mosquitto ========= ![](https://badge.imagelayers.io/vimagick/mosquitto:latest.svg) [Mosquitto][1] is an open source (BSD licensed) message broker that implements the MQTT protocol versions 3.1 and 3.1.1. ## docker-compose.yml ```yaml version: "3.8" services: mosquitto: image: vimagick/mosquitto ports: - "1883:1883" volumes: - ./data/etc:/etc/mosquitto - ./data/var:/var/lib/mosquitto restart: unless-stopped ``` ## mosquitto.conf ```ini listener 1883 log_dest stdout allow_anonymous false password_file /etc/mosquitto/pwfile persistence true persistence_location /var/lib/mosquitto persistence_file mosquitto.db #plugin /usr/lib/mosquitto_dynamic_security.so #plugin_opt_config_file /etc/mosquitto/dynamic-security.json ###### ENABLE TLS ###### listener 8883 protocol mqtt capath /etc/ssl/certs certfile /var/lib/mosquitto/fullchain.pem keyfile /var/lib/mosquitto/privkey.pem require_certificate false ``` - `pwfile` is managed by [mosquitto_passwd][3]. - Two methods to support TLS: - You can get free TLS certificates from letsencrypt, `capath` is needed. - Self-signed TLS keys can be generated by [openssl][2], `cafile` is needed. > It is important to use different certificate subject parameters for your self-signed CA, server and clients. ## server ```bash $ mkdir -p data/{etc,var} $ chmod -R 777 data $ touch data/etc/mosquitto.conf data/etc/pwfile $ vi data/etc/mosquitto.conf $ docker-compose up -d $ docker-compose exec mosquitto sh >>> cd /etc/mosquitto >>> mosquitto_passwd -b pwfile username password >>> cat pwfile username:$6$IuF7JUzS1k/QoF3y$YpiClom7/== >>> exit $ docker-compose restart $ docker-compose logs -f Attaching to mosquitto_mosquitto_1 mosquitto_1 | 1478107412: mosquitto version 1.4.8 (build date 2016-05-16 14:17:19+0000) starting mosquitto_1 | 1478107412: Config loaded from /etc/mosquitto/mosquitto.conf. mosquitto_1 | 1478107412: Opening ipv4 listen socket on port 8883. mosquitto_1 | 1478107412: Opening ipv6 listen socket on port 8883. mosquitto_1 | 1478107437: New connection from 192.168.31.102 on port 8883. mosquitto_1 | 1478107437: New client connected from 192.168.31.102 as mosqsub/38158-Kevins-Ma (c1, k60). mosquitto_1 | 1478107585: New client connected from 192.168.31.102 as mosqpub/38324-Kevins-Ma (c1, k60). mosquitto_1 | 1478107585: Client mosqpub/38324-Kevins-Ma disconnected. ``` ## client ```bash $ mosquitto_sub -d -h 192.168.31.231 -p 8883 --cafile ca.crt --insecure -u username -P password -t hello Client mosqsub/38158-Kevins-Ma sending CONNECT Client mosqsub/38158-Kevins-Ma received CONNACK Client mosqsub/38158-Kevins-Ma sending SUBSCRIBE (Mid: 1, Topic: hello, QoS: 0) Client mosqsub/38158-Kevins-Ma received SUBACK Subscribed (mid: 1): 0 Client mosqsub/38158-Kevins-Ma sending PINGREQ Client mosqsub/38158-Kevins-Ma received PINGRESP received PUBLISH (d0, q0, r0, m0, 'hello', ... (5 bytes)) world Client mosqsub/38158-Kevins-Ma sending PINGREQ Client mosqsub/38158-Kevins-Ma received PINGRESP ``` ```bash $ mosquitto_pub -d -h 192.168.31.231 -p 8883 --cafile ca.crt --insecure -u username -P password -t hello -m world Client mosqpub/38324-Kevins-Ma sending CONNECT Client mosqpub/38324-Kevins-Ma received CONNACK Client mosqpub/38324-Kevins-Ma sending PUBLISH (d0, q0, r0, m1, 'hello', ... (5 bytes)) Client mosqpub/38324-Kevins-Ma sending DISCONNECT ``` [1]: http://mosquitto.org/ [2]: https://mosquitto.org/man/mosquitto-tls-7.html [3]: https://mosquitto.org/man/mosquitto_passwd-1.html