adjust readme for new plugin
This commit is contained in:
36
readme.md
36
readme.md
@ -1,11 +1,9 @@
|
||||
# Docker Image containing the Mosquitto MQTT Broker and the mosquitto-auth-plug
|
||||
|
||||
This project includes the mosquitto MQTT broker (https://github.com/eclipse/mosquitto, see also https://mosquitto.org/) and the mosquitto-auth-plug (https://github.com/jpmens/mosquitto-auth-plug, forked into https://github.com/wollud1969/mosquitto-auth-plug) as submodules.
|
||||
This project includes the mosquitto MQTT broker (https://github.com/eclipse/mosquitto, see also https://mosquitto.org/) and the mosquitto-go-auth (https://github.com/iegomez/mosquitto-go-auth forked into https://github.com/wollud1969/mosquitto-go-auth) as submodules.
|
||||
|
||||
Using Gitlab CI and a Dockerfile included in this project a Docker image based on Debian Linux is created.
|
||||
|
||||
Note, please: the author of mosquitto-auth-plug has archived his project because he don't want to be bothered concerning this software he is not longer using anymore. So, please, don't be tempted to send him questions again because you find this image useful but run into problems. Read the available resources first, finally you may contact me.
|
||||
|
||||
|
||||
## Mosquitto MQTT Broker
|
||||
|
||||
@ -49,7 +47,6 @@ The container expects the main configuration file in the root of the volume name
|
||||
|
||||
A very simple configuration, only supporting MQTT on port 1883 is:
|
||||
|
||||
pid_file /var/run/mosquitto.pid
|
||||
log_dest stdout
|
||||
|
||||
persistence false
|
||||
@ -59,22 +56,29 @@ A very simple configuration, only supporting MQTT on port 1883 is:
|
||||
#allow_anonymous true
|
||||
allow_anonymous false
|
||||
|
||||
auth_plugin /opt/lib/auth-plug.so
|
||||
auth_plugin /opt/lib/go-auth.so
|
||||
auth_opt_log_dest stdout
|
||||
auth_opt_log_level debug
|
||||
auth_opt_backends mysql
|
||||
auth_opt_host mariadb
|
||||
auth_opt_port 3306
|
||||
auth_opt_dbname mosquittoauth
|
||||
auth_opt_user mosquittoauth
|
||||
auth_opt_pass xxx
|
||||
auth_opt_userquery SELECT pw FROM users WHERE username = '%s'
|
||||
auth_opt_aclquery SELECT topic FROM acls WHERE username = '%s' and rw >= %d
|
||||
auth_opt_mysql_host mariadb
|
||||
auth_opt_mysql_port 3306
|
||||
auth_opt_mysql_dbname mosquittoauth
|
||||
auth_opt_mysql_user mosquittoauth
|
||||
auth_opt_mysql_password ieh4weiF
|
||||
auth_opt_mysql_allow_native_passwords true
|
||||
auth_opt_mysql_userquery SELECT pw FROM users WHERE username = ?
|
||||
auth_opt_mysql_aclquery SELECT topic FROM acls WHERE username = ? AND (rw & ?) != 0
|
||||
|
||||
The original readme of the mosquitto-go-auth plugin proposes a different acl query. However, that one didn't work for me.
|
||||
Maybe the meaning of the access attribute handed over from mosquitto core to the plugin has been changed in between.
|
||||
Actually, it appears to me that the meaning of this attribute has to be interpreted bitwise: Bit0 (1) is read access, Bit1 (2) is write access (publish), Bit0 and Bit1 (3) is readwrite access and Bit2 (4) is subscribe access. Write access is obviously and verified be test publish and subscribe access is also obviously subscribe. Currently I don't know what is meant be read access. For this reason I'm using a bitwise operation in the acl query. I set the rw column for those users who should have read-only access to 5 (1&4), for users who should only publish to 2 and for those ones who should read and write to 7 (1&2&4).
|
||||
|
||||
The required schema in the database is
|
||||
|
||||
CREATE TABLE users (
|
||||
id INTEGER AUTO_INCREMENT,
|
||||
username VARCHAR(25) NOT NULL,
|
||||
pw VARCHAR(128) NOT NULL,
|
||||
pw VARCHAR(512) NOT NULL,
|
||||
super INT(1) NOT NULL DEFAULT 0,
|
||||
PRIMARY KEY (id)
|
||||
);
|
||||
@ -84,14 +88,14 @@ The required schema in the database is
|
||||
id INTEGER AUTO_INCREMENT,
|
||||
username VARCHAR(25) NOT NULL,
|
||||
topic VARCHAR(256) NOT NULL,
|
||||
rw INTEGER(1) NOT NULL DEFAULT 1, -- 1: read-only, 2: read-write
|
||||
rw INTEGER(1) NOT NULL DEFAULT 1, -- 1 is read, 2 is write, 3 is readwrite, 4 is subscribe
|
||||
PRIMARY KEY (id)
|
||||
);
|
||||
CREATE UNIQUE INDEX acls_user_topic ON acls (username, topic(228));
|
||||
|
||||
The password is generated using the `np` tool provided by mosquitto-auth-plug, which is included in the image at `/opt/bin`. It can be used either within the container using `docker exec -it <mosquitto-container> /opt/bin/np`. You may also try to copy it from the container onto your Linux host. It should run, since it is only linked against typical Linux libraries, however, I wouldn't do that.
|
||||
The password is generated using the `pw` tool provided by mosquitto-go-auth, which is included in the image at `/opt/bin`. It can be used either within the container using `docker exec -it <mosquitto-container> /opt/bin/pw`. You may also try to copy it from the container onto your Linux host. It should run, since it is only linked against typical Linux libraries, however, I wouldn't do that.
|
||||
|
||||
For further information consult the readme and the examples in the mosquitto-auth-plug project (https://github.com/jpmens/mosquitto-auth-plug or https://github.com/wollud1969/mosquitto-auth-plug).
|
||||
For further information consult the readme and the examples in the mosquitto-go-auth project (https://github.com/iegomez/mosquitto-go-auth or https://github.com/wollud1969/mosquitto-go-auth).
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user