diff --git a/conf/broker.conf b/conf/broker.conf
index 3c1853adc521d..71f14a2094bbb 100644
--- a/conf/broker.conf
+++ b/conf/broker.conf
@@ -46,6 +46,9 @@ advertisedAddress=
 # Number of threads to use for Netty IO. Default is set to 2 * Runtime.getRuntime().availableProcessors()
 numIOThreads=
 
+# Flag to control features that are meant to be used when running in standalone mode
+isRunningStandalone=
+
 # Name of the cluster to which this broker belongs to
 clusterName=
 
@@ -165,6 +168,14 @@ dispatchThrottlingRatePerTopicInMsg=0
 # default message-byte dispatch-throttling
 dispatchThrottlingRatePerTopicInByte=0
 
+# Default number of message dispatching throttling-limit for a subscription.
+# Using a value of 0, is disabling default message dispatch-throttling.
+dispatchThrottlingRatePerSubscriptionInMsg=0
+
+# Default number of message-bytes dispatching throttling-limit for a subscription.
+# Using a value of 0, is disabling default message-byte dispatch-throttling.
+dispatchThrottlingRatePerSubscribeInByte=0
+
 # By default we enable dispatch-throttling for both caught up consumers as well as consumers who have
 # backlog.
 dispatchThrottlingOnNonBacklogConsumerEnabled=true
@@ -241,6 +252,16 @@ tlsTrustCertsFilePath=
 # though the cert will not be used for client authentication.
 tlsAllowInsecureConnection=false
 
+# Specify the tls protocols the broker will use to negotiate during TLS handshake
+# (a comma-separated list of protocol names).
+# Examples:- [TLSv1.2, TLSv1.1, TLSv1]
+tlsProtocols=
+
+# Specify the tls cipher the broker will use to negotiate during TLS Handshake
+# (a comma-separated list of ciphers).
+# Examples:- [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
+tlsCiphers=
+
 # Trusted client certificates are required for to connect TLS
 # Reject the Connection if the Client Certificate is not trusted.
 # In effect, this requires that all connecting clients perform TLS client
@@ -504,6 +525,9 @@ keepAliveIntervalSeconds=30
 # How often broker checks for inactive topics to be deleted (topics with no subscriptions and no one connected)
 brokerServicePurgeInactiveFrequencyInSeconds=60
 
+# bootstrap namespaces
+bootstrapNamespaces=
+
 ### --- WebSocket --- ###
 
 # Enable the WebSocket API service in broker
@@ -524,7 +548,7 @@ webSocketSessionIdleTimeoutMillis=300000
 exposeTopicLevelMetricsInPrometheus=true
 
 # Enable consumer level metrics. default is false
-# exposeConsumerLevelMetricsInPrometheus=false
+exposeConsumerLevelMetricsInPrometheus=false
 
 ### --- Functions --- ###
 
@@ -535,6 +559,8 @@ functionsWorkerEnabled=false
 
 # Enable topic level metrics
 exposePublisherStats=true
+statsUpdateFrequencyInSecs=60
+statsUpdateInitialDelayInSecs=60
 
 ### --- Schema storage --- ###
 # The schema storage implementation used by this broker
diff --git a/conf/proxy.conf b/conf/proxy.conf
index ffa6c45fadaa6..2d17aa533162c 100644
--- a/conf/proxy.conf
+++ b/conf/proxy.conf
@@ -17,6 +17,8 @@
 # under the License.
 #
 
+### --- Broker Discovery --- ###
+
 # The ZooKeeper quorum connection string (as a comma-separated list)
 zookeeperServers=
 
@@ -39,6 +41,8 @@ functionWorkerWebServiceURLTLS=
 # ZooKeeper session timeout (in milliseconds)
 zookeeperSessionTimeoutMs=30000
 
+### --- Server --- ###
+
 # The port to use for server binary Protobuf requests
 servicePort=6650
 
@@ -55,6 +59,22 @@ webServicePortTls=8443
 # to service discovery health checks
 statusFilePath=
 
+### ---Authorization --- ###
+
+# Role names that are treated as "super-users," meaning that they will be able to perform all admin
+# operations and publish/consume to/from all topics (as a comma-separated list)
+superUserRoles=
+
+# Whether authorization is enforced by the Pulsar proxy
+authorizationEnabled=false
+
+# Authorization provider as a fully qualified class name
+authorizationProvider=org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider
+
+# Whether client authorization credentials are forwared to the broker for re-authorization.
+# Authentication must be enabled via authenticationEnabled=true for this to take effect.
+forwardAuthorizationCredentials=false
+
 ### --- Authentication --- ###
 
 # Whether authentication is enabled for the Pulsar proxy
@@ -63,11 +83,7 @@ authenticationEnabled=false
 # Authentication provider name list (a comma-separated list of class names)
 authenticationProviders=
 
-# Whether authorization is enforced by the Pulsar proxy
-authorizationEnabled=false
-
-# Authorization provider as a fully qualified class name
-authorizationProvider=org.apache.pulsar.broker.authorization.PulsarAuthorizationProvider
+### --- Client Authentication --- ###
 
 # The three brokerClient* authentication settings below are for the proxy itself and determine how it
 # authenticates with Pulsar brokers
@@ -81,15 +97,11 @@ brokerClientAuthenticationParameters=
 # The path to trusted certificates used by the Pulsar proxy to authenticate with Pulsar brokers
 brokerClientTrustCertsFilePath=
 
-# Role names that are treated as "super-users," meaning that they will be able to perform all admin
-# operations and publish/consume to/from all topics (as a comma-separated list)
-superUserRoles=
+# Whether TLS is enabled when communicating with Pulsar brokers
+tlsEnabledWithBroker=false
 
-# Whether client authorization credentials are forwared to the broker for re-authorization.
-# Authentication must be enabled via authenticationEnabled=true for this to take effect.
-forwardAuthorizationCredentials=false
+##### --- Rate Limiting --- #####
 
-# --- RateLimiting ----
 # Max concurrent inbound connections. The proxy will reject requests beyond that.
 maxConcurrentInboundConnections=10000
 
@@ -101,9 +113,6 @@ maxConcurrentLookupRequests=50000
 # Whether TLS is enabled for the proxy
 tlsEnabledInProxy=false
 
-# Whether TLS is enabled when communicating with Pulsar brokers
-tlsEnabledWithBroker=false
-
 # Path for the TLS certificate file
 tlsCertificateFilePath=
 
@@ -125,10 +134,32 @@ tlsAllowInsecureConnection=false
 # Whether the hostname is validated when the proxy creates a TLS connection with brokers
 tlsHostnameVerificationEnabled=false
 
+# Specify the tls protocols the broker will use to negotiate during TLS handshake
+# (a comma-separated list of protocol names).
+# Examples:- [TLSv1.2, TLSv1.1, TLSv1]
+tlsProtocols=
+
+# Specify the tls cipher the broker will use to negotiate during TLS Handshake
+# (a comma-separated list of ciphers).
+# Examples:- [TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
+tlsCiphers=
+
 # Whether client certificates are required for TLS. Connections are rejected if the client
 # certificate isn't trusted.
 tlsRequireTrustedClientCertOnConnect=false
 
+##### --- HTTP --- #####
+
+# Http directs to redirect to non-pulsar services.
+httpReverseProxyConfigs=
+
+# Http output buffer size. The amount of data that will be buffered for http requests
+# before it is flushed to the channel. A larger buffer size may result in higher http throughput
+# though it may take longer for the client to see data.
+# If using HTTP streaming via the reverse proxy, this should be set to the minimum value, 1,
+# so that clients see the data as soon as possible.
+httpOutputBufferSize=32768
+
 ### --- Token Authentication Provider --- ###
 
 ## Symmetric key
@@ -151,9 +182,4 @@ tokenPublicKey=
 # Deprecated. Use configurationStoreServers
 globalZookeeperServers=
 
-# Http output buffer size. The amount of data that will be buffered for http requests
-# before it is flushed to the channel. A larger buffer size may result in higher http throughput
-# though it may take longer for the client to see data.
-# If using HTTP streaming via the reverse proxy, this should be set to the minimum value, 1,
-# so that clients see the data as soon as possible.
-httpOutputBufferSize=32768
+
diff --git a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java
index 34882bd16c2be..bb8822f3be64b 100644
--- a/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java
+++ b/pulsar-broker-common/src/main/java/org/apache/pulsar/broker/ServiceConfiguration.java
@@ -178,11 +178,11 @@ public class ServiceConfiguration implements PulsarConfiguration {
     @FieldContext(dynamic = true)
     private long dispatchThrottlingRatePerTopicInByte = 0;
     // Default number of message dispatching throttling-limit for a subscription.
-    // Using a value of 0, is disabling.
+    // Using a value of 0, is disabling default message dispatch-throttling.
     @FieldContext(dynamic = true)
     private int dispatchThrottlingRatePerSubscriptionInMsg = 0;
     // Default number of message-bytes dispatching throttling-limit for a subscription.
-    // Using a value of 0, is disabling.
+    // Using a value of 0, is disabling default message-byte dispatch-throttling.
     @FieldContext(dynamic = true)
     private long dispatchThrottlingRatePerSubscribeInByte = 0;
     // Default dispatch-throttling is disabled for consumers which already caught-up with published messages and