702 # run on older versions of akka-remote. This is because in versions of Akka < 2.4.12 the active side of the remoting
703 # connection will not send over certificates even if asked.
705 # However, starting with Akka 2.4.12, even with this setting "off", the active side (TLS client side)
706 # will use the given key-store to send over a certificate if asked. A rolling upgrade from versions of
707 # Akka < 2.4.12 can therefore work like this:
708 # - upgrade all nodes to an Akka version >= 2.4.12, in the best case the latest version, but keep this setting at "off"
709 # - then switch this flag to "on" and do again a rolling upgrade of all nodes
710 # The first step ensures that all nodes will send over a certificate when asked to. The second
711 # step will ensure that all nodes finally enforce the secure checking of client certificates.
712 require-mutual-authentication = on
716 ### Default configuration for the failure injector transport adapter
719 # Enable debug logging of the failure injector transport adapter
723 backoff-remote-dispatcher {
725 executor = "fork-join-executor"
727 # Min number of threads to cap factor-based parallelism number to
741 ### Configuration for Artery, the new implementation of remoting
744 # Disable artery with this flag
747 # Select the underlying transport implementation.
749 # Possible values: aeron-udp, tcp, tls-tcp
750 # See https://doc.akka.io/docs/akka/current/remoting-artery.html#selecting-a-transport for the tradeoffs
754 # Canonical address is the address other clients should connect to.
755 # Artery transport will expect messages to this address.
758 # The default remote server port clients should connect to.
759 # Default is 25520, use 0 if you want a random available port
760 # This port needs to be unique for each actor system on the same machine.
763 # Hostname clients should connect to. Can be set to an ip, hostname
764 # or one of the following special values:
765 # "<getHostAddress>" InetAddress.getLocalHost.getHostAddress
766 # "<getHostName>" InetAddress.getLocalHost.getHostName
768 hostname = "<getHostAddress>"
771 # Use these settings to bind a network interface to a different address
772 # than artery expects messages at. This may be used when running Akka
773 # nodes in a separated networks (under NATs or in containers). If canonical
774 # and bind addresses are different, then network configuration that relays
775 # communications from canonical to bind addresses is expected.
778 # Port to bind a network interface to. Can be set to a port number
779 # of one of the following special values:
780 # 0 random available port
781 # "" akka.remote.artery.canonical.port
785 # Hostname to bind a network interface to. Can be set to an ip, hostname
786 # or one of the following special values:
787 # "0.0.0.0" all interfaces
788 # "" akka.remote.artery.canonical.hostname
789 # "<getHostAddress>" InetAddress.getLocalHost.getHostAddress
790 # "<getHostName>" InetAddress.getLocalHost.getHostName
794 # Time to wait for Aeron/TCP to bind
799 # Actor paths to use the large message stream for when a message
800 # is sent to them over remoting. The large message stream dedicated
801 # is separate from "normal" and system messages so that sending a
802 # large message does not interfere with them.
803 # Entries should be the full path to the actor. Wildcards in the form of "*"
804 # can be supplied at any place and matches any name at that segment -
805 # "/user/supervisor/actor/*" will match any direct child to actor,
806 # while "/supervisor/*/child" will match any grandchild to "supervisor" that
807 # has the name "child"
808 # Entries have to be specified on both the sending and receiving side.
809 # Messages sent to ActorSelections will not be passed through the large message
810 # stream, to pass such messages through the large message stream the selections
811 # but must be resolved to ActorRefs first.
812 large-message-destinations = []
814 # Enable untrusted mode, which discards inbound system messages, PossiblyHarmful and
815 # ActorSelection messages. E.g. remote watch and remote deployment will not work.
816 # ActorSelection messages can be enabled for specific paths with the trusted-selection-paths
819 # When 'untrusted-mode=on' inbound actor selections are by default discarded.
820 # Actors with paths defined in this list are granted permission to receive actor
821 # selections messages.
822 # E.g. trusted-selection-paths = ["/user/receptionist", "/user/namingService"]
823 trusted-selection-paths = []
825 # If this is "on", all inbound remote messages will be logged at DEBUG level,
826 # if off then they are not logged
827 log-received-messages = off
829 # If this is "on", all outbound remote messages will be logged at DEBUG level,
830 # if off then they are not logged
831 log-sent-messages = off
833 # Logging of message types with payload size in bytes larger than
834 # this value. Maximum detected size per message type is logged once,
835 # with an increase threshold of 10%.
836 # By default this feature is turned off. Activate it by setting the property to
837 # a value in bytes, such as 1000b. Note that for all messages larger than this
838 # limit there will be extra performance and scalability cost.
839 log-frame-size-exceeding = off
843 # Maximum serialized message size, including header data.
844 maximum-frame-size = 256 KiB
846 # Direct byte buffers are reused in a pool with this maximum size.
847 # Each buffer has the size of 'maximum-frame-size'.
848 # This is not a hard upper limit on number of created buffers. Additional
849 # buffers will be created if needed, e.g. when using many outbound
850 # associations at the same time. Such additional buffers will be garbage
851 # collected, which is not as efficient as reusing buffers in the pool.
852 buffer-pool-size = 128
854 # Maximum serialized message size for the large messages, including header data.
855 # It is currently restricted to 1/8th the size of a term buffer that can be
856 # configured by setting the 'aeron.term.buffer.length' system property.
857 # See 'large-message-destinations'.
858 maximum-large-frame-size = 2 MiB
860 # Direct byte buffers for the large messages are reused in a pool with this maximum size.
861 # Each buffer has the size of 'maximum-large-frame-size'.
862 # See 'large-message-destinations'.
863 # This is not a hard upper limit on number of created buffers. Additional
864 # buffers will be created if needed, e.g. when using many outbound
865 # associations at the same time. Such additional buffers will be garbage
866 # collected, which is not as efficient as reusing buffers in the pool.
867 large-buffer-pool-size = 32
869 # For enabling testing features, such as blackhole in akka-remote-testkit.
872 # Settings for the materializer that is used for the remote streams.
873 materializer = ${akka.stream.materializer}
875 # Remoting will use the given dispatcher for the ordinary and large message
877 use-dispatcher = "akka.remote.default-remote-dispatcher"
879 # Remoting will use the given dispatcher for the control stream.
880 # It can be good to not use the same dispatcher for the control stream as
881 # the dispatcher for the ordinary message stream so that heartbeat messages
883 use-control-stream-dispatcher = "akka.actor.internal-dispatcher"
886 # Total number of inbound lanes, shared among all inbound associations. A value
887 # greater than 1 means that deserialization can be performed in parallel for
888 # different destination actors. The selection of lane is based on consistent
889 # hashing of the recipient ActorRef to preserve message ordering per receiver.
890 # Lowest latency can be achieved with inbound-lanes=1 because of one less
891 # asynchronous boundary.
894 # Number of outbound lanes for each outbound association. A value greater than 1
895 # means that serialization and other work can be performed in parallel for different
896 # destination actors. The selection of lane is based on consistent hashing of the
897 # recipient ActorRef to preserve message ordering per receiver. Note that messages
898 # for different destination systems (hosts) are handled by different streams also
899 # when outbound-lanes=1. Lowest latency can be achieved with outbound-lanes=1
900 # because of one less asynchronous boundary.
903 # Size of the send queue for outgoing messages. Messages will be dropped if
904 # the queue becomes full. This may happen if you send a burst of many messages
905 # without end-to-end flow control. Note that there is one such queue per
906 # outbound association. The trade-off of using a larger queue size is that
907 # it consumes more memory, since the queue is based on preallocated array with
909 outbound-message-queue-size = 3072
911 # Size of the send queue for outgoing control messages, such as system messages.
912 # If this limit is reached the remote system is declared to be dead and its UID
913 # marked as quarantined. Note that there is one such queue per outbound association.
914 # It is a linked queue so it will not use more memory than needed but by increasing
915 # too much you may risk OutOfMemoryError in the worst case.
916 outbound-control-queue-size = 20000
918 # Size of the send queue for outgoing large messages. Messages will be dropped if
919 # the queue becomes full. This may happen if you send a burst of many messages
920 # without end-to-end flow control. Note that there is one such queue per
921 # outbound association.
922 # It is a linked queue so it will not use more memory than needed but by increasing
923 # too much you may risk OutOfMemoryError, especially since the message payload
924 # of these messages may be large.
925 outbound-large-message-queue-size = 256
927 # This setting defines the maximum number of unacknowledged system messages
928 # allowed for a remote system. If this limit is reached the remote system is
929 # declared to be dead and its UID marked as quarantined.
930 system-message-buffer-size = 20000
932 # unacknowledged system messages are re-delivered with this interval
933 system-message-resend-interval = 1 second
937 # The timeout for outbound associations to perform the initial handshake.
938 # This timeout must be greater than the 'image-liveness-timeout' when
939 # transport is aeron-udp.
940 handshake-timeout = 20 seconds
942 # incomplete initial handshake attempt is retried with this interval
943 handshake-retry-interval = 1 second
945 # Handshake requests are performed periodically with this interval,
946 # also after the handshake has been completed to be able to establish
947 # a new session with a restarted destination system.
948 inject-handshake-interval = 1 second
951 # System messages that are not acknowledged after re-sending for this period are
952 # dropped and will trigger quarantine. The value should be longer than the length
953 # of a network partition that you need to survive.
954 give-up-system-message-after = 6 hours
956 # Outbound streams are stopped when they haven't been used for this duration.
957 # They are started again when new messages are sent.
958 stop-idle-outbound-after = 5 minutes
960 # Outbound streams are quarantined when they haven't been used for this duration
961 # to cleanup resources used by the association, such as compression tables.
962 # This will cleanup association to crashed systems that didn't announce their
964 # The value should be longer than the length of a network partition that you
966 # The value must also be greater than stop-idle-outbound-after.
967 # Once every 1/10 of this duration an extra handshake message will be sent.
968 # Therfore it's also recommended to use a value that is greater than 10 times
969 # the stop-idle-outbound-after, since otherwise the idle streams will not be
971 quarantine-idle-outbound-after = 6 hours
973 # Stop outbound stream of a quarantined association after this idle timeout, i.e.
974 # when not used any more.
975 stop-quarantined-after-idle = 3 seconds
977 # After catastrophic communication failures that could result in the loss of system
978 # messages or after the remote DeathWatch triggers the remote system gets
979 # quarantined to prevent inconsistent behavior.
980 # This setting controls how long the quarantined association will be kept around
981 # before being removed to avoid long-term memory leaks. It must be quarantined
982 # and also unused for this duration before it's removed. When removed the historical
983 # information about which UIDs that were quarantined for that hostname:port is
984 # gone which could result in communication with a previously quarantined node
985 # if it wakes up again. Therfore this shouldn't be set too low.
986 remove-quarantined-association-after = 1 h
988 # during ActorSystem termination the remoting will wait this long for
989 # an acknowledgment by the destination system that flushing of outstanding
990 # remote messages has been completed
991 shutdown-flush-timeout = 1 second
993 # Before sending notificaiton of terminated actor (DeathWatchNotification) other messages
994 # will be flushed to make sure that the Terminated message arrives after other messages.
995 # It will wait this long for the flush acknowledgement before continuing.
996 # The flushing can be disabled by setting this to `off`.
997 death-watch-notification-flush-timeout = 3 seconds
999 # See 'inbound-max-restarts'
1000 inbound-restart-timeout = 5 seconds
1002 # Max number of restarts within 'inbound-restart-timeout' for the inbound streams.
1003 # If more restarts occurs the ActorSystem will be terminated.
1004 inbound-max-restarts = 5
1006 # Retry outbound connection after this backoff.
1007 # Only used when transport is tcp or tls-tcp.
1008 outbound-restart-backoff = 1 second
1010 # See 'outbound-max-restarts'
1011 outbound-restart-timeout = 5 seconds
1013 # Max number of restarts within 'outbound-restart-timeout' for the outbound streams.
1014 # If more restarts occurs the ActorSystem will be terminated.
1015 outbound-max-restarts = 5
1017 # compression of common strings in remoting messages, like actor destinations, serializers etc
1021 # Max number of compressed actor-refs
1022 # Note that compression tables are "rolling" (i.e. a new table replaces the old
1023 # compression table once in a while), and this setting is only about the total number
1024 # of compressions within a single such table.
1025 # Must be a positive natural number. Can be disabled with "off".
1028 # interval between new table compression advertisements.
1029 # this means the time during which we collect heavy-hitter data and then turn it into a compression table.
1030 advertisement-interval = 1 minute
1033 # Max number of compressed manifests
1034 # Note that compression tables are "rolling" (i.e. a new table replaces the old
1035 # compression table once in a while), and this setting is only about the total number
1036 # of compressions within a single such table.
1037 # Must be a positive natural number. Can be disabled with "off".
1040 # interval between new table compression advertisements.
1041 # this means the time during which we collect heavy-hitter data and then turn it into a compression table.
1042 advertisement-interval = 1 minute
1046 # List of fully qualified class names of remote instruments which should
1047 # be initialized and used for monitoring of remote messages.
1048 # The class must extend akka.remote.artery.RemoteInstrument and
1049 # have a public constructor with empty parameters or one ExtendedActorSystem
1051 # A new instance of RemoteInstrument will be created for each encoder and decoder.
1052 # It's only called from the stage, so if it dosn't delegate to any shared instance
1053 # it doesn't have to be thread-safe.
1054 # Refer to `akka.remote.artery.RemoteInstrument` for more information.
1055 instruments = ${?akka.remote.artery.advanced.instruments} []
1057 # Only used when transport is aeron-udp
1059 # Periodically log out all Aeron counters. See https://github.com/real-logic/aeron/wiki/Monitoring-and-Debugging#counters
1060 # Only used when transport is aeron-udp.
1061 log-aeron-counters = false
1063 # Controls whether to start the Aeron media driver in the same JVM or use external
1064 # process. Set to 'off' when using external media driver, and then also set the
1066 # Only used when transport is aeron-udp.
1067 embedded-media-driver = on
1069 # Directory used by the Aeron media driver. It's mandatory to define the 'aeron-dir'
1070 # if using external media driver, i.e. when 'embedded-media-driver = off'.
1071 # Embedded media driver will use a this directory, or a temporary directory if this
1072 # property is not defined (empty).
1073 # Only used when transport is aeron-udp.
1076 # Whether to delete aeron embedded driver directory upon driver stop.
1077 # Only used when transport is aeron-udp.
1078 delete-aeron-dir = yes
1080 # Level of CPU time used, on a scale between 1 and 10, during backoff/idle.
1081 # The tradeoff is that to have low latency more CPU time must be used to be
1082 # able to react quickly on incoming messages or send as fast as possible after
1083 # backoff backpressure.
1084 # Level 1 strongly prefer low CPU consumption over low latency.
1085 # Level 10 strongly prefer low latency over low CPU consumption.
1086 # Only used when transport is aeron-udp.
1089 # messages that are not accepted by Aeron are dropped after retrying for this period
1090 # Only used when transport is aeron-udp.
1091 give-up-message-after = 60 seconds
1093 # Timeout after which aeron driver has not had keepalive messages
1094 # from a client before it considers the client dead.
1095 # Only used when transport is aeron-udp.
1096 client-liveness-timeout = 20 seconds
1098 # Timout after after which an uncommitted publication will be unblocked
1099 # Only used when transport is aeron-udp.
1100 publication-unblock-timeout = 40 seconds
1102 # Timeout for each the INACTIVE and LINGER stages an aeron image
1103 # will be retained for when it is no longer referenced.
1104 # This timeout must be less than the 'handshake-timeout'.
1105 # Only used when transport is aeron-udp.
1106 image-liveness-timeout = 10 seconds
1108 # Timeout after which the aeron driver is considered dead
1109 # if it does not update its C'n'C timestamp.
1110 # Only used when transport is aeron-udp.
1111 driver-timeout = 20 seconds
1114 # Only used when transport is tcp or tls-tcp.
1116 # Timeout of establishing outbound connections.
1117 connection-timeout = 5 seconds
1119 # The local address that is used for the client side of the TCP connection.
1120 outbound-client-hostname = ""
1125 # SSL configuration that is used when transport=tls-tcp.
1127 # Factory of SSLEngine.
1128 # Must implement akka.remote.artery.tcp.SSLEngineProvider and have a public
1129 # constructor with an ActorSystem parameter.
1130 # The default ConfigSSLEngineProvider is configured by properties in section
1131 # akka.remote.artery.ssl.config-ssl-engine
1132 ssl-engine-provider = akka.remote.artery.tcp.ConfigSSLEngineProvider
1134 # Config of akka.remote.artery.tcp.ConfigSSLEngineProvider
1137 # This is the Java Key Store used by the server connection
1138 key-store = "keystore"
1140 # This password is used for decrypting the key store
1141 # Use substitution from environment variables for passwords. Don't define
1142 # real passwords in config files. key-store-password=${SSL_KEY_STORE_PASSWORD}
1143 key-store-password = "changeme"
1145 # This password is used for decrypting the key
1146 # Use substitution from environment variables for passwords. Don't define
1147 # real passwords in config files. key-password=${SSL_KEY_PASSWORD}
1148 key-password = "changeme"
1150 # This is the Java Key Store used by the client connection
1151 trust-store = "truststore"
1153 # This password is used for decrypting the trust store
1154 # Use substitution from environment variables for passwords. Don't define
1155 # real passwords in config files. trust-store-password=${SSL_TRUST_STORE_PASSWORD}
1156 trust-store-password = "changeme"
1158 # Protocol to use for SSL encryption.
1159 protocol = "TLSv1.2"
1161 # Example: ["TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
1162 # "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
1163 # "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
1164 # "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
1165 # When doing rolling upgrades, make sure to include both the algorithm used
1166 # by old nodes and the preferred algorithm.
1167 # If you use a JDK 8 prior to 8u161 you need to install
1168 # the JCE Unlimited Strength Jurisdiction Policy Files to use AES 256.
1170 # https://www.oracle.com/java/technologies/javase-jce-all-downloads.html
1171 enabled-algorithms = ["TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
1172 "TLS_RSA_WITH_AES_128_CBC_SHA"]
1174 # There are two options, and the default SecureRandom is recommended:
1175 # "" or "SecureRandom" => (default)
1176 # "SHA1PRNG" => Can be slow because of blocking issues on Linux
1178 # Setting a value here may require you to supply the appropriate cipher
1179 # suite (see enabled-algorithms section above)
1180 random-number-generator = ""
1182 # Require mutual authentication between TLS peers
1184 # Without mutual authentication only the peer that actively establishes a connection (TLS client side)
1185 # checks if the passive side (TLS server side) sends over a trusted certificate. With the flag turned on,
1186 # the passive side will also request and verify a certificate from the connecting peer.
1188 # To prevent man-in-the-middle attacks this setting is enabled by default.
1189 require-mutual-authentication = on
1191 # Set this to `on` to verify hostnames with sun.security.util.HostnameChecker
1192 # If possible it is recommended to have this enabled. Hostname verification is designed for
1193 # situations where things locate each other by hostname, in scenarios where host names are dynamic
1194 # and not known up front it can make sense to have this disabled.
1195 hostname-verification = off
1198 # Config of akka.remote.artery.tcp.ssl.RotatingKeysSSLEngineProvider
1199 # This engine provider reads PEM files from a mount point shared with the secret
1200 # manager. The constructed SSLContext is cached some time (configurable) so when
1201 # the credentials rotate the new credentials are eventually picked up.
1202 # By default mTLS is enabled.
1203 # This provider also includes a verification phase that runs after the TLS handshake
1204 # phase. In this verification, both peers run an authorization and verify they are
1205 # part of the same akka cluster. The verification happens via comparing the subject
1206 # names in the peer's certificate with the name on the own certificate so if you
1207 # use this SSLEngineProvider you should make sure all nodes on the cluster include
1208 # at least one common subject name (CN or SAN).
1209 # The Key setup this implementation supports has some limitations:
1210 # 1. the private key must be provided on a PKCS#1 or a non-encrypted PKCS#8 PEM-formatted file
1211 # 2. the private key must be be of an algorythm supported by `akka-pki` tools (e.g. "RSA", not "EC")
1212 # 3. the node certificate must be issued by a root CA (not an intermediate CA)
1213 # 4. both the node and the CA certificates must be provided in PEM-formatted files
1214 rotating-keys-engine {
1216 # This is a convention that people may follow if they wish to save themselves some configuration
1217 secret-mount-point = /var/run/secrets/akka-tls/rotating-keys-engine
1219 # The absolute path the PEM file with the private key.
1220 key-file = ${akka.remote.artery.ssl.rotating-keys-engine.secret-mount-point}/tls.key
1221 # The absolute path to the PEM file of the certificate for the private key above.
1222 cert-file = ${akka.remote.artery.ssl.rotating-keys-engine.secret-mount-point}/tls.crt
1223 # The absolute path to the PEM file of the certificate of the CA that emited
1224 # the node certificate above.
1225 ca-cert-file = ${akka.remote.artery.ssl.rotating-keys-engine.secret-mount-point}/ca.crt
1227 # There are two options, and the default SecureRandom is recommended:
1228 # "" or "SecureRandom" => (default)
1229 # "SHA1PRNG" => Can be slow because of blocking issues on Linux
1231 # Setting a value here may require you to supply the appropriate cipher
1232 # suite (see enabled-algorithms section)
1233 random-number-generator = ""
1235 # Example: ["TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
1236 # "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
1237 # "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
1238 # "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
1239 # If you use a JDK 8 prior to 8u161 you need to install
1240 # the JCE Unlimited Strength Jurisdiction Policy Files to use AES 256.
1242 # https://www.oracle.com/java/technologies/javase-jce-all-downloads.html
1243 enabled-algorithms = ["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
1245 # Protocol to use for SSL encryption.
1246 protocol = "TLSv1.2"
1248 # How long should an SSLContext instance be cached. When rotating keys and certificates,
1249 # there must a time overlap between the old certificate/key and the new ones. The
1250 # value of this setting should be lower than duration of that overlap.
1251 ssl-context-cache-ttl = 5m