Hello, I am not comfortable with the writing of YUNoHost s.<br

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Add MQTT over SSL about mosquitto_ynh HOT 5 OPEN

yunohost-apps commented on June 25, 2024 3

Add MQTT over SSL

from mosquitto_ynh.

Comments (5)

jose1711 commented on June 25, 2024 1

I believe this really needs a better integration with YunoHost. I think as a minimum it should be possible to choose domain, toggle SSL and manage users including password reset from the interface.

As far as SSL is concerned I've collected the steps from comments above (thanks for those) and converted them to commands which can be run on the server within a root session:

# create new config
domain=$(yunohost domain main-domain --output-as plain)

cat >/etc/mosquitto/conf.d/ssl.conf <<HERE
listener 8883
certfile /etc/yunohost/certs/${domain}/crt.pem
cafile /etc/yunohost/certs/${domain}/crt.pem
keyfile /etc/yunohost/certs/${domain}/key.pem

allow_anonymous false
password_file /etc/mosquitto/passwd
HERE

# grant permissions to certificates for mosquitto user
usermod -a -G ssl-cert mosquitto
setfacl -R -m u:mosquitto:rx /etc/yunohost/certs/${domain}

# reconfigure firewall (deny 1883, allow 8883)
yunohost firewall allow TCP 8883
yunohost firewall disallow TCP 1883

# update port in the app configuration
yunohost app setting mosquitto port -v 8883

# remove and readd service
yunohost service remove mosquitto
yunohost service add mosquitto --description="Allows MQTT clients to send/receive data" --log="/var/log/mosquitto/mosquitto.log" --needs_exposed_ports=8883

# update backup script
sed -i '/--src_path=/s/default.conf/ssl.conf/' /etc/yunohost/apps/mosquitto/scripts/backup

# switch configs and restart mosquitto
mv /etc/mosquitto/conf.d/default.conf /etc/mosquitto/conf.d/default.conf.disabled
systemctl restart mosquitto

EDIT: add port update step
EDIT2: add service remove+readd step
EDIT3: fix backup

from mosquitto_ynh.

utkarshsethi commented on June 25, 2024

@Rafi594 @YunoHost Can you wiht this?

I need to run mosqutto with SSL, would directly editing config files mess up the app?

from mosquitto_ynh.

h3ndrik commented on June 25, 2024

also run:
usermod -a -G ssl-cert mosquitto
so that mosquitto can access the certificates.

EDIT:
setfacl -R -m u:mosquitto:rx /etc/yunohost/certs/your.domain.tld

seems to do the trick??

and you have to open port 8883 in the yunohost firewall manually.

from mosquitto_ynh.

jose1711 commented on June 25, 2024

Here's a config that enables both SSL (8883) and non-SSL (1883) connections. Perhaps someone finds it useful:

per_listener_settings true

listener 8883
certfile /etc/yunohost/certs/DOMAINNAME/crt.pem
cafile /etc/yunohost/certs/DOMAINNAME/crt.pem
keyfile /etc/yunohost/certs/DOMAINNAME/key.pem
password_file /etc/mosquitto/passwd
allow_anonymous false

listener 1883
password_file /etc/mosquitto/passwd
allow_anonymous false

from mosquitto_ynh.

jedie commented on June 25, 2024

I believe this really needs a better integration with YunoHost. I think as a minimum it should be possible to choose domain, toggle SSL and manage users including password reset from the interface.

Can somebody provide this? Would be great!

from mosquitto_ynh.

Add MQTT over SSL about mosquitto_ynh HOT 5 OPEN

Comments (5)

Related Issues (2)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent