wn/mosquitto-with-auth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

persistence included

Browse Source
This commit is contained in:
Wolfgang Hottgenroth 2019-06-13 17:21:40 +02:00
parent 91c2bfe0b1
commit 47a91f2db4
Signed by: wn
GPG Key ID: 6C1E5E531E0D5D7F
4 changed files with 32 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile
View File

@ -12,13 +12,15 @@ RUN \
apt update && \ apt update && \
apt install -y mariadb-client openssl libwebsockets8 && \ apt install -y mariadb-client openssl libwebsockets8 && \
groupadd -r -g $MOSQ_GID $MOSQ_USER && \ groupadd -r -g $MOSQ_GID $MOSQ_USER && \
useradd -m -r -u $MOSQ_UID -g $MOSQ_USER $MOSQ_USER useradd -m -r -u $MOSQ_UID -g $MOSQ_USER $MOSQ_USER && \
mkdir -p /opt/data
COPY opt/ /opt COPY opt/ /opt
COPY etc/ /opt/etc COPY etc/ /opt/etc
VOLUME /opt/etc VOLUME /opt/etc
VOLUME /opt/data
EXPOSE 1883/tcp EXPOSE 1883/tcp
EXPOSE 8883/tcp EXPOSE 8883/tcp
EXPOSE 9001/tcp EXPOSE 9001/tcp

9
mosquitto-start.sh
View File

@ -1,9 +1,11 @@
#!/bin/bash #!/bin/bash
IMAGE=registry.gitlab.com/wolutator/mosquitto-with-auth:latest IMAGE=registry.gitlab.com/wolutator/mosquitto-with-auth:latest
VOLUME=mosquitto-config VOLUME_CONFIG=mosquitto-config
VOLUME_DATA=mosquitto-data
docker volume inspect $VOLUME > /dev/null || docker volume create $VOLUME docker volume inspect $VOLUME_CONFIG > /dev/null || docker volume create $VOLUME_CONFIG
docker volume inspect $VOLUME_DATA > /dev/null || docker volume create $VOLUME_DATA
docker pull $IMAGE docker pull $IMAGE
@ -13,7 +15,8 @@ docker run \
-p1883:1883 \ -p1883:1883 \
-p8883:8883 \ -p8883:8883 \
-p9001:9001 \ -p9001:9001 \
-v $VOLUME:/opt/etc/mosquitto \ -v $VOLUME_CONFIG:/opt/etc/mosquitto \
-v $VOLUME_DATA:/opt/data \
--link mariadb \ --link mariadb \
--name mosquitto \ --name mosquitto \
$IMAGE $IMAGE

3
mosquitto.conf-sample
View File

@ -1,6 +1,7 @@
log_dest stdout log_dest stdout
persistence false persistence true
persistence_location /opt/data/
listener 1883 listener 1883
protocol mqtt protocol mqtt

17
readme.md
View File

@ -23,12 +23,15 @@ All logging is send to `stdout`, so it can be inspected using `docker logs -f <m
To start the container a script is provided, which might need to adjusted to the actual environment: To start the container a script is provided, which might need to adjusted to the actual environment:
#!/bin/bash #!/bin/bash
IMAGE=registry.gitlab.com/wolutator/mosquitto-with-auth:latest IMAGE=registry.gitlab.com/wolutator/mosquitto-with-auth:latest
VOLUME=mosquitto-config VOLUME_CONFIG=mosquitto-config
VOLUME_DATA=mosquitto-data
docker volume inspect $VOLUME > /dev/null || docker volume create $VOLUME docker volume inspect $VOLUME_CONFIG > /dev/null || docker volume create $VOLUME_CONFIG
docker volume inspect $VOLUME_DATA > /dev/null || docker volume create $VOLUME_DATA
docker pull $IMAGE docker pull $IMAGE
@ -38,18 +41,23 @@ To start the container a script is provided, which might need to adjusted to the
-p1883:1883 \ -p1883:1883 \
-p8883:8883 \ -p8883:8883 \
-p9001:9001 \ -p9001:9001 \
-v $VOLUME:/opt/etc/mosquitto \ -v $VOLUME_CONFIG:/opt/etc/mosquitto \
-v $VOLUME_DATA:/opt/data \
--link mariadb \ --link mariadb \
--name mosquitto \ --name mosquitto \
$IMAGE $IMAGE
The container expects the main configuration file in the root of the volume named `mosquitto.conf`. The container expects the main configuration file in the root of the volume named `mosquitto.conf`.
A very simple configuration, only supporting MQTT on port 1883 is: A very simple configuration, only supporting MQTT on port 1883 is:
log_dest stdout log_dest stdout
persistence false persistence true
persistence_location /opt/data/
listener 1883 listener 1883
protocol mqtt protocol mqtt
@ -69,6 +77,7 @@ A very simple configuration, only supporting MQTT on port 1883 is:
auth_opt_mysql_userquery SELECT pw FROM users WHERE username = ? auth_opt_mysql_userquery SELECT pw FROM users WHERE username = ?
auth_opt_mysql_aclquery SELECT topic FROM acls WHERE username = ? AND (rw & ?) != 0 auth_opt_mysql_aclquery SELECT topic FROM acls WHERE username = ? AND (rw & ?) != 0
The original readme of the mosquitto-go-auth plugin proposes a different acl query. However, that one didn't work for me. The original readme of the mosquitto-go-auth plugin proposes a different acl query. However, that one didn't work for me.
Maybe the meaning of the access attribute handed over from mosquitto core to the plugin has been changed in between. Maybe the meaning of the access attribute handed over from mosquitto core to the plugin has been changed in between.
Actually, it appears to me that the meaning of this attribute has to be interpreted bitwise: Bit0 (1) is read access, Bit1 (2) is write access (publish), Bit0 and Bit1 (3) is readwrite access and Bit2 (4) is subscribe access. Write access is obviously and verified be test publish and subscribe access is also obviously subscribe. Currently I don't know what is meant be read access. For this reason I'm using a bitwise operation in the acl query. I set the rw column for those users who should have read-only access to 5 (1&4), for users who should only publish to 2 and for those ones who should read and write to 7 (1&2&4). Actually, it appears to me that the meaning of this attribute has to be interpreted bitwise: Bit0 (1) is read access, Bit1 (2) is write access (publish), Bit0 and Bit1 (3) is readwrite access and Bit2 (4) is subscribe access. Write access is obviously and verified be test publish and subscribe access is also obviously subscribe. Currently I don't know what is meant be read access. For this reason I'm using a bitwise operation in the acl query. I set the rw column for those users who should have read-only access to 5 (1&4), for users who should only publish to 2 and for those ones who should read and write to 7 (1&2&4).