2 #####################################
3 # Akka Remote Reference Config File #
4 #####################################
6 # This is the reference config file that contains all the default settings.
7 # Make your edits/overrides in your application.conf.
9 # comments about akka.actor settings left out where they are already in akka-
10 # actor.jar, because otherwise they would be repeated in config rendering.
12 # For the configuration of the new remoting implementation (Artery) please look
13 # at the bottom section of this file as it is listed separately.
20 akka-containers = "akka.remote.serialization.MessageContainerSerializer"
21 akka-misc = "akka.remote.serialization.MiscMessageSerializer"
22 artery = "akka.remote.serialization.ArteryMessageSerializer"
23 proto = "akka.remote.serialization.ProtobufSerializer"
24 daemon-create = "akka.remote.serialization.DaemonMsgCreateSerializer"
25 primitive-long = "akka.remote.serialization.LongSerializer"
26 primitive-int = "akka.remote.serialization.IntSerializer"
27 primitive-string = "akka.remote.serialization.StringSerializer"
28 primitive-bytestring = "akka.remote.serialization.ByteStringSerializer"
29 akka-system-msg = "akka.remote.serialization.SystemMessageSerializer"
32 serialization-bindings {
33 "akka.actor.ActorSelectionMessage" = akka-containers
35 "akka.remote.DaemonMsgCreate" = daemon-create
37 "akka.remote.artery.ArteryMessage" = artery
39 # Since akka.protobuf.Message does not extend Serializable but
40 # GeneratedMessage does, need to use the more specific one here in order
42 "akka.protobuf.GeneratedMessage" = proto
44 # Since com.google.protobuf.Message does not extend Serializable but
45 # GeneratedMessage does, need to use the more specific one here in order
47 # This com.google.protobuf serialization binding is only used if the class can be loaded,
48 # i.e. com.google.protobuf dependency has been added in the application project.
49 "com.google.protobuf.GeneratedMessage" = proto
51 "java.util.Optional" = akka-misc
54 # The following are handled by the MiscMessageSerializer, but they are not enabled for
55 # compatibility reasons (it was added in Akka 2.5.[8,9,12]). Enable them by adding:
56 # akka.actor.serialization-bindings {
57 # "akka.Done" = akka-misc
58 # "akka.NotUsed" = akka-misc
59 # "akka.actor.Address" = akka-misc
60 # "akka.remote.UniqueAddress" = akka-misc
64 # Additional serialization-bindings that are replacing Java serialization are
65 # defined in this section for backwards compatibility reasons. They are included
66 # by default but can be excluded for backwards compatibility with Akka 2.4.x.
67 # They can be disabled with enable-additional-serialization-bindings=off.
68 additional-serialization-bindings {
69 "akka.actor.Identify" = akka-misc
70 "akka.actor.ActorIdentity" = akka-misc
71 "scala.Some" = akka-misc
72 "scala.None$" = akka-misc
73 "akka.actor.Status$Success" = akka-misc
74 "akka.actor.Status$Failure" = akka-misc
75 "akka.actor.ActorRef" = akka-misc
76 "akka.actor.PoisonPill$" = akka-misc
77 "akka.actor.Kill$" = akka-misc
78 "akka.remote.RemoteWatcher$Heartbeat$" = akka-misc
79 "akka.remote.RemoteWatcher$HeartbeatRsp" = akka-misc
80 "akka.actor.ActorInitializationException" = akka-misc
82 "akka.dispatch.sysmsg.SystemMessage" = akka-system-msg
84 "java.lang.String" = primitive-string
85 "akka.util.ByteString$ByteString1C" = primitive-bytestring
86 "akka.util.ByteString$ByteString1" = primitive-bytestring
87 "akka.util.ByteString$ByteStrings" = primitive-bytestring
88 "java.lang.Long" = primitive-long
89 "scala.Long" = primitive-long
90 "java.lang.Integer" = primitive-int
91 "scala.Int" = primitive-int
93 # Java Serializer is by default used for exceptions.
94 # It's recommended that you implement custom serializer for exceptions that are
95 # sent remotely, e.g. in akka.actor.Status.Failure for ask replies. You can add
96 # binding to akka-misc (MiscMessageSerializerSpec) for the exceptions that have
97 # a constructor with single message String or constructor with message String as
98 # first parameter and cause Throwable as second parameter. Note that it's not
99 # safe to add this binding for general exceptions such as IllegalArgumentException
100 # because it may have a subclass without required constructor.
101 "java.lang.Throwable" = java
102 "akka.actor.IllegalActorStateException" = akka-misc
103 "akka.actor.ActorKilledException" = akka-misc
104 "akka.actor.InvalidActorNameException" = akka-misc
105 "akka.actor.InvalidMessageException" = akka-misc
107 # TODO issue #27330: TimeoutException not enabled for serialization in 2.5.x yet
108 #"java.util.concurrent.TimeoutException" = akka-misc
109 # TODO issue #27330: ThrowableNotSerializableException not enabled for serialization in 2.5.x yet
110 #"akka.remote.serialization.ThrowableNotSerializableException" = akka-misc
112 "akka.actor.LocalScope$" = akka-misc
113 "akka.remote.RemoteScope" = akka-misc
115 "com.typesafe.config.impl.SimpleConfig" = akka-misc
116 "com.typesafe.config.Config" = akka-misc
118 "akka.routing.FromConfig" = akka-misc
119 "akka.routing.DefaultResizer" = akka-misc
120 "akka.routing.BalancingPool" = akka-misc
121 "akka.routing.BroadcastGroup" = akka-misc
122 "akka.routing.BroadcastPool" = akka-misc
123 "akka.routing.RandomGroup" = akka-misc
124 "akka.routing.RandomPool" = akka-misc
125 "akka.routing.RoundRobinGroup" = akka-misc
126 "akka.routing.RoundRobinPool" = akka-misc
127 "akka.routing.ScatterGatherFirstCompletedGroup" = akka-misc
128 "akka.routing.ScatterGatherFirstCompletedPool" = akka-misc
129 "akka.routing.SmallestMailboxPool" = akka-misc
130 "akka.routing.TailChoppingGroup" = akka-misc
131 "akka.routing.TailChoppingPool" = akka-misc
132 "akka.remote.routing.RemoteRouterConfig" = akka-misc
135 # Additional serialization bindings which are enabled automatically when allow-java-serialization is disabled.
136 java-serialization-disabled-additional-serialization-bindings = {
137 "akka.Done" = akka-misc
138 "akka.NotUsed" = akka-misc
139 "akka.actor.Address" = akka-misc
140 "akka.remote.UniqueAddress" = akka-misc
143 serialization-identifiers {
144 "akka.remote.serialization.ProtobufSerializer" = 2
145 "akka.remote.serialization.DaemonMsgCreateSerializer" = 3
146 "akka.remote.serialization.MessageContainerSerializer" = 6
147 "akka.remote.serialization.MiscMessageSerializer" = 16
148 "akka.remote.serialization.ArteryMessageSerializer" = 17
149 "akka.remote.serialization.LongSerializer" = 18
150 "akka.remote.serialization.IntSerializer" = 19
151 "akka.remote.serialization.StringSerializer" = 20
152 "akka.remote.serialization.ByteStringSerializer" = 21
153 "akka.remote.serialization.SystemMessageSerializer" = 22
160 # if this is set to a valid remote address, the named actor will be
161 # deployed at that node e.g. "akka.tcp://sys@host:port"
166 # A list of hostnames and ports for instantiating the children of a
168 # The format should be on "akka.tcp://sys@host:port", where:
169 # - sys is the remote actor system name
170 # - hostname can be either hostname or IP address the remote actor
172 # - port should be the port for the remote server on the other node
173 # The number of actor instances to be spawned is still taken from the
174 # nr-of-instances setting as for local routers; the instances will be
175 # distributed round-robin among the given nodes.
184 ### Settings shared by classic remoting and Artery (the new implementation of remoting)
186 # If set to a nonempty string remoting will use the given dispatcher for
187 # its internal actors otherwise the default dispatcher is used. Please note
188 # that since remoting can load arbitrary 3rd party drivers (see
189 # "enabled-transport" and "adapters" entries) it is not guaranteed that
190 # every module will respect this setting.
191 use-dispatcher = "akka.remote.default-remote-dispatcher"
193 # Settings for the failure detector to monitor connections.
194 # For TCP it is not important to have fast failure detection, since
195 # most connection failures are captured by TCP itself.
196 # The default DeadlineFailureDetector will trigger if there are no heartbeats within
197 # the duration heartbeat-interval + acceptable-heartbeat-pause, i.e. 124 seconds
198 # with the default settings.
199 transport-failure-detector {
201 # FQCN of the failure detector implementation.
202 # It must implement akka.remote.FailureDetector and have
203 # a public constructor with a com.typesafe.config.Config and
204 # akka.actor.EventStream parameter.
205 implementation-class = "akka.remote.DeadlineFailureDetector"
207 # How often keep-alive heartbeat messages should be sent to each connection.
208 heartbeat-interval = 4 s
210 # Number of potentially lost/delayed heartbeats that will be
211 # accepted before considering it to be an anomaly.
212 # A margin to the `heartbeat-interval` is important to be able to survive sudden,
213 # occasional, pauses in heartbeat arrivals, due to for example garbage collect or
215 acceptable-heartbeat-pause = 120 s
218 # Settings for the Phi accrual failure detector (http://www.jaist.ac.jp/~defago/files/pdf/IS_RR_2004_010.pdf
219 # [Hayashibara et al]) used for remote death watch.
220 # The default PhiAccrualFailureDetector will trigger if there are no heartbeats within
221 # the duration heartbeat-interval + acceptable-heartbeat-pause + threshold_adjustment,
222 # i.e. around 12.5 seconds with default settings.
223 watch-failure-detector {
225 # FQCN of the failure detector implementation.
226 # It must implement akka.remote.FailureDetector and have
227 # a public constructor with a com.typesafe.config.Config and
228 # akka.actor.EventStream parameter.
229 implementation-class = "akka.remote.PhiAccrualFailureDetector"
231 # How often keep-alive heartbeat messages should be sent to each connection.
232 heartbeat-interval = 1 s
234 # Defines the failure detector threshold.
235 # A low threshold is prone to generate many wrong suspicions but ensures
236 # a quick detection in the event of a real crash. Conversely, a high
237 # threshold generates fewer mistakes but needs more time to detect
241 # Number of the samples of inter-heartbeat arrival times to adaptively
242 # calculate the failure timeout for connections.
243 max-sample-size = 200
245 # Minimum standard deviation to use for the normal distribution in
246 # AccrualFailureDetector. Too low standard deviation might result in
247 # too much sensitivity for sudden, but normal, deviations in heartbeat
248 # inter arrival times.
249 min-std-deviation = 100 ms
251 # Number of potentially lost/delayed heartbeats that will be
252 # accepted before considering it to be an anomaly.
253 # This margin is important to be able to survive sudden, occasional,
254 # pauses in heartbeat arrivals, due to for example garbage collect or
256 acceptable-heartbeat-pause = 10 s
259 # How often to check for nodes marked as unreachable by the failure
261 unreachable-nodes-reaper-interval = 1s
263 # After the heartbeat request has been sent the first failure detection
264 # will start after this period, even though no heartbeat mesage has
266 expected-response-after = 1 s
270 # remote deployment configuration section
272 # If true, will only allow specific classes to be instanciated on this system via remote deployment
273 enable-whitelist = off
287 ### Configuration for classic remoting
289 # Timeout after which the startup of the remoting subsystem is considered
290 # to be failed. Increase this value if your transport drivers (see the
291 # enabled-transports section) need longer time to be loaded.
292 startup-timeout = 10 s
294 # Timout after which the graceful shutdown of the remoting subsystem is
295 # considered to be failed. After the timeout the remoting system is
296 # forcefully shut down. Increase this value if your transport drivers
297 # (see the enabled-transports section) need longer time to stop properly.
298 shutdown-timeout = 10 s
300 # Before shutting down the drivers, the remoting subsystem attempts to flush
301 # all pending writes. This setting controls the maximum time the remoting is
302 # willing to wait before moving on to shut down the drivers.
303 flush-wait-on-shutdown = 2 s
305 # Reuse inbound connections for outbound messages
306 use-passive-connections = on
308 # Controls the backoff interval after a refused write is reattempted.
309 # (Transports may refuse writes if their internal buffer is full)
310 backoff-interval = 5 ms
312 # Acknowledgment timeout of management commands sent to the transport stack.
313 command-ack-timeout = 30 s
315 # The timeout for outbound associations to perform the handshake.
316 # If the transport is akka.remote.netty.tcp or akka.remote.netty.ssl
317 # the configured connection-timeout for the transport will be used instead.
318 handshake-timeout = 15 s
320 ### Security settings
322 # Enable untrusted mode for full security of server managed actors, prevents
323 # system messages to be send by clients, e.g. messages like 'Create',
324 # 'Suspend', 'Resume', 'Terminate', 'Supervise', 'Link' etc.
327 # When 'untrusted-mode=on' inbound actor selections are by default discarded.
328 # Actors with paths defined in this white list are granted permission to receive actor
329 # selections messages.
330 # E.g. trusted-selection-paths = ["/user/receptionist", "/user/namingService"]
331 trusted-selection-paths = []
333 # Should the remote server require that its peers share the same
334 # secure-cookie (defined in the 'remote' section)? Secure cookies are passed
335 # between during the initial handshake. Connections are refused if the initial
336 # message contains a mismatching cookie or the cookie is missing.
339 # Deprecated since 2.4-M1
344 # If this is "on", Akka will log all inbound messages at DEBUG level,
345 # if off then they are not logged
346 log-received-messages = off
348 # If this is "on", Akka will log all outbound messages at DEBUG level,
349 # if off then they are not logged
350 log-sent-messages = off
352 # Sets the log granularity level at which Akka logs remoting events. This setting
353 # can take the values OFF, ERROR, WARNING, INFO, DEBUG, or ON. For compatibility
354 # reasons the setting "on" will default to "debug" level. Please note that the effective
355 # logging level is still determined by the global logging level of the actor system:
356 # for example debug level remoting events will be only logged if the system
357 # is running with debug level logging.
358 # Failures to deserialize received messages also fall under this flag.
359 log-remote-lifecycle-events = on
361 # Logging of message types with payload size in bytes larger than
362 # this value. Maximum detected size per message type is logged once,
363 # with an increase threshold of 10%.
364 # By default this feature is turned off. Activate it by setting the property to
365 # a value in bytes, such as 1000b. Note that for all messages larger than this
366 # limit there will be extra performance and scalability cost.
367 log-frame-size-exceeding = off
369 # Log warning if the number of messages in the backoff buffer in the endpoint
370 # writer exceeds this limit. It can be disabled by setting the value to off.
371 log-buffer-size-exceeding = 50000
373 # After failed to establish an outbound connection, the remoting will mark the
374 # address as failed. This configuration option controls how much time should
375 # be elapsed before reattempting a new connection. While the address is
376 # gated, all messages sent to the address are delivered to dead-letters.
377 # Since this setting limits the rate of reconnects setting it to a
378 # very short interval (i.e. less than a second) may result in a storm of
379 # reconnect attempts.
380 retry-gate-closed-for = 5 s
382 # After catastrophic communication failures that result in the loss of system
383 # messages or after the remote DeathWatch triggers the remote system gets
384 # quarantined to prevent inconsistent behavior.
385 # This setting controls how long the Quarantine marker will be kept around
386 # before being removed to avoid long-term memory leaks.
387 # WARNING: DO NOT change this to a small value to re-enable communication with
388 # quarantined nodes. Such feature is not supported and any behavior between
389 # the affected systems after lifting the quarantine is undefined.
390 prune-quarantine-marker-after = 5 d
392 # If system messages have been exchanged between two systems (i.e. remote death
393 # watch or remote deployment has been used) a remote system will be marked as
394 # quarantined after the two system has no active association, and no
395 # communication happens during the time configured here.
396 # The only purpose of this setting is to avoid storing system message redelivery
397 # data (sequence number state, etc.) for an undefined amount of time leading to long
398 # term memory leak. Instead, if a system has been gone for this period,
400 # - there is no association between the two systems (TCP connection, if TCP transport is used)
401 # - neither side has been attempting to communicate with the other
402 # - there are no pending system messages to deliver
403 # for the amount of time configured here, the remote system will be quarantined and all state
404 # associated with it will be dropped.
406 # Maximum value depends on the scheduler's max limit (default 248 days) and if configured
407 # to a longer duration this feature will effectively be disabled. Setting the value to
408 # 'off' will also disable the feature. Note that if disabled there is a risk of a long
410 quarantine-after-silence = 2 d
412 # This setting defines the maximum number of unacknowledged system messages
413 # allowed for a remote system. If this limit is reached the remote system is
414 # declared to be dead and its UID marked as tainted.
415 system-message-buffer-size = 20000
417 # This setting defines the maximum idle time after an individual
418 # acknowledgement for system messages is sent. System message delivery
419 # is guaranteed by explicit acknowledgement messages. These acks are
420 # piggybacked on ordinary traffic messages. If no traffic is detected
421 # during the time period configured here, the remoting will send out
423 system-message-ack-piggyback-timeout = 0.3 s
425 # This setting defines the time after internal management signals
426 # between actors (used for DeathWatch and supervision) that have not been
427 # explicitly acknowledged or negatively acknowledged are resent.
428 # Messages that were negatively acknowledged are always immediately
430 resend-interval = 2 s
432 # Maximum number of unacknowledged system messages that will be resent
433 # each 'resend-interval'. If you watch many (> 1000) remote actors you can
434 # increase this value to for example 600, but a too large limit (e.g. 10000)
435 # may flood the connection and might cause false failure detection to trigger.
436 # Test such a configuration by watching all actors at the same time and stop
437 # all watched actors at the same time.
440 # WARNING: this setting should not be not changed unless all of its consequences
441 # are properly understood which assumes experience with remoting internals
443 # This setting defines the time after redelivery attempts of internal management
444 # signals are stopped to a remote system that has been not confirmed to be alive by
445 # this system before.
446 initial-system-message-delivery-timeout = 3 m
448 ### Transports and adapters
450 # List of the transport drivers that will be loaded by the remoting.
451 # A list of fully qualified config paths must be provided where
452 # the given configuration path contains a transport-class key
453 # pointing to an implementation class of the Transport interface.
454 # If multiple transports are provided, the address of the first
455 # one will be used as a default address.
456 enabled-transports = ["akka.remote.netty.tcp"]
458 # Transport drivers can be augmented with adapters by adding their
459 # name to the applied-adapters setting in the configuration of a
460 # transport. The available adapters should be configured in this
461 # section by providing a name, and the fully qualified name of
462 # their corresponding implementation. The class given here
463 # must implement akka.akka.remote.transport.TransportAdapterProvider
464 # and have public constructor without parameters.
466 gremlin = "akka.remote.transport.FailureInjectorProvider"
467 trttl = "akka.remote.transport.ThrottlerProvider"
470 ### Default configuration for the Netty based transport drivers
473 # The class given here must implement the akka.remote.transport.Transport
474 # interface and offer a public constructor which takes two arguments:
475 # 1) akka.actor.ExtendedActorSystem
476 # 2) com.typesafe.config.Config
477 transport-class = "akka.remote.transport.netty.NettyTransport"
479 # Transport drivers can be augmented with adapters by adding their
480 # name to the applied-adapters list. The last adapter in the
481 # list is the adapter immediately above the driver, while
482 # the first one is the top of the stack below the standard
484 applied-adapters = []
486 transport-protocol = tcp
488 # The default remote server port clients should connect to.
489 # Default is 2552 (AKKA), use 0 if you want a random available port
490 # This port needs to be unique for each actor system on the same machine.
493 # The hostname or ip clients should connect to.
494 # InetAddress.getLocalHost.getHostAddress is used if empty
497 # Use this setting to bind a network interface to a different port
498 # than remoting protocol expects messages at. This may be used
499 # when running akka nodes in a separated networks (under NATs or docker containers).
500 # Use 0 if you want a random available port. Examples:
502 # akka.remote.netty.tcp.port = 2552
503 # akka.remote.netty.tcp.bind-port = 2553
504 # Network interface will be bound to the 2553 port, but remoting protocol will
505 # expect messages sent to port 2552.
507 # akka.remote.netty.tcp.port = 0
508 # akka.remote.netty.tcp.bind-port = 0
509 # Network interface will be bound to a random port, and remoting protocol will
510 # expect messages sent to the bound port.
512 # akka.remote.netty.tcp.port = 2552
513 # akka.remote.netty.tcp.bind-port = 0
514 # Network interface will be bound to a random port, but remoting protocol will
515 # expect messages sent to port 2552.
517 # akka.remote.netty.tcp.port = 0
518 # akka.remote.netty.tcp.bind-port = 2553
519 # Network interface will be bound to the 2553 port, and remoting protocol will
520 # expect messages sent to the bound port.
522 # akka.remote.netty.tcp.port = 2552
523 # akka.remote.netty.tcp.bind-port = ""
524 # Network interface will be bound to the 2552 port, and remoting protocol will
525 # expect messages sent to the bound port.
527 # akka.remote.netty.tcp.port if empty
530 # Use this setting to bind a network interface to a different hostname or ip
531 # than remoting protocol expects messages at.
532 # Use "0.0.0.0" to bind to all interfaces.
533 # akka.remote.netty.tcp.hostname if empty
536 # Enables SSL support on this transport
539 # Sets the connectTimeoutMillis of all outbound connections,
540 # i.e. how long a connect may take until it is timed out
541 connection-timeout = 15 s
543 # If set to "<id.of.dispatcher>" then the specified dispatcher
544 # will be used to accept inbound connections, and perform IO. If "" then
545 # dedicated threads will be used.
546 # Please note that the Netty driver only uses this configuration and does
547 # not read the "akka.remote.use-dispatcher" entry. Instead it has to be
548 # configured manually to point to the same dispatcher if needed.
549 use-dispatcher-for-io = ""
551 # Sets the high water mark for the in and outbound sockets,
552 # set to 0b for platform default
553 write-buffer-high-water-mark = 0b
555 # Sets the low water mark for the in and outbound sockets,
556 # set to 0b for platform default
557 write-buffer-low-water-mark = 0b
559 # Sets the send buffer size of the Sockets,
560 # set to 0b for platform default
561 send-buffer-size = 256000b
563 # Sets the receive buffer size of the Sockets,
564 # set to 0b for platform default
565 receive-buffer-size = 256000b
567 # Maximum message size the transport will accept, but at least
569 # Please note that UDP does not support arbitrary large datagrams,
570 # so this setting has to be chosen carefully when using UDP.
571 # Both send-buffer-size and receive-buffer-size settings has to
572 # be adjusted to be able to buffer messages of maximum size.
573 maximum-frame-size = 128000b
575 # Sets the size of the connection backlog
578 # Enables the TCP_NODELAY flag, i.e. disables Nagle’s algorithm
581 # Enables TCP Keepalive, subject to the O/S kernel’s configuration
584 # Enables SO_REUSEADDR, which determines when an ActorSystem can open
585 # the specified listen port (the meaning differs between *nix and Windows)
586 # Valid values are "on", "off" and "off-for-windows"
587 # due to the following Windows bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4476378
588 # "off-for-windows" of course means that it's "on" for all other platforms
589 tcp-reuse-addr = off-for-windows
591 # Used to configure the number of I/O worker threads on server sockets
592 server-socket-worker-pool {
593 # Min number of threads to cap factor-based number to
596 # The pool size factor is used to determine thread pool size
597 # using the following formula: ceil(available processors * factor).
598 # Resulting size is then bounded by the pool-size-min and
599 # pool-size-max values.
600 pool-size-factor = 1.0
602 # Max number of threads to cap factor-based number to
606 # Used to configure the number of I/O worker threads on client sockets
607 client-socket-worker-pool {
608 # Min number of threads to cap factor-based number to
611 # The pool size factor is used to determine thread pool size
612 # using the following formula: ceil(available processors * factor).
613 # Resulting size is then bounded by the pool-size-min and
614 # pool-size-max values.
615 pool-size-factor = 1.0
617 # Max number of threads to cap factor-based number to
624 # DEPRECATED, since 2.5.0
625 # The netty.udp transport is deprecated, please use Artery instead.
626 # See: https://doc.akka.io/docs/akka/current/remoting-artery.html
627 netty.udp = ${akka.remote.netty.tcp}
629 transport-protocol = udp
632 netty.ssl = ${akka.remote.netty.tcp}
634 # Enable SSL/TLS encryption.
635 # This must be enabled on both the client and server to work.
638 # Factory of SSLEngine.
639 # Must implement akka.remote.transport.netty.SSLEngineProvider and have a public
640 # constructor with an ActorSystem parameter.
641 # The default ConfigSSLEngineProvider is configured by properties in section
642 # akka.remote.netty.ssl.security
644 # The SSLEngineProvider can also be defined via ActorSystemSetup with
645 # SSLEngineProviderSetup when starting the ActorSystem. That is useful when
646 # the SSLEngineProvider implementation requires other external constructor
647 # parameters or is created before the ActorSystem is created.
648 # If such SSLEngineProviderSetup is defined this config property is not used.
649 ssl-engine-provider = akka.remote.transport.netty.ConfigSSLEngineProvider
652 # This is the Java Key Store used by the server connection
653 key-store = "keystore"
655 # This password is used for decrypting the key store
656 key-store-password = "changeme"
658 # This password is used for decrypting the key
659 key-password = "changeme"
661 # This is the Java Key Store used by the client connection
662 trust-store = "truststore"
664 # This password is used for decrypting the trust store
665 trust-store-password = "changeme"
667 # Protocol to use for SSL encryption, choose from:
668 # TLS 1.2 is available since JDK7, and default since JDK8:
669 # https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls
672 # Example: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"]
673 # You need to install the JCE Unlimited Strength Jurisdiction Policy
674 # Files to use AES 256.
676 # http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJCEProvider
677 enabled-algorithms = ["TLS_RSA_WITH_AES_128_CBC_SHA"]
679 # There are two options, and the default SecureRandom is recommended:
680 # "" or "SecureRandom" => (default)
681 # "SHA1PRNG" => Can be slow because of blocking issues on Linux
683 # Setting a value here may require you to supply the appropriate cipher
684 # suite (see enabled-algorithms section above)
685 random-number-generator = ""
687 # Require mutual authentication between TLS peers
689 # Without mutual authentication only the peer that actively establishes a connection (TLS client side)
690 # checks if the passive side (TLS server side) sends over a trusted certificate. With the flag turned on,
691 # the passive side will also request and verify a certificate from the connecting peer.
693 # To prevent man-in-the-middle attacks this setting is enabled by default.
695 # Note: Nodes that are configured with this setting to 'on' might not be able to receive messages from nodes that
696 # run on older versions of akka-remote. This is because in versions of Akka < 2.4.12 the active side of the remoting
697 # connection will not send over certificates even if asked.
699 # However, starting with Akka 2.4.12, even with this setting "off", the active side (TLS client side)
700 # will use the given key-store to send over a certificate if asked. A rolling upgrade from versions of
701 # Akka < 2.4.12 can therefore work like this:
702 # - upgrade all nodes to an Akka version >= 2.4.12, in the best case the latest version, but keep this setting at "off"
703 # - then switch this flag to "on" and do again a rolling upgrade of all nodes
704 # The first step ensures that all nodes will send over a certificate when asked to. The second
705 # step will ensure that all nodes finally enforce the secure checking of client certificates.
706 require-mutual-authentication = on
710 ### Default configuration for the failure injector transport adapter
713 # Enable debug logging of the failure injector transport adapter
717 ### Default dispatcher for the remoting subsystem
719 default-remote-dispatcher {
721 executor = "fork-join-executor"
724 parallelism-factor = 0.5
730 backoff-remote-dispatcher {
732 executor = "fork-join-executor"
734 # Min number of threads to cap factor-based parallelism number to
748 ### Configuration for Artery, the new implementation of remoting
751 # Enable the new remoting with this flag
754 # Select the underlying transport implementation.
756 # Possible values: aeron-udp, tcp, tls-tcp
758 # The Aeron (UDP) transport is a high performance transport and should be used for systems
759 # that require high throughput and low latency. It is using more CPU than TCP when the
760 # system is idle or at low message rates. There is no encryption for Aeron.
761 # https://github.com/real-logic/aeron
763 # The TCP and TLS transport is implemented using Akka Streams TCP/TLS. This is the choice
764 # when encryption is needed, but it can also be used with plain TCP without TLS. It's also
765 # the obvious choice when UDP can't be used.
766 # It has very good performance (high throughput and low latency) but latency at high throughput
767 # might not be as good as the Aeron transport.
768 # It is using less CPU than Aeron when the system is idle or at low message rates.
769 transport = aeron-udp
771 # Canonical address is the address other clients should connect to.
772 # Artery transport will expect messages to this address.
775 # The default remote server port clients should connect to.
776 # Default is 25520, use 0 if you want a random available port
777 # This port needs to be unique for each actor system on the same machine.
780 # Hostname clients should connect to. Can be set to an ip, hostname
781 # or one of the following special values:
782 # "<getHostAddress>" InetAddress.getLocalHost.getHostAddress
783 # "<getHostName>" InetAddress.getLocalHost.getHostName
785 hostname = "<getHostAddress>"
788 # Use these settings to bind a network interface to a different address
789 # than artery expects messages at. This may be used when running Akka
790 # nodes in a separated networks (under NATs or in containers). If canonical
791 # and bind addresses are different, then network configuration that relays
792 # communications from canonical to bind addresses is expected.
795 # Port to bind a network interface to. Can be set to a port number
796 # of one of the following special values:
797 # 0 random available port
798 # "" akka.remote.artery.canonical.port
802 # Hostname to bind a network interface to. Can be set to an ip, hostname
803 # or one of the following special values:
804 # "0.0.0.0" all interfaces
805 # "" akka.remote.artery.canonical.hostname
806 # "<getHostAddress>" InetAddress.getLocalHost.getHostAddress
807 # "<getHostName>" InetAddress.getLocalHost.getHostName
811 # Time to wait for Aeron/TCP to bind
815 # Periodically log out all Aeron counters. See https://github.com/real-logic/aeron/wiki/Monitoring-and-Debugging#counters
816 # Only used when transport is aeron-udp.
817 log-aeron-counters = false
819 # Actor paths to use the large message stream for when a message
820 # is sent to them over remoting. The large message stream dedicated
821 # is separate from "normal" and system messages so that sending a
822 # large message does not interfere with them.
823 # Entries should be the full path to the actor. Wildcards in the form of "*"
824 # can be supplied at any place and matches any name at that segment -
825 # "/user/supervisor/actor/*" will match any direct child to actor,
826 # while "/supervisor/*/child" will match any grandchild to "supervisor" that
827 # has the name "child"
828 # Entries have to be specified on both the sending and receiving side.
829 # Messages sent to ActorSelections will not be passed through the large message
830 # stream, to pass such messages through the large message stream the selections
831 # but must be resolved to ActorRefs first.
832 large-message-destinations = []
834 # Enable untrusted mode, which discards inbound system messages, PossiblyHarmful and
835 # ActorSelection messages. E.g. remote watch and remote deployment will not work.
836 # ActorSelection messages can be enabled for specific paths with the trusted-selection-paths
839 # When 'untrusted-mode=on' inbound actor selections are by default discarded.
840 # Actors with paths defined in this white list are granted permission to receive actor
841 # selections messages.
842 # E.g. trusted-selection-paths = ["/user/receptionist", "/user/namingService"]
843 trusted-selection-paths = []
845 # If this is "on", all inbound remote messages will be logged at DEBUG level,
846 # if off then they are not logged
847 log-received-messages = off
849 # If this is "on", all outbound remote messages will be logged at DEBUG level,
850 # if off then they are not logged
851 log-sent-messages = off
855 # Maximum serialized message size, including header data.
856 maximum-frame-size = 256 KiB
858 # Direct byte buffers are reused in a pool with this maximum size.
859 # Each buffer has the size of 'maximum-frame-size'.
860 # This is not a hard upper limit on number of created buffers. Additional
861 # buffers will be created if needed, e.g. when using many outbound
862 # associations at the same time. Such additional buffers will be garbage
863 # collected, which is not as efficient as reusing buffers in the pool.
864 buffer-pool-size = 128
866 # Maximum serialized message size for the large messages, including header data.
867 # It is currently restricted to 1/8th the size of a term buffer that can be
868 # configured by setting the 'aeron.term.buffer.length' system property.
869 # See 'large-message-destinations'.
870 maximum-large-frame-size = 2 MiB
872 # Direct byte buffers for the large messages are reused in a pool with this maximum size.
873 # Each buffer has the size of 'maximum-large-frame-size'.
874 # See 'large-message-destinations'.
875 # This is not a hard upper limit on number of created buffers. Additional
876 # buffers will be created if needed, e.g. when using many outbound
877 # associations at the same time. Such additional buffers will be garbage
878 # collected, which is not as efficient as reusing buffers in the pool.
879 large-buffer-pool-size = 32
881 # For enabling testing features, such as blackhole in akka-remote-testkit.
884 # Settings for the materializer that is used for the remote streams.
885 materializer = ${akka.stream.materializer}
887 # If set to a nonempty string artery will use the given dispatcher for
888 # the ordinary and large message streams, otherwise the default dispatcher is used.
889 use-dispatcher = "akka.remote.default-remote-dispatcher"
891 # If set to a nonempty string remoting will use the given dispatcher for
892 # the control stream, otherwise the default dispatcher is used.
893 # It can be good to not use the same dispatcher for the control stream as
894 # the dispatcher for the ordinary message stream so that heartbeat messages
896 use-control-stream-dispatcher = ""
898 # Controls whether to start the Aeron media driver in the same JVM or use external
899 # process. Set to 'off' when using external media driver, and then also set the
901 # Only used when transport is aeron-udp.
902 embedded-media-driver = on
904 # Directory used by the Aeron media driver. It's mandatory to define the 'aeron-dir'
905 # if using external media driver, i.e. when 'embedded-media-driver = off'.
906 # Embedded media driver will use a this directory, or a temporary directory if this
907 # property is not defined (empty).
908 # Only used when transport is aeron-udp.
911 # Whether to delete aeron embedded driver directory upon driver stop.
912 # Only used when transport is aeron-udp.
913 delete-aeron-dir = yes
915 # Level of CPU time used, on a scale between 1 and 10, during backoff/idle.
916 # The tradeoff is that to have low latency more CPU time must be used to be
917 # able to react quickly on incoming messages or send as fast as possible after
918 # backoff backpressure.
919 # Level 1 strongly prefer low CPU consumption over low latency.
920 # Level 10 strongly prefer low latency over low CPU consumption.
921 # Only used when transport is aeron-udp.
924 # Total number of inbound lanes, shared among all inbound associations. A value
925 # greater than 1 means that deserialization can be performed in parallel for
926 # different destination actors. The selection of lane is based on consistent
927 # hashing of the recipient ActorRef to preserve message ordering per receiver.
928 # Lowest latency can be achieved with inbound-lanes=1 because of one less
929 # asynchronous boundary.
932 # Number of outbound lanes for each outbound association. A value greater than 1
933 # means that serialization and other work can be performed in parallel for different
934 # destination actors. The selection of lane is based on consistent hashing of the
935 # recipient ActorRef to preserve message ordering per receiver. Note that messages
936 # for different destination systems (hosts) are handled by different streams also
937 # when outbound-lanes=1. Lowest latency can be achieved with outbound-lanes=1
938 # because of one less asynchronous boundary.
941 # Size of the send queue for outgoing messages. Messages will be dropped if
942 # the queue becomes full. This may happen if you send a burst of many messages
943 # without end-to-end flow control. Note that there is one such queue per
944 # outbound association. The trade-off of using a larger queue size is that
945 # it consumes more memory, since the queue is based on preallocated array with
947 outbound-message-queue-size = 3072
949 # Size of the send queue for outgoing control messages, such as system messages.
950 # If this limit is reached the remote system is declared to be dead and its UID
951 # marked as quarantined. Note that there is one such queue per outbound association.
952 # It is a linked queue so it will not use more memory than needed but by increasing
953 # too much you may risk OutOfMemoryError in the worst case.
954 outbound-control-queue-size = 20000
956 # Size of the send queue for outgoing large messages. Messages will be dropped if
957 # the queue becomes full. This may happen if you send a burst of many messages
958 # without end-to-end flow control. Note that there is one such queue per
959 # outbound association.
960 # It is a linked queue so it will not use more memory than needed but by increasing
961 # too much you may risk OutOfMemoryError, especially since the message payload
962 # of these messages may be large.
963 outbound-large-message-queue-size = 256
965 # This setting defines the maximum number of unacknowledged system messages
966 # allowed for a remote system. If this limit is reached the remote system is
967 # declared to be dead and its UID marked as quarantined.
968 system-message-buffer-size = 20000
970 # unacknowledged system messages are re-delivered with this interval
971 system-message-resend-interval = 1 second
973 # Timeout of establishing outbound connections.
974 # Only used when transport is tcp or tls-tcp.
975 connection-timeout = 5 seconds
977 # The timeout for outbound associations to perform the initial handshake.
978 # This timeout must be greater than the 'image-liveness-timeout' when
979 # transport is aeron-udp.
980 handshake-timeout = 20 seconds
982 # incomplete initial handshake attempt is retried with this interval
983 handshake-retry-interval = 1 second
985 # Handshake requests are performed periodically with this interval,
986 # also after the handshake has been completed to be able to establish
987 # a new session with a restarted destination system.
988 inject-handshake-interval = 1 second
990 # messages that are not accepted by Aeron are dropped after retrying for this period
991 # Only used when transport is aeron-udp.
992 give-up-message-after = 60 seconds
994 # System messages that are not acknowledged after re-sending for this period are
995 # dropped and will trigger quarantine. The value should be longer than the length
996 # of a network partition that you need to survive.
997 give-up-system-message-after = 6 hours
999 # Outbound streams are stopped when they haven't been used for this duration.
1000 # They are started again when new messages are sent.
1001 stop-idle-outbound-after = 5 minutes
1003 # Outbound streams are quarantined when they haven't been used for this duration
1004 # to cleanup resources used by the association, such as compression tables.
1005 # This will cleanup association to crashed systems that didn't announce their
1007 # The value should be longer than the length of a network partition that you
1009 # The value must also be greater than stop-idle-outbound-after.
1010 # Once every 1/10 of this duration an extra handshake message will be sent.
1011 # Therfore it's also recommended to use a value that is greater than 10 times
1012 # the stop-idle-outbound-after, since otherwise the idle streams will not be
1014 quarantine-idle-outbound-after = 6 hours
1016 # Stop outbound stream of a quarantined association after this idle timeout, i.e.
1017 # when not used any more.
1018 stop-quarantined-after-idle = 3 seconds
1020 # After catastrophic communication failures that could result in the loss of system
1021 # messages or after the remote DeathWatch triggers the remote system gets
1022 # quarantined to prevent inconsistent behavior.
1023 # This setting controls how long the quarantined association will be kept around
1024 # before being removed to avoid long-term memory leaks. It must be quarantined
1025 # and also unused for this duration before it's removed. When removed the historical
1026 # information about which UIDs that were quarantined for that hostname:port is
1027 # gone which could result in communication with a previously quarantined node
1028 # if it wakes up again. Therfore this shouldn't be set too low.
1029 remove-quarantined-association-after = 1 h
1031 # during ActorSystem termination the remoting will wait this long for
1032 # an acknowledgment by the destination system that flushing of outstanding
1033 # remote messages has been completed
1034 shutdown-flush-timeout = 1 second
1036 # See 'inbound-max-restarts'
1037 inbound-restart-timeout = 5 seconds
1039 # Max number of restarts within 'inbound-restart-timeout' for the inbound streams.
1040 # If more restarts occurs the ActorSystem will be terminated.
1041 inbound-max-restarts = 5
1043 # Retry outbound connection after this backoff.
1044 # Only used when transport is tcp or tls-tcp.
1045 outbound-restart-backoff = 1 second
1047 # See 'outbound-max-restarts'
1048 outbound-restart-timeout = 5 seconds
1050 # Max number of restarts within 'outbound-restart-timeout' for the outbound streams.
1051 # If more restarts occurs the ActorSystem will be terminated.
1052 outbound-max-restarts = 5
1054 # Timeout after which aeron driver has not had keepalive messages
1055 # from a client before it considers the client dead.
1056 # Only used when transport is aeron-udp.
1057 client-liveness-timeout = 20 seconds
1059 # Timeout for each the INACTIVE and LINGER stages an aeron image
1060 # will be retained for when it is no longer referenced.
1061 # This timeout must be less than the 'handshake-timeout'.
1062 # Only used when transport is aeron-udp.
1063 image-liveness-timeout = 10 seconds
1065 # Timeout after which the aeron driver is considered dead
1066 # if it does not update its C'n'C timestamp.
1067 # Only used when transport is aeron-udp.
1068 driver-timeout = 20 seconds
1071 // FIXME it should be enabled by default when we have a good solution for naming the files
1073 # Controls where the flight recorder file will be written. There are three options:
1074 # 1. Empty: a file will be generated in the temporary directory of the OS
1075 # 2. A relative or absolute path ending with ".afr": this file will be used
1076 # 3. A relative or absolute path: this directory will be used, the file will get a random file name
1080 # compression of common strings in remoting messages, like actor destinations, serializers etc
1084 # Max number of compressed actor-refs
1085 # Note that compression tables are "rolling" (i.e. a new table replaces the old
1086 # compression table once in a while), and this setting is only about the total number
1087 # of compressions within a single such table.
1088 # Must be a positive natural number.
1091 # interval between new table compression advertisements.
1092 # this means the time during which we collect heavy-hitter data and then turn it into a compression table.
1093 advertisement-interval = 1 minute
1096 # Max number of compressed manifests
1097 # Note that compression tables are "rolling" (i.e. a new table replaces the old
1098 # compression table once in a while), and this setting is only about the total number
1099 # of compressions within a single such table.
1100 # Must be a positive natural number.
1103 # interval between new table compression advertisements.
1104 # this means the time during which we collect heavy-hitter data and then turn it into a compression table.
1105 advertisement-interval = 1 minute
1109 # List of fully qualified class names of remote instruments which should
1110 # be initialized and used for monitoring of remote messages.
1111 # The class must extend akka.remote.artery.RemoteInstrument and
1112 # have a public constructor with empty parameters or one ExtendedActorSystem
1114 # A new instance of RemoteInstrument will be created for each encoder and decoder.
1115 # It's only called from the stage, so if it dosn't delegate to any shared instance
1116 # it doesn't have to be thread-safe.
1117 # Refer to `akka.remote.artery.RemoteInstrument` for more information.
1118 instruments = ${?akka.remote.artery.advanced.instruments} []
1122 # SSL configuration that is used when transport=tls-tcp.
1124 # Factory of SSLEngine.
1125 # Must implement akka.remote.artery.tcp.SSLEngineProvider and have a public
1126 # constructor with an ActorSystem parameter.
1127 # The default ConfigSSLEngineProvider is configured by properties in section
1128 # akka.remote.artery.ssl.config-ssl-engine
1129 ssl-engine-provider = akka.remote.artery.tcp.ConfigSSLEngineProvider
1131 # Config of akka.remote.artery.tcp.ConfigSSLEngineProvider
1134 # This is the Java Key Store used by the server connection
1135 key-store = "keystore"
1137 # This password is used for decrypting the key store
1138 # Use substitution from environment variables for passwords. Don't define
1139 # real passwords in config files. key-store-password=${SSL_KEY_STORE_PASSWORD}
1140 key-store-password = "changeme"
1142 # This password is used for decrypting the key
1143 # Use substitution from environment variables for passwords. Don't define
1144 # real passwords in config files. key-password=${SSL_KEY_PASSWORD}
1145 key-password = "changeme"
1147 # This is the Java Key Store used by the client connection
1148 trust-store = "truststore"
1150 # This password is used for decrypting the trust store
1151 # Use substitution from environment variables for passwords. Don't define
1152 # real passwords in config files. trust-store-password=${SSL_TRUST_STORE_PASSWORD}
1153 trust-store-password = "changeme"
1155 # Protocol to use for SSL encryption, choose from:
1156 # TLS 1.2 is available since JDK7, and default since JDK8:
1157 # https://blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls
1158 protocol = "TLSv1.2"
1160 # Example: ["TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"]
1161 # You need to install the JCE Unlimited Strength Jurisdiction Policy
1162 # Files to use AES 256.
1164 # http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunJCEProvider
1165 enabled-algorithms = ["TLS_RSA_WITH_AES_128_CBC_SHA"]
1167 # There are two options, and the default SecureRandom is recommended:
1168 # "" or "SecureRandom" => (default)
1169 # "SHA1PRNG" => Can be slow because of blocking issues on Linux
1171 # Setting a value here may require you to supply the appropriate cipher
1172 # suite (see enabled-algorithms section above)
1173 random-number-generator = ""
1175 # Require mutual authentication between TLS peers
1177 # Without mutual authentication only the peer that actively establishes a connection (TLS client side)
1178 # checks if the passive side (TLS server side) sends over a trusted certificate. With the flag turned on,
1179 # the passive side will also request and verify a certificate from the connecting peer.
1181 # To prevent man-in-the-middle attacks this setting is enabled by default.
1182 require-mutual-authentication = on
1184 # Set this to `on` to verify hostnames with sun.security.util.HostnameChecker
1185 hostname-verification = off