jllopis / docker-mosquitto Goto Github PK

View Code? Open in Web Editor NEW

126.0 11.0 89.0 542 KB

Mosquitto MQTT Broker on Docker Image

Shell 3.36% Makefile 10.36% Dockerfile 86.28%

docker-mosquitto's Introduction

docker-mosquitto

Mosquitto MQTT Broker on Docker Image.

Version

mosquitto v1.6.9

This version implement MQTT over WebSocket. You can use an MQTT JavaScript library to connect, like Paho: https://github.com/eclipse/paho.mqtt.javascript

It has the auth plugin https://github.com/jpmens/mosquitto-auth-plug included. It uses (and is compiled with) support for Redis, PostgreSQL, http and JWT backends. The additional config for this plugin (sample auth-plugin.conf included) can be bind mounted in the extended configuration directory: /etc/mosquitto.d. Any file with a .conf extension will be loaded by mosquitto on startup.

For details on the auth plugin configuration, refer to the author repository. A little quick&dirty example its included at the end.

The docker images builds with Official Alpine Linux edge.

Build

Use the provide Makefile to build the image.

Alternatively you can start it by means of docker-compose: docker-compose up. This is useful when testing. It start up redis and link it to mosquitto so you can test the auth-plugin easily.

Build the Mosquitto docker image

$ sudo make

You can specify your repository and tag by

$ sudo make REPOSITORY=my_own_repo/mqtt TAG=v1.6.9

Default for REPOSITORY is jllopis/mosquitto (should change this) and for TAG is mosquitto version (1.5 now).

Actually the command executed by make is

docker build --no-cache -t jllopis/mosquitto:v1.6.9 .

Persistence and Configuration

If you want to use persistence for the container or just use a custom config file you must use VOLUMES from your host or better, data only containers.

The container has three directories that you can use:

/etc/mosquitto to store mosquitto configuration files
/etc/mosquitto.d to store additional configuration files that will be loaded after /etc/mosquitto/mosquitto.conf
/var/lib/mosquitto to persist the database

The logger outputs to stderr by default. ) See the following examples for some guidance:

Mapping host directories

$ sudo docker run -ti \
  -v /tmp/mosquitto/etc/mosquitto:/etc/mosquitto \
  -v /tmp/mosquitto/etc/mosquitto.d:/etc/mosquitto.d \
  -v /tmp/mosquitto/var/lib/mosquitto:/var/lib/mosquitto \
  -v /tmp/mosquitto/auth-plug.conf:/etc/mosquitto.d/auth-plugin.conf \
  --name mqtt \
  -p 1883:1883 \
  -p 9883:9883 \
  jllopis/mosquitto:v1.6.9

Data Only Containers

You must create a container to hold the directories first:

$ sudo docker run -d -v /etc/mosquitto -v /etc/mosquitto.d -v /var/lib/mosquitto --name mqtt_data busybox /bin/true

and then just use VOLUMES_FROM in your container:

$ sudo docker run -ti \
  --volumes-from mqtt_data \
  --name mqtt \
  -p 1883:1883 \
  -p 9883:9883 \
  jllopis/mosquitto:v1.6.9

The image will save its auth data (if configured) to redis. You can start and link a redis container or use an existing redis instance (remember to configure the plugin).

The included docker-compose.yml file is a good example of how to do it.

Example of authenticated access

By default, there is an admin superuser added to auth-plugin.conf. We will use it as an example.

1. Start a Redis instance

$ sudo docker run -d \
  --name redis_1 \
  -p 6379 \
  -v ${PWD}/tmp/redis-data:/data \
  redis:3

2. Start mosquitto with the linked redis

$ sudo docker run -d \
  -v ${PWD}/mosquitto/etc/mosquitto:/etc/mosquitto \
  -v ${PWD}/mosquitto/etc/mosquitto.d:/etc/mosquitto.d \
  -v ${PWD}/mosquitto/var/lib/mosquitto:/var/lib/mosquitto \
  -v ${PWD}/mosquitto/auth-plug.conf:/etc/mosquitto.d/auth-plugin.conf \
  --name mqtt \
  -p 1883:1883 \
  -p 9883:9883 \
  --link redis:mosquitto.redis.link \
  jllopis/mosquitto:v1.6.9

3. Add a password for the admin user

(or whatever user u have configured...)

$ docker run -ti --rm jllopis/mosquitto:v1.6.9 np -p secretpass
PBKDF2$sha256$901$5nH8dWZV5NXTI63/$0n3XrdhMxe7PedKZUcPKMd0WHka4408V

$ docker run -it --link redis_1:redis --rm redis sh -c 'exec redis-cli -h "$REDIS_PORT_6379_TCP_ADDR" -p "$REDIS_PORT_6379_TCP_PORT"'
172.17.0.64:6379> SET admin PBKDF2$sha256$901$5nH8dWZV5NXTI63/$0n3XrdhMxe7PedKZUcPKMd0WHka4408V
OK
172.17.0.64:6379> QUIT

4. Subscribe to a test channel

$ mosquitto_sub -h localhost -t test

5. Publish to test channel

$ mosquitto_pub -h localhost -t test -m "sample pub"

And... nothing happens becouse our anonymous user have no permission on that channel. Check the mosquitto logs:

mosquitto_1 | 1437183848: New connection from 192.168.59.3 on port 1883.
mosquitto_1 | 1437183848: New client connected from 192.168.59.3 as mosqpub/14736-MacBook-P (c1, k60).
mosquitto_1 | 1437183848: Sending CONNACK to mosqpub/14736-MacBook-P (0, 0)
mosquitto_1 | 1437183848: |-- mosquitto_auth_acl_check(..., mosqpub/14736-MacBook-P, anonymous, test, MOSQ_ACL_WRITE)
mosquitto_1 | 1437183848: |-- user anonymous was authenticated in back-end 0 (redis)
mosquitto_1 | 1437183848: |-- aclcheck(anonymous, test, 2) AUTHORIZED=0 by redis
mosquitto_1 | 1437183848: |--  Cached  [9B6BD92B391C9366FC67942CE0020635A2E289AD] for (mosqpub/14736-MacBook-P,anonymous,2)
mosquitto_1 | 1437183848: |--  Cleanup [D45B453EA5A7900B66AD58FC314C28CD515C1572]
mosquitto_1 | 1437183848: Denied PUBLISH from mosqpub/14736-MacBook-P (d0, q0, r0, m0, 'test', ... (10 bytes))
mosquitto_1 | 1437183848: Received DISCONNECT from mosqpub/14736-MacBook-P

Cool!! Lets try again:

$ mosquitto_pub -h localhost -t test -m "sample pub" -u admin -P secretpass

see the logs:

mosquitto_1 | 1437183987: New connection from 192.168.59.3 on port 1883.
mosquitto_1 | 1437183987: |-- mosquitto_auth_unpwd_check(admin)
mosquitto_1 | 1437183987: |-- ** checking backend redis
mosquitto_1 | 1437183987: |-- getuser(admin) AUTHENTICATED=1 by redis
mosquitto_1 | 1437183987: New client connected from 192.168.59.3 as mosqpub/14767-MacBook-P (c1, k60, u'admin').
mosquitto_1 | 1437183987: Sending CONNACK to mosqpub/14767-MacBook-P (0, 0)
mosquitto_1 | 1437183987: |-- mosquitto_auth_acl_check(..., mosqpub/14767-MacBook-P, admin, test, MOSQ_ACL_WRITE)
mosquitto_1 | 1437183987: |-- aclcheck(admin, test, 2) GLOBAL SUPERUSER=Y
mosquitto_1 | 1437183987: |--  Cached  [CB67C9EA1CEA7676A1B3667076C142A05E1A6C94] for (mosqpub/14767-MacBook-P,admin,2)
mosquitto_1 | 1437183987: Received PUBLISH from mosqpub/14767-MacBook-P (d0, q0, r0, m0, 'test', ... (10 bytes))
mosquitto_1 | 1437183987: |-- mosquitto_auth_acl_check(..., mosqsub/14237-MacBook-P, anonymous, test, MOSQ_ACL_READ)
mosquitto_1 | 1437183987: |-- user anonymous was authenticated in back-end 0 (redis)
mosquitto_1 | 1437183987: |-- aclcheck(anonymous, test, 1) AUTHORIZED=0 by redis
mosquitto_1 | 1437183987: |--  Cached  [6E2BE05D56B509A1912C1A6921B4AEFE80A498CA] for (mosqsub/14237-MacBook-P,anonymous,1)
mosquitto_1 | 1437183987: Received DISCONNECT from mosqpub/14767-MacBook-P

Much better... But, did you get any output in the mosquitto_sub? None. Try this and replay:

$ mosquitto_sub -h localhost -t test -u admin -P secretpass

And now everything should work! ;)

Contributors

See contributors page for a list of contributors.

docker-mosquitto's People

Contributors

Stargazers

Watchers

Forkers

bewest murf0 cxcco simonmorley m4dfry nickrobinson herveleclerc sgsagar willyjchen garciademarina mrcnc planetfederal muljonosusilo versine s3ler frank-u jforge jockdarock robhogan kingj waynema02 natcl yuanjingking nazt monstrenyatko eigo-mt-fuji ciscodevnet srgrn gautaz jumbokh mschreib28 sjhzjxc wisdomwolf fknappe saprative selvakn cashflow4me xiach kbkbqiang xdutaotao kerwin-cn leffen boedy txwh panzidongfamily alljoynsville linux998 wengjunfeng ortsf2018 wqd1688 perrywu farmshelf-labs ligzy davejfranco hadilo adeteam viest chuanjin brewmajsters fakstory bayaabid addedjacky widhaprasa mxc-foundation autodomo vokup aka-z izhangyr ueda-kento-glory fg-uulm longntv hootan09 xfyecn faelnpaiva jay-tran joaorobertoifrn ame161 mafgwo dmgolembiowski xiameihao alex-3pi sylvek andrepradika gabrielfast

docker-mosquitto's Issues

The container size exceeds 4.5 GB

I am using the PostgreSQL backend for plugin and it hardly has 12 user entries. Still the docker container for docker-mosquitto is of 4.6 GB in size which is extra. Is there any way to reduce the size.

websockets problem

1548058729: Opening websockets listen socket on port 9883.
Alpine websockets broken again?
I have connectivity issues. Check it please.
v1.5.5
upd:
This works well with libwebsockets v2.4.2
thank

SSL library conflict

Running the standard setup this morning,
git init

git pull https://github.com/jllopis/docker-mosquitto

docker-compose up

repeatedly produced the following error during the main RUN:

ERROR: unsatisfiable constraints: openssl-dev-1.1.1a-r0: conflicts: libressl-dev-2.7.4-r2[pc:libcrypto=1.1.1a] libressl-dev-2.7.4-r2[pc:libssl=1.1.1a] libressl-dev-2.7.4-r2[pc:openssl=1.1.1a] satisfies: postgresql-dev-11.1-r0[openssl-dev] curl-dev-7.62.0-r2[openssl-dev] libssh2-dev-1.8.0-r4[pc:libcrypto] libssh2-dev-1.8.0-r4[pc:libssl] libressl-dev-2.7.4-r2: conflicts: openssl-dev-1.1.1a-r0[pc:libcrypto=2.7.4] openssl-dev-1.1.1a-r0[pc:libssl=2.7.4] openssl-dev-1.1.1a-r0[pc:openssl=2.7.4] satisfies: world[libressl-dev] libssh2-dev-1.8.0-r4[pc:libcrypto] libssh2-dev-1.8.0-r4[pc:libssl]

So, conflicting SSL libraries. Since the Dockerfile does not mention openssl, I figured it might be a change in Alpine, since the version is unpinned. Changing it to FROM alpine:3.8 allowed Docker to get through the dependency installation. It appears that Alpine has indeed been switching between openssl and libressl, though I am not clear how Edge would have this problem relative to 3.8, when the switch appears to be towards libre and this project is using libre. For your consideration.

Websocket protocol with mosquitto

Hi I'm getting this issue while connection to the server with websocket protocol

1497462055: Socket error on client abcd, disconnecting.

I'm using java client to connect to the server

Update auth plugin

Move from archived jpmens' mosquitto-auth-plug to iegomez's mosquitto-go-auth.

How to create new users in the broker?

How to create multiple users in Redis back-end after the docker container is up ?

Included source code makes image bigger than it needs to be

I notice that the /org.eclipse.mosquitto source directory is present in your image at about 12 M in size.

It may be that the "rm -rf" commands in the Dockerfile aren't working as expected: there's no "-${MOSQ_VERSION}" on the end of the source directory, and the "mosquitto-auth-plug" directory isn't at the root level, it's inside the source directory.

Segmentation fault using 1.4.12

Hi, I'm using the image with the auth-plugin.
Using a MQTT client, the container is contacted on its MQTT over TLS/SSL port (8883) and the authentication is performed using HTTP (custom HTTP API).

Suddendly just after the container is contacted it crashes. The log contains the following:

1499077320: |-- *** auth-plug: startup
1499077320: |-- ** Configured order: http

Segmentation fault (core dumped)

Note: we used the version 1.4.10 with the same worflow (MQTT over TLS/SSL and custom HTTP API) without issues for months. The 1.4.12 instead always crashes.

chmod +x run.sh

You need to chmod the run.sh otherwise it fails with a permissions error.

Other than that, loverrrly project :)

Socket error on client (and Error: Unable to open config file /etc/mosquitto/mosquitto.conf)

Running the container in Win10 and trying to make MQTT visible to my python client by

docker run -ti ^
-v %cd%/mosquitto/etc/mosquitto.d:/etc/mosquitto.d ^
-v %cd%/mosquitto/var/lib/mosquitto:/var/lib/mosquitto ^
-v %cd%/mosquitto/auth-plug.conf:/etc/mosquitto.d/auth-plugin.conf ^
-p 127.0.0.1:1883:1883 ^
-p 127.0.0.1:9883:9883 ^
--link redis_1:mosquitto.redis.link ^
--name mqtt ^
docker-mosquitto_mosquitto

it could pub/sub via container CLI but, when connecting via python, it shows Socket error:
1607308722: Socket error on client auto-XXXXXXXXXXXXXXX, disconnecting.

i suspect my python doesn't have tls.
any idea how I can disable tls in the image or how to obtain the CA cert from it?

also, i afraid i am unable to edit mosquitto.conf (i am bypassing it) due to another error:

docker run -ti ^
-v /tmp/mosquitto/etc/mosquitto:/etc/mosquitto ^
-v /tmp/mosquitto/etc/mosquitto.d:/etc/mosquitto.d ^
-v /tmp/mosquitto/var/lib/mosquitto:/var/lib/mosquitto ^
-v /tmp/mosquitto/auth-plug.conf:/etc/mosquitto.d/auth-plugin.conf ^
-p 1883:1883 ^
-p 9883:9883 ^
--name mqtt ^
docker-mosquitto_mosquitto

Error:
1607309303: Error: Unable to open config file /etc/mosquitto/mosquitto.conf.
any idea or further info requires from my side, please let me knows.

SSL Patch

Hi Can you please explain your ssl patch? I do not follow what is going on there and would appreciate some clarification as to what the patch is doing.

Thanks

Add mongo backend ?

Hello,
I added the mongoDB backend on my fork: https://github.com/natcl/docker-mosquitto-mongo-auth
Was wondering if you'd be interested in a PR that adds the mongoc driver, or perhaps it's better in another fork ?

docker-mosquitto always exits with code 139 when publishing/subscribing with wrong password

Hi,

I'm having some problem with setting up docker-mosquitto. I've successfully cloned the repository and build the docker images using docker-compose up. However, every time I try to connect to the docker-mosquitto container with a username and a wrong password it closes the container unexpectedly. This is the python code I'm using to publish to a specific channel:

import paho.mqtt.client as mqtt
client = mqtt.Client()
client.connect("127.0.0.1", 1883, 60)
client.username_pw_set("admin", "wrong_password")
client.publish("test","HI")

And this is the log output from docker-compose

1:C 20 Feb 2019 13:31:01.396 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
redis-mosq   | 1:C 20 Feb 2019 13:31:01.396 # Redis version=5.0.3, bits=64, commit=00000000, modified=0, pid=1, just started
redis-mosq   | 1:C 20 Feb 2019 13:31:01.396 # Warning: no config file specified, using the default config. In order to specify a config file use redis-server /path/to/redis.conf
redis-mosq   | 1:M 20 Feb 2019 13:31:01.397 * Running mode=standalone, port=6379.
redis-mosq   | 1:M 20 Feb 2019 13:31:01.398 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
redis-mosq   | 1:M 20 Feb 2019 13:31:01.398 # Server initialized
redis-mosq   | 1:M 20 Feb 2019 13:31:01.398 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
mosquitto_1  | 1550669462: mosquitto version 1.5.5 starting
mosquitto_1  | 1550669462: Config loaded from /etc/mosquitto/mosquitto.conf.
mosquitto_1  | 1550669462: |-- *** auth-plug: startup
mosquitto_1  | 1550669462: |-- ** Configured order: redis,http
mosquitto_1  | 
mosquitto_1  | 1550669462: |-- }}}} Redis
redis-mosq   | 1:M 20 Feb 2019 13:31:01.400 * DB loaded from disk: 0.002 seconds
redis-mosq   | 1:M 20 Feb 2019 13:31:01.400 * Ready to accept connections
mosquitto_1  | 1550669462: |-- with_tls=false
mosquitto_1  | 1550669462: |-- getuser_uri=/auth
mosquitto_1  | 1550669462: |-- superuser_uri=/superuser
mosquitto_1  | 1550669462: |-- aclcheck_uri=/acl
mosquitto_1  | 1550669462: |-- getuser_params=domain=DOMAIN,port=PORT
mosquitto_1  | 1550669462: |-- superuser_params=domain=DOMAIN,port=PORT
mosquitto_1  | 1550669462: |-- aclcheck_params=domain=DOMAIN,port=PORT
mosquitto_1  | 1550669462: |-- retry_count=3
mosquitto_1  | 1550669462: Opening ipv4 listen socket on port 1883.
mosquitto_1  | 1550669462: Opening ipv6 listen socket on port 1883.
mosquitto_1  | 1550669462: Opening websockets listen socket on port 9883.
mosquitto_1  | 1550669522: Saving in-memory database to /var/lib/mosquitto/mosquitto.db.
mosquitto_1  | 1550669578: New connection from 172.21.0.1 on port 1883.
mosquitto_1  | 1550669578: |-- mosquitto_auth_unpwd_check(admin)
mosquitto_1  | 1550669578: |-- ** checking backend redis
mosquitto_1  | 1550669578: |-- ** checking backend http
docker-mosquitto_mosquitto_1 exited with code 139

I've even tried going into the container and running mosquitto_pub -h localhost -t test -m "HI" -u admin -p wrong_password and the result occurs. Any ideas of why this is occurring?

I successfully compiled but am I doing the right thing?

jllopis / docker-mosquitto Goto Github PK

docker-mosquitto's Introduction

docker-mosquitto

Version

Build

Build the Mosquitto docker image

Persistence and Configuration

Mapping host directories

Data Only Containers

Example of authenticated access

1. Start a Redis instance

2. Start mosquitto with the linked redis

3. Add a password for the admin user

4. Subscribe to a test channel

5. Publish to test channel

Contributors

docker-mosquitto's People

Contributors

Stargazers

Watchers

Forkers

docker-mosquitto's Issues

Recommend Projects

Recommend Topics

Recommend Org