1
0
mirror of https://github.com/vimagick/dockerfiles.git synced 2024-12-25 02:04:06 +02:00

update mosquitto tls

This commit is contained in:
kev 2017-05-22 14:48:55 +08:00
parent 10494ffc63
commit f84e0f0f5b
6 changed files with 43 additions and 49 deletions

View File

@ -5,7 +5,7 @@
FROM alpine
MAINTAINER kev <noreply@easypi.pro>
RUN apk add --no-cache mosquitto
RUN apk add --no-cache ca-certificates mosquitto
VOLUME /etc/mosquitto
EXPOSE 1883 8883

View File

@ -24,27 +24,33 @@ mosquitto:
## mosquitto.conf
```
port 8883
```ini
port 1883
log_dest stdout
allow_anonymous false
password_file /etc/mosquitto/pwfile
persistence true
persistence_location /var/lib/mosquitto
cafile /var/lib/mosquitto/ca.crt
certfile /var/lib/mosquitto/server.crt
keyfile /var/lib/mosquitto/server.key
###### ENABLE TLS ######
listener 8883
protocol mqtt
capath /etc/ssl/certs
certfile /var/lib/mosquitto/fullchain.pem
keyfile /var/lib/mosquitto/privkey.pem
require_certificate false
```
- `pwfile` is managed by [mosquitto_passwd][3].
- TLS keys are generated by [openssl][2].
- Two methods to support TLS:
- You can get free TLS certificates from letsencrypt, `capath` is needed.
- Self-signed TLS keys can be generated by [openssl][2], `cafile` is needed.
> It is important to use different certificate subject parameters for your CA,
> server and clients.
> It is important to use different certificate subject parameters for your self-signed CA, server and clients.
## server
```
```bash
$ mkdir -p data
$ touch data/mosquitto.conf data/pwfile
$ docker-compose up -d

View File

@ -5,7 +5,7 @@
FROM easypi/alpine-arm
MAINTAINER EasyPi Software Foundation
RUN apk add --no-cache mosquitto
RUN apk add --no-cache ca-certificates mosquitto
VOLUME /etc/mosquitto
EXPOSE 1883 8883

View File

@ -12,7 +12,7 @@ persistence_location /var/lib/mosquitto
###### ENABLE WS ######
#listener 8080
#protocol websockets
#cafile /var/lib/mosquitto/DST_Root_CA_X3.pem
#capath /etc/ssl/certs
#certfile /var/lib/mosquitto/fullchain.pem
#keyfile /var/lib/mosquitto/privkey.pem
#require_certificate false
@ -20,7 +20,7 @@ persistence_location /var/lib/mosquitto
###### ENABLE TLS ######
#listener 8883
#protocol mqtt
#cafile /var/lib/mosquitto/DST_Root_CA_X3.pem
#capath /etc/ssl/certs
#certfile /var/lib/mosquitto/fullchain.pem
#keyfile /var/lib/mosquitto/privkey.pem
#require_certificate false

View File

@ -12,7 +12,7 @@ persistence_location /var/lib/mosquitto
###### ENABLE WS ######
#listener 8080
#protocol websockets
#cafile /var/lib/mosquitto/DST_Root_CA_X3.pem
#capath /etc/ssl/certs
#certfile /var/lib/mosquitto/fullchain.pem
#keyfile /var/lib/mosquitto/privkey.pem
#require_certificate false
@ -20,7 +20,7 @@ persistence_location /var/lib/mosquitto
###### ENABLE TLS ######
#listener 8883
#protocol mqtt
#cafile /var/lib/mosquitto/DST_Root_CA_X3.pem
#capath /etc/ssl/certs
#certfile /var/lib/mosquitto/fullchain.pem
#keyfile /var/lib/mosquitto/privkey.pem
#require_certificate false

View File

@ -2,48 +2,36 @@
# Dockerfile for netdata-arm
#
FROM resin/rpi-raspbian:jessie
FROM easypi/alpine-arm
MAINTAINER EasyPi Software Foundation
ENV NETDATA_VER 1.6.0
ENV NETDATA_URL https://github.com/firehol/netdata/releases/download/v${NETDATA_VER}/netdata-${NETDATA_VER}.tar.gz
ENV NETDATA_DEB netdata_${NETDATA_VER}_armhf.deb
WORKDIR /usr/src
ENV NETDATA_VERSION 1.6.0
RUN set -xe \
&& apt-get update \
&& apt-get -y install autoconf \
autoconf-archive \
autogen \
&& apk add --no-cache autoconf \
automake \
build-essential \
bash \
build-base \
curl \
debhelper \
dh-autoreconf \
dh-systemd \
fakeroot \
libmnl \
libmnl-dev \
pkg-config \
uuid-dev \
zlib1g-dev \
&& curl -sSL ${NETDATA_URL} | tar xz \
&& cd netdata-${NETDATA_VER} \
&& ln -s contrib/debian \
&& dpkg-buildpackage -us -uc -rfakeroot \
libuuid \
util-linux-dev \
zlib-dev \
&& addgroup -g 1000 netdata \
&& adduser -D -H -u 1000 -G netdata netdata \
&& curl -sSL https://github.com/firehol/netdata/releases/download/v$NETDATA_VERSION/netdata-$NETDATA_VERSION.tar.gz | tar xz \
&& cd netdata-$NETDATA_VERSION \
&& ./netdata-installer.sh --dont-wait \
&& cd .. \
&& dpkg -i ${NETDATA_DEB} \
&& apt-get remove -y autoconf \
autoconf-archive \
autogen \
automake \
build-essential \
curl \
debhelper \
dh-autoreconf \
dh-systemd \
pkg-config \
&& rm -rf netdata-${NETDATA_VER} /var/lib/apt/lists/*
&& rm -rf netdata-$NETDATA_VERSION \
&& apk del autoconf \
automake \
build-base \
curl \
libmnl-dev \
util-linux-dev \
zlib-dev
VOLUME /etc/netdata