mirror of
https://github.com/vimagick/dockerfiles.git
synced 2024-12-25 02:04:06 +02:00
update mosquitto tls
This commit is contained in:
parent
10494ffc63
commit
f84e0f0f5b
@ -5,7 +5,7 @@
|
||||
FROM alpine
|
||||
MAINTAINER kev <noreply@easypi.pro>
|
||||
|
||||
RUN apk add --no-cache mosquitto
|
||||
RUN apk add --no-cache ca-certificates mosquitto
|
||||
|
||||
VOLUME /etc/mosquitto
|
||||
EXPOSE 1883 8883
|
||||
|
@ -24,27 +24,33 @@ mosquitto:
|
||||
|
||||
## mosquitto.conf
|
||||
|
||||
```
|
||||
port 8883
|
||||
```ini
|
||||
port 1883
|
||||
log_dest stdout
|
||||
allow_anonymous false
|
||||
password_file /etc/mosquitto/pwfile
|
||||
persistence true
|
||||
persistence_location /var/lib/mosquitto
|
||||
cafile /var/lib/mosquitto/ca.crt
|
||||
certfile /var/lib/mosquitto/server.crt
|
||||
keyfile /var/lib/mosquitto/server.key
|
||||
|
||||
###### ENABLE TLS ######
|
||||
listener 8883
|
||||
protocol mqtt
|
||||
capath /etc/ssl/certs
|
||||
certfile /var/lib/mosquitto/fullchain.pem
|
||||
keyfile /var/lib/mosquitto/privkey.pem
|
||||
require_certificate false
|
||||
```
|
||||
|
||||
- `pwfile` is managed by [mosquitto_passwd][3].
|
||||
- TLS keys are generated by [openssl][2].
|
||||
- Two methods to support TLS:
|
||||
- You can get free TLS certificates from letsencrypt, `capath` is needed.
|
||||
- Self-signed TLS keys can be generated by [openssl][2], `cafile` is needed.
|
||||
|
||||
> It is important to use different certificate subject parameters for your CA,
|
||||
> server and clients.
|
||||
> It is important to use different certificate subject parameters for your self-signed CA, server and clients.
|
||||
|
||||
## server
|
||||
|
||||
```
|
||||
```bash
|
||||
$ mkdir -p data
|
||||
$ touch data/mosquitto.conf data/pwfile
|
||||
$ docker-compose up -d
|
||||
|
@ -5,7 +5,7 @@
|
||||
FROM easypi/alpine-arm
|
||||
MAINTAINER EasyPi Software Foundation
|
||||
|
||||
RUN apk add --no-cache mosquitto
|
||||
RUN apk add --no-cache ca-certificates mosquitto
|
||||
|
||||
VOLUME /etc/mosquitto
|
||||
EXPOSE 1883 8883
|
||||
|
@ -12,7 +12,7 @@ persistence_location /var/lib/mosquitto
|
||||
###### ENABLE WS ######
|
||||
#listener 8080
|
||||
#protocol websockets
|
||||
#cafile /var/lib/mosquitto/DST_Root_CA_X3.pem
|
||||
#capath /etc/ssl/certs
|
||||
#certfile /var/lib/mosquitto/fullchain.pem
|
||||
#keyfile /var/lib/mosquitto/privkey.pem
|
||||
#require_certificate false
|
||||
@ -20,7 +20,7 @@ persistence_location /var/lib/mosquitto
|
||||
###### ENABLE TLS ######
|
||||
#listener 8883
|
||||
#protocol mqtt
|
||||
#cafile /var/lib/mosquitto/DST_Root_CA_X3.pem
|
||||
#capath /etc/ssl/certs
|
||||
#certfile /var/lib/mosquitto/fullchain.pem
|
||||
#keyfile /var/lib/mosquitto/privkey.pem
|
||||
#require_certificate false
|
||||
|
@ -12,7 +12,7 @@ persistence_location /var/lib/mosquitto
|
||||
###### ENABLE WS ######
|
||||
#listener 8080
|
||||
#protocol websockets
|
||||
#cafile /var/lib/mosquitto/DST_Root_CA_X3.pem
|
||||
#capath /etc/ssl/certs
|
||||
#certfile /var/lib/mosquitto/fullchain.pem
|
||||
#keyfile /var/lib/mosquitto/privkey.pem
|
||||
#require_certificate false
|
||||
@ -20,7 +20,7 @@ persistence_location /var/lib/mosquitto
|
||||
###### ENABLE TLS ######
|
||||
#listener 8883
|
||||
#protocol mqtt
|
||||
#cafile /var/lib/mosquitto/DST_Root_CA_X3.pem
|
||||
#capath /etc/ssl/certs
|
||||
#certfile /var/lib/mosquitto/fullchain.pem
|
||||
#keyfile /var/lib/mosquitto/privkey.pem
|
||||
#require_certificate false
|
||||
|
@ -2,48 +2,36 @@
|
||||
# Dockerfile for netdata-arm
|
||||
#
|
||||
|
||||
FROM resin/rpi-raspbian:jessie
|
||||
FROM easypi/alpine-arm
|
||||
MAINTAINER EasyPi Software Foundation
|
||||
|
||||
ENV NETDATA_VER 1.6.0
|
||||
ENV NETDATA_URL https://github.com/firehol/netdata/releases/download/v${NETDATA_VER}/netdata-${NETDATA_VER}.tar.gz
|
||||
ENV NETDATA_DEB netdata_${NETDATA_VER}_armhf.deb
|
||||
|
||||
WORKDIR /usr/src
|
||||
ENV NETDATA_VERSION 1.6.0
|
||||
|
||||
RUN set -xe \
|
||||
&& apt-get update \
|
||||
&& apt-get -y install autoconf \
|
||||
autoconf-archive \
|
||||
autogen \
|
||||
&& apk add --no-cache autoconf \
|
||||
automake \
|
||||
build-essential \
|
||||
bash \
|
||||
build-base \
|
||||
curl \
|
||||
debhelper \
|
||||
dh-autoreconf \
|
||||
dh-systemd \
|
||||
fakeroot \
|
||||
libmnl \
|
||||
libmnl-dev \
|
||||
pkg-config \
|
||||
uuid-dev \
|
||||
zlib1g-dev \
|
||||
&& curl -sSL ${NETDATA_URL} | tar xz \
|
||||
&& cd netdata-${NETDATA_VER} \
|
||||
&& ln -s contrib/debian \
|
||||
&& dpkg-buildpackage -us -uc -rfakeroot \
|
||||
libuuid \
|
||||
util-linux-dev \
|
||||
zlib-dev \
|
||||
&& addgroup -g 1000 netdata \
|
||||
&& adduser -D -H -u 1000 -G netdata netdata \
|
||||
&& curl -sSL https://github.com/firehol/netdata/releases/download/v$NETDATA_VERSION/netdata-$NETDATA_VERSION.tar.gz | tar xz \
|
||||
&& cd netdata-$NETDATA_VERSION \
|
||||
&& ./netdata-installer.sh --dont-wait \
|
||||
&& cd .. \
|
||||
&& dpkg -i ${NETDATA_DEB} \
|
||||
&& apt-get remove -y autoconf \
|
||||
autoconf-archive \
|
||||
autogen \
|
||||
automake \
|
||||
build-essential \
|
||||
curl \
|
||||
debhelper \
|
||||
dh-autoreconf \
|
||||
dh-systemd \
|
||||
pkg-config \
|
||||
&& rm -rf netdata-${NETDATA_VER} /var/lib/apt/lists/*
|
||||
&& rm -rf netdata-$NETDATA_VERSION \
|
||||
&& apk del autoconf \
|
||||
automake \
|
||||
build-base \
|
||||
curl \
|
||||
libmnl-dev \
|
||||
util-linux-dev \
|
||||
zlib-dev
|
||||
|
||||
VOLUME /etc/netdata
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user