Mosquitto

| Mar 28, 2022| Devops

mosquitto 制作镜像

制作镜像

FROM centos:7
RUN    yum install wget  cmake make gcc*   gcc-c++  net-tools  openssl  openssl-devel gcc-c++ -y  && wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
ADD  mosquitto-2.0.14.tar.gz  /data/
ADD  v1.7.15.tar.gz /data/
WORKDIR  /data/cJSON-1.7.15/
RUN    make  && make install
WORKDIR /data/mosquitto-2.0.14/
RUN    make  && make install  && ldconfig  && yum -y  update
RUN    rm -rf /data/v1.7.15.tar.gz && rm -rf  /data/mosquitto-2.0.14.tar.gz    
RUN    echo /usr/local/lib > /etc/ld.so.conf.d/local.conf  && ldconfig
COPY   mosquitto.conf  /etc/mosquitto/
EXPOSE 1883
CMD ["/usr/local/sbin/mosquitto","-c","/etc/mosquitto/mosquitto.conf"]

配置单向认证

openssl genrsa -des3 -out ca.key 2048
# 证书密码  
persagy
58.251.128.54,127.0.0.1,100.76.143.131,58.251.128.55

image-20220328123558313

openssl req -new -x509 -days 1826 -key ca.key -out ca.crt

image-20220328124051825

openssl genrsa -out server.key 2048

openssl req -new -out server.csr -key server.key

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,

If you enter '.', the field will be left blank.
-----

Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:BJ
Locality Name (eg, city) [Default City]:bj
Organization Name (eg, company) [Default Company Ltd]:YS
Organizational Unit Name (eg, section) []:ys
Common Name (eg, your name or your server's hostname) []:  # 多个ip 地址                 
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 36000

openssl genrsa -out client.key 2048

openssl req -new -out client.csr -key client.key

openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 36000

错误

error while loading shared libraries: libmosquitto.so.1: cannot open shared object file: No such file or directory
error 18 at 0 depth lookup:self signed certificate 

#写在Dockerfile 
echo /usr/local/lib > /etc/ld.so.conf.d/local.conf  && ldconfig

验证

openssl verify -CAfile ca.crt server.crt

修改配置文件

bind_address 0.0.0.0
cafile /energy-sit/ca.crt
certfile /energy-sit/server.crt 
keyfile /energy-sit/server.key

启动

mosquitto -c /etc/mosquitto/mosquitto.conf -d

订阅

mosquitto_sub -h xingxing.io  -p 9883 -t "test" -u persagy -P persagy --cafile /energy-sit/server.crt --cert /energy-sit/client.crt --key /energy-sit/client.key --insecure

发布

mosquitto_pub -h xingxing.io -p 9883 -t "test" -m 'nihaoa' -u  persagy -P persagy --cafile /energy-sit/server.crt --cert /energy-sit/client.crt --key /energy-sit/client.key --insecure

改为wss+tls

#Devops

See Also

comments powered by Disqus