diff --git a/mosquitto/Dockerfile b/mosquitto/Dockerfile index 2706d58..3ca009d 100644 --- a/mosquitto/Dockerfile +++ b/mosquitto/Dockerfile @@ -8,7 +8,7 @@ MAINTAINER kev RUN apk add --no-cache mosquitto VOLUME /etc/mosquitto -EXPOSE 1883 +EXPOSE 1883 8883 ENTRYPOINT ["mosquitto"] -CMD ["-c", "/etc/mosquitto/mosquitto.conf", "-p", "1883"] +CMD ["-c", "/etc/mosquitto/mosquitto.conf"] diff --git a/mosquitto/README.md b/mosquitto/README.md index a006628..b70af29 100644 --- a/mosquitto/README.md +++ b/mosquitto/README.md @@ -4,24 +4,83 @@ mosquitto ![](https://badge.imagelayers.io/vimagick/mosquitto:latest.svg) [Mosquitto][1] is an open source (BSD licensed) message broker that implements -the MQ Telemetry Transport protocol versions 3.1 and 3.1.1. MQTT provides a -lightweight method of carrying out messaging using a publish/subscribe model. -This makes it suitable for "machine to machine" messaging such as with low -power sensors or mobile devices such as phones, embedded computers or -microcontrollers like the Arduino. A good example of this is all of the work -that Andy Stanford-Clark (one of the originators of MQTT) has done in home -monitoring and automation with his twittering house and twittering ferry. Andy -gave a talk on this at OggCamp that explains a bit about MQTT and how he uses -it. The slides and audio are available online at slideshare. +the MQ Telemetry Transport protocol versions 3.1 and 3.1.1. ## docker-compose.yml -``` +```yaml mosquitto: image: vimagick/mosquitto ports: - "1883:1883" + - "8883:8883" + volumes: + - ./mosquitto.conf:/etc/mosquitto/mosquitto.conf + - ./data:/var/lib/mosquitto restart: always ``` +## mosquitto.conf + +``` +port 8883 +log_dest stdout +password_file /var/lib/mosquitto/passwd +persistence true +persistence_location /var/lib/mosquitto +cafile /var/lib/mosquitto/ca.crt +certfile /var/lib/mosquitto/server.crt +keyfile /var/lib/mosquitto/server.key +require_certificate false +``` + +- `passwd` is managed by [mosquitto_passwd][3]. +- TLS keys are generated by [openssl][2]. + +> It is important to use different certificate subject parameters for your CA, +> server and clients. + +## server + +``` +$ docker-compose up -d +$ docker-compose logs -f +Attaching to mosquitto_mosquitto_1 +mosquitto_1 | 1478107412: mosquitto version 1.4.8 (build date 2016-05-16 14:17:19+0000) starting +mosquitto_1 | 1478107412: Config loaded from /etc/mosquitto/mosquitto.conf. +mosquitto_1 | 1478107412: Opening ipv4 listen socket on port 8883. +mosquitto_1 | 1478107412: Opening ipv6 listen socket on port 8883. +mosquitto_1 | 1478107437: New connection from 192.168.31.102 on port 8883. +mosquitto_1 | 1478107437: New client connected from 192.168.31.102 as mosqsub/38158-Kevins-Ma (c1, k60). +mosquitto_1 | 1478107585: New client connected from 192.168.31.102 as mosqpub/38324-Kevins-Ma (c1, k60). +mosquitto_1 | 1478107585: Client mosqpub/38324-Kevins-Ma disconnected. +``` + +## client + +```bash +$ mosquitto_sub -d -h 192.168.31.231 -p 8883 --cafile ca.crt --insecure -t hello +Client mosqsub/38158-Kevins-Ma sending CONNECT +Client mosqsub/38158-Kevins-Ma received CONNACK +Client mosqsub/38158-Kevins-Ma sending SUBSCRIBE (Mid: 1, Topic: hello, QoS: 0) +Client mosqsub/38158-Kevins-Ma received SUBACK +Subscribed (mid: 1): 0 +Client mosqsub/38158-Kevins-Ma sending PINGREQ +Client mosqsub/38158-Kevins-Ma received PINGRESP +received PUBLISH (d0, q0, r0, m0, 'hello', ... (5 bytes)) +world +Client mosqsub/38158-Kevins-Ma sending PINGREQ +Client mosqsub/38158-Kevins-Ma received PINGRESP +``` + +```bash +$ mosquitto_pub -d -h 192.168.31.231 -p 8883 --cafile ca.crt --insecure -t hello -m world +Client mosqpub/38324-Kevins-Ma sending CONNECT +Client mosqpub/38324-Kevins-Ma received CONNACK +Client mosqpub/38324-Kevins-Ma sending PUBLISH (d0, q0, r0, m1, 'hello', ... (5 bytes)) +Client mosqpub/38324-Kevins-Ma sending DISCONNECT +``` + [1]: http://mosquitto.org/ +[2]: https://mosquitto.org/man/mosquitto-tls-7.html +[3]: https://mosquitto.org/man/mosquitto_passwd-1.html diff --git a/mosquitto/arm/Dockerfile b/mosquitto/arm/Dockerfile index 3d0078d..153a334 100644 --- a/mosquitto/arm/Dockerfile +++ b/mosquitto/arm/Dockerfile @@ -8,7 +8,7 @@ MAINTAINER EasyPi Software Foundation RUN apk add --no-cache mosquitto VOLUME /etc/mosquitto -EXPOSE 1883 +EXPOSE 1883 8883 ENTRYPOINT ["mosquitto"] -CMD ["-c", "/etc/mosquitto/mosquitto.conf", "-p", "1883"] +CMD ["-c", "/etc/mosquitto/mosquitto.conf"] diff --git a/mosquitto/data/ca.crt b/mosquitto/data/ca.crt new file mode 100644 index 0000000..e69de29 diff --git a/mosquitto/data/passwd b/mosquitto/data/passwd new file mode 100644 index 0000000..e69de29 diff --git a/mosquitto/data/server.crt b/mosquitto/data/server.crt new file mode 100644 index 0000000..e69de29 diff --git a/mosquitto/data/server.key b/mosquitto/data/server.key new file mode 100644 index 0000000..e69de29 diff --git a/mosquitto/docker-compose.yml b/mosquitto/docker-compose.yml index ba00d43..979ddec 100644 --- a/mosquitto/docker-compose.yml +++ b/mosquitto/docker-compose.yml @@ -2,4 +2,8 @@ mosquitto: image: vimagick/mosquitto ports: - "1883:1883" + - "8883:8883" + volumes: + - ./mosquitto.conf:/etc/mosquitto/mosquitto.conf + - ./data:/var/lib/mosquitto restart: always diff --git a/mosquitto/mosquitto.conf b/mosquitto/mosquitto.conf new file mode 100644 index 0000000..c6ce2fd --- /dev/null +++ b/mosquitto/mosquitto.conf @@ -0,0 +1,9 @@ +port 8883 +log_dest stdout +password_file /var/lib/mosquitto/passwd +persistence true +persistence_location /var/lib/mosquitto +cafile /var/lib/mosquitto/ca.crt +certfile /var/lib/mosquitto/server.crt +keyfile /var/lib/mosquitto/server.key +require_certificate false