I am using eclipse-mosquitto Docker image and the Docker file is:
FROM eclipse-mosquitto
ADD config /mosquitto/config
ADD data /mosquitto/data
ADD log /mosquitto/log
ADD p2.txt /mosquitto/config/
And I have mosquitto.conf file under config folder as a plain text as:
persistence true
persistence_location /mosquitto/data/
log_dest file /mosquitto/log/mosquitto.log
listener 1883
allow_anonymous false
password_file /mosquitto/config/p2.txt
But I don't want anyone to see and/or change the content of the .conf file. For example, if "allow_anonymous" field is changed to "true", client services will not need a password to listen the message broker. Is there a way to securely store the file or encrypt the content of the file?
Thank you in advance,
Related
I have created a docker image of mqtt broker along with a config file. When I am trying to launch the image I am getting error saying: Error: Invalid password hash for user user.
Dockerfile:
FROM eclipse-mosquitto:1.4.12
RUN mkdir -p /mosquitto/data/
COPY mosquitto.conf /mosquitto/config/mosquitto.conf
COPY password.txt /mosquitto/config/password.txt
VOLUME /mosquitto/data/
EXPOSE 80
mosquitto config file:
## Logging
log_dest stdout
log_type error
log_type warning
log_type notice
log_type information
# per_listener_settings true
allow_anonymous false
password_file /mosquitto/config/password.txt
## MQTT Listener
listener 1883
protocol mqtt
## WebSockets Listener
listener 80
protocol websockets
## Persistence
persistence false
Password File:
Error:
I am trying to build an mqtt image with password file and websocket protocol
I am trying to connect my local mqtt broker to DIoTY cloud broker. I have taken reference from https://www.losant.com/blog/how-to-configure-mosquitto-bridge-to-losant and done all the configuration file changes as required. My /etc/mosquitto/mosquitto.conf looks like
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
I made my separate cloud.conf file in conf.d
# Config file for mosquitto
# See mosquitto.conf(5) for more information.
user mosquitto
max_queued_messages 200
message_size_limit 0
allow_zero_length_clientid true
allow_duplicate_messages false
listener 1883
autosave_interval 900
autosave_on_changes false
persistence true
persistence_file mosquitto.db
allow_anonymous true
connection dioty
address mqtt.dioty.co:1883
bridge_attempt_unsubscribe false
remote_username *******
remote_password *******
start_type automatic
bridge_protocol_version mqttv311
notifications false
try_private true
bridge_insecure false
cleansession false
topic # in 0
Mosquitto logs after starting broker are as follows
1608537228: mosquitto version 1.6.12 starting
1608537228: Config loaded from /etc/mosquitto/mosquitto.conf.
1608537228: Opening ipv4 listen socket on port 1883.
1608537228: Opening ipv6 listen socket on port 1883.
1608537228: mosquitto version 1.6.12 running
1608539039: Saving in-memory database to /var/lib/mosquitto/mosquitto.db.
What I think is my local mqtt is not reading .conf file. How can I fix this?
You are using Losant configuration to configure DIOTY broket which won't work as both are a different broker.
To save credentials in mosquitto config, first, you have to generate the password file using mosquitto_passwd
mosquitto_passwd -c /etc/mosquitto/passwd USER PASSWORD
then add password file location to mosquitto config also set allow_anonymouse=false
allow_anonymous false
password_file /etc/mosquitto/passwd
That's it now you just need to publish or subscribe using
mosquitto_pub -h localhost -t "test" -m "hello world
mosquitto_sub -h localhost -t test
The question is self explanatory
I am running mosquitto in a container and i am persisting /mosquitto using EFS so mosquitto.conf is persisting
I want to test if mosquitto is indeed using my custom mosquitto.conf instead of the default one
How do i do this ?
persistence true
persistence_location /mosquitto/data/
listener 1883
listener 9001
protocol websockets
UPDATE
log_dest file /mosquitto/log/mosquitto.log
log_type all
connection_messages true
log_timestamp true
log_timestamp_format [%H:%M:%S]
Adding this to mosquitto.conf worked as suggested by hardillb
Mosquitto prints out the config file it is using on the second line of its log output when started.
Without changing something fundamental e.g. the port it listens on, and testing it you have assume that it is using the file at location.
I have setup Mosquitto MQTT with SSL on port 8883. However when I try and connect I get an error "Error: A TLS error occurred"
I looked up the mosquitto logs and I see "SSL is disabled" in the logs.
I don't think that's expected.
All the certificates are valid.
My config File (Note: mqtt.test.com is not the actual host):
autosave_interval 1800
# Persistence Settings
persistence true
persistence_file mosquitto.db
persistence_location /tmp/
connection_messages true
# Logging Settings
log_timestamp true
log_dest file /home/ubuntu/mqtt/mosquitto/mosquitto.log
log_type debug
# Port Settings
listener 1883
# Only needed if Websockets
listener 8033
protocol websockets
certfile /etc/letsencrypt/live/mqtt.test.com/cert.pem
cafile /etc/letsencrypt/live/mqtt.taggle.com/chain.pem
keyfile /etc/letsencrypt/live/mqtt.test.com/privkey.pem
listener 8883
certfile /etc/letsencrypt/live/mqtt.test.com/cert.pem
cafile /etc/letsencrypt/live/mqtt.test.com/chain.pem
keyfile /etc/letsencrypt/live/mqtt.test.com/privkey.pem
There is no need to build mosquitto from source to user the auth_plugin, you need access to the matching src bundle for the version of the broker you have installed.
When you built mosquitto you most likely didn't have the openssl dev packages installed to allow the build to link against openssl.
That or you built mosquitto with make WITH_TLS=no
Double check you followed all the instructions in the readme.md that comes with the src and that installed all the prerequisite packages
I followed the TLS configuration on official Mosquitto website and generated all the certificates and keys.
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
listener 1883
port 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/ca_certificates/server.crt
keyfile /etc/mosquitto/ca_certificates/server.key
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
It is working fine locally. but I am not able to connect from outside my network. Can someone explain me what wrong I am doing here ? AM i missing something?
Thank you.