Mosquitto安裝和使用者許可權配置 SSL連線配置
一、概述
Eclipse Mosquitto is an open source (EPL/EDL licensed) message broker that implements the MQTT protocol versions 3.1 and 3.1.1. Mosquitto is lightweight and is suitable for use on all devices from low power single board computers to full servers.
The MQTT protocol provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for Internet of Things messaging such as with low power sensors or mobile devices such as phones, embedded computers or microcontrollers.
The Mosquitto project also provides a C library for implementing MQTT clients, and the very popular mosquitto_pub and mosquitto_sub command line MQTT clients.
Mosquitto is part of the Eclipse Foundation and is an iot.eclipse.org project.
二、安裝(linux-debian)
1.apt安裝
- 更新apt
apt-get update
- 查詢mosquitto packages
apt-cache search mosquitto
[email protected] /home/workspace # apt-cache search mosquitto
libmosquitto-dev - MQTT version 3.1/3.1.1 client library, development files
libmosquitto1 - MQTT version 3.1/3.1.1 client library
libmosquitto1-dbg - debugging symbols for libmosquitto binaries
libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
libmosquittopp1 - MQTT version 3.1/3.1.1 client C++ library
libmosquittopp1-dbg - debugging symbols for libmosquittopp binaries
mosquitto - MQTT version 3.1/3.1.1 compatible message broker
mosquitto-clients - Mosquitto command line MQTT clients
mosquitto-dbg - debugging symbols for mosquitto binaries
mosquitto-dev - Development files for Mosquitto
mosquitto-auth-plugin - Authentication plugin for Mosquitto with multiple back-ends- 安裝mosquitto
apt-get install mosquitto
2.安裝擴充套件工具
- mosquitto-clients, 命令列工具
apt-get install mosquitto-clients
安裝完成在命令列有兩個命令mosquitto_sub , mosquitto_pub, 可用來訂閱/釋出資訊
三、配置
安裝完成後, 配置檔案都在/etc/mosquitto目錄下
[email protected] /etc/mosquitto # ls
ca_certificates certs conf.d mosquitto.conf1.使用者密碼相關配置
1.1、配置使用者驗證資訊
- 建立目錄/etc/mosquitto/files用於統一存放一些配置檔案
mkdir files
- 在conf.d目錄下建立使用者驗證配置檔案
vim users.conf
# users for connect mqtt broker and verity pwfile
# 允許匿名登入 defaults to true.
allow_anonymous false
# 密碼檔案
password_file /etc/mosquitto/files/userpw
# 使用者訪問控制策略表
acl_file /etc/mosquitto/files/acl1.2、新增使用者密碼資訊
- 建立使用者
root@cms /etc/mosquitto # mosquitto_passwd -c /etc/mosquitto/files/userpw username1
Password:
Reenter password:
root@cms /etc/mosquitto #完後會在/etc/mosquitto/files目錄下生成名userpw檔案,裡邊即是使用者資訊
root@cms /etc/mosquitto/files # cat userpw
username1:$6$4ee29JiXCX4f1j5u$uKxINLtA4iPQhyM9OJOdOYzEv18ZsliVXLq2g4DcmVJ94d4dXrUk/NWBLfOxINZQKsRwbH1Ctcu3RZ1sYc2U1A==- 增加使用者
root@cms /etc/mosquitto # mosquitto_passwd /etc/mosquitto/files/userpw username2
Password:
Reenter password:
root@cms /etc/mosquitto #1.3、新增訪問控制列表檔案,並分配topic和使用者的許可權關係
- 建立acl檔案
# access control info for clients with username1
# this affects clients with username 'username1'
user username1
topic write /test/#
topic read /test/#
1.4、重啟mosquitto
systemctl restart mosquitto.service
2.SSL/TLS證書加密配置
2.1、配置.conf資訊
在conf.d目錄下建立SSL證書驗證配置檔案
vim certs.conf
port 8883
# 是否需要提供證書,如果為ture,則use_identity_as_username必須為true
require_certificate false
# cafile:CA證書檔案
cafile /etc/mosquitto/ca_certificates/myca.crt
# certfile:PEM證書檔案
certfile /etc/mosquitto/certs/mqbroker.crt
# keyfile:PEM金鑰檔案
keyfile /etc/mosquitto/certs/mqbroker.key
~
~
~
~
~
~
~
~