Mosquitto安装与部署
2024-10-22 05:09:48
版本说明:
Mosquitto版本:v2.0.10
libwebsockets版本:v3.0.1(用于支持websockets)
mosquitto-go-auth(Mosquitto plugin):v1.50(提供权限认证)
1.编译前准备
因为我们准备本机编译源码包,所以要提前安装gcc
yum -y install gcc-c++ cmake
还有一些三方依赖
yum install openssl-devel
yum install libuuid-devel
yum install c-ares-devel
yum install uuid-devel
yum install libwebsockets-devel.x86_64
yum install libwebsockets.x86_64
2.下载Mosquitto源码
从官网下载Mosquitto源码压缩包, 或者从github上下载也是可以的, 我这里使用的版本2.0.10
3.解压并安装Mosquitto
Mosquitto默认是不支持websockets的,要在编译前修改config.mk,WITH_WEBSOCKETS:=yes,把no改为yes
执行make,make install;
如果遇到fatal error: cjson/cJSON.h: No such file or directory报错,那么要提前安装cJSON(这里cJSON的安装,yum和apt不一定能找到,可以直接从github上下载源码压缩包,然后解压,进入目录,并make,make install), 这是当前版本的bug,后期应该会修复吧;
安装完成之后,添加名称为mosquitto的用户,并将相关文件夹授权给mosquitto用户
sudo groupadd mosquitto
sudo useradd -s /sbin/nologin mosquitto -g mosquitto -d /var/lib/mosquitto
sudo mkdir -p /var/log/mosquitto/ /var/lib/mosquitto/
sudo chown -R mosquitto:mosquitto /var/log/mosquitto/
sudo chown -R mosquitto:mosquitto /var/lib/mosquitto/
创建/etc/systemd/system/mosquitto.service文件
[Unit]
Description=Mosquitto MQTT v3.1/v3.1.1 server
Wants=network.target
Documentation=http://mosquitto.org/documentation/
[Service]
Type=simple
User=mosquitto
Group=mosquitto
ExecStart=/usr/local/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
Restart=on-failure
SyslogIdentifier=Mosquitto
[Install]
WantedBy=multi-user.target
设置开机启动
sudo systemctl enable mosquitto
4.解压并安装Mosquitto auth插件
我安装的是mosquitto-go-auth插件,因为是go语言写的插件,所以要提前安装golang,建议同时设置go的代理go env -w GOPROXY=https://mirrors.aliyun.com/goproxy,编译后得到go-auth.so插件
5.配置mosquitto
修改/etc/mosquitto/mosquitto.conf
per_listener_settings true
include_dir /etc/mosquitto/conf
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
#password_file /etc/mosquitto/pwfile
#acl_file /etc/mosquitto/aclfile
log_timestamp true
log_timestamp_format %Y-%m-%dT%H:%M:%S
log_type all
创建/etc/mosquitto/conf文件夹,并将go-auth.so插件移入,创建go-auth-mqtt.conf配置文件,go-auth-websockets.conf配置文件,分别对应mqtt协议,websockets协议
go-auth-mqtt.conf配置
listener 18883
protocol mqtt
connection_messages true
socket_domain ipv4
allow_anonymous false
auth_plugin /etc/mosquitto/conf/go-auth.so
auth_opt_backends mysql
auth_opt_cache true
auth_opt_cache_type redis
auth_opt_cache_reset true
auth_opt_cache_refresh true
auth_opt_auth_cache_seconds 30
auth_opt_acl_cache_seconds 30
auth_opt_auth_jitter_seconds 3
auth_opt_acl_jitter_seconds 3
auth_opt_cache_host XX.X.X.XXX
auth_opt_cache_port 6379
auth_opt_cache_password yourpassword
auth_opt_cache_db 3
auth_opt_hasher pbkdf2
auth_opt_hasher_salt_size 16 # salt bytes length
auth_opt_hasher_iterations 100000 # number of iterations
auth_opt_hasher_keylen 64 # key length
auth_opt_hasher_algorithm sha512 # hashing algorithm, either sha512 (default) or sha256
auth_opt_hasher_salt_encoding base64 # salt encoding, either base64 (default) or utf-8
auth_opt_log_level debug
auth_opt_log_dest file
auth_opt_log_file /var/log/mosquitto/mosquitto_auth.log
auth_opt_retry_count 2
#根据名称前缀匹配验证方式
auth_opt_check_prefix false
auth_opt_disable_superuser false
auth_opt_mysql_allow_native_passwords true
auth_opt_mysql_host mysqlhostaddress
auth_opt_mysql_port 3306
auth_opt_mysql_user mqtt
auth_opt_mysql_password mysqlpassword
auth_opt_mysql_dbname mqtt
auth_opt_mysql_userquery SELECT password_hash FROM mqtt_user WHERE username = ? limit 1
auth_opt_mysql_superquery SELECT COUNT(*) FROM mqtt_user WHERE username = ? AND is_admin = 1
auth_opt_mysql_aclquery SELECT topic FROM mqtt_acl WHERE (username = ?) AND (rw = ? OR rw = 3)
go-auth-websockets.conf配置
listener 18884
protocol websockets
connection_messages true
socket_domain ipv4
allow_anonymous false
auth_plugin /etc/mosquitto/conf/go-auth.so
auth_opt_backends jwt
auth_opt_jwt_mode remote
auth_opt_jwt_parse_token false
auth_opt_jwt_userfield username
auth_opt_jwt_host jwtauthserverhost
auth_opt_jwt_port 80
auth_opt_jwt_getuser_uri /op/unauthorized
auth_opt_jwt_superuser_uri /op/unauthorized
auth_opt_jwt_aclcheck_uri /op/unauthorized
auth_opt_jwt_response_mode status
auth_opt_jwt_params_mode json
auth_opt_jwt_with_tls false
auth_opt_jwt_verify_peer false
auth_opt_cache true
auth_opt_cache_type redis
auth_opt_cache_reset true
auth_opt_cache_refresh true
auth_opt_auth_cache_seconds 30
auth_opt_acl_cache_seconds 30
auth_opt_auth_jitter_seconds 3
auth_opt_acl_jitter_seconds 3
auth_opt_cache_host redishostaddress
auth_opt_cache_port 6379
auth_opt_cache_password redispassword
auth_opt_cache_db 3
auth_opt_log_level debug
auth_opt_log_dest file
auth_opt_log_file /var/log/mosquitto/mosquitto_auth.log
auth_opt_retry_count 2
#根据名称前缀匹配验证方式
auth_opt_check_prefix false
auth_opt_disable_superuser false
最新文章
- java+tomcat(apr,native)
- 创建与合并分支-git入门教程
- RPD资料库创建(1)
- Java中的继承、封装、多态、抽象
- Linux 浅谈Linux 操作系统的安全设置
- PHP获取文件目录dirname(__FILE__),getcwd()
- 异步等待的 Python 协程
- Hadoop概念学习系列之hadoop生态系统闲谈(二十五)
- javaweb 乱码总结
- 华为手机root 删除一般不用软件 的命令
- [Poco库]使用经验
- Storm几篇文章
- 利用Tomcat的用户名和密码构建“永久”后门
- Android 主题theme说明 摘记
- mitx一大堆统计学知识
- 洛谷P3398 仓鼠找suger
- AJAX实现登陆
- Debug 路漫漫-07
- odoo中self的使用
- @vue/cli 3配置文件vue.config.js