thomas/container
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mqtt/sec/docker-compose.yml aktualisiert

Browse Source
This commit is contained in:
Thomas M
2026-01-18 14:21:45 +00:00
parent 8b28c36139
commit 45bddd3c5e
1 changed files with 44 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
mqtt/sec/docker-compose.yml
View File

@@ -14,11 +14,7 @@ services:
- ${CONFIG_PATH:-./config}:/mosquitto/config
- ${DATA_PATH:-./data}:/mosquitto/data
- ${LOG_PATH:-./log}:/mosquitto/log
# System Root CAs (read-only)
- /etc/ssl/certs:/etc/ssl/certs:ro
# Self-signed TLS certs (writeable)
- ${TLS_PATH:-./tls}:/mosquitto/tls
ports:
@@ -27,62 +23,63 @@ services:
dns:
- ${DNS_SERVER}
command: >
sh -c '
TLS_DIR=/mosquitto/tls;
CONF=/mosquitto/config/mosquitto.conf;
PASSWD=/mosquitto/config/passwd;
command:
- sh
- -c
- |
TLS_DIR=/mosquitto/tls
CONF=/mosquitto/config/mosquitto.conf
PASSWD=/mosquitto/config/passwd
mkdir -p "$TLS_DIR";
mkdir -p "$TLS_DIR"
echo "=== Checking certificates ===";
echo "=== Checking certificates ==="
if [ ! -f "$TLS_DIR/server.crt" ]; then
echo "Generating self-signed certificates...";
openssl genrsa -out $TLS_DIR/ca.key 4096;
openssl req -x509 -new -nodes -key $TLS_DIR/ca.key -sha256 -days 3650 \
-out $TLS_DIR/ca.crt -subj "/CN=LocalMQTT-CA";
echo "Generating self-signed certificates..."
openssl genrsa -out "$TLS_DIR/ca.key" 4096
openssl req -x509 -new -nodes -key "$TLS_DIR/ca.key" -sha256 -days 3650 \
-out "$TLS_DIR/ca.crt" -subj "/CN=LocalMQTT-CA"
openssl genrsa -out $TLS_DIR/server.key 4096;
openssl req -new -key $TLS_DIR/server.key -out $TLS_DIR/server.csr \
-subj "/CN=$MQTT_HOSTNAME";
openssl genrsa -out "$TLS_DIR/server.key" 4096
openssl req -new -key "$TLS_DIR/server.key" -out "$TLS_DIR/server.csr" \
-subj "/CN=$MQTT_HOSTNAME"
openssl x509 -req -in $TLS_DIR/server.csr -CA $TLS_DIR/ca.crt \
-CAkey $TLS_DIR/ca.key -CAcreateserial \
-out $TLS_DIR/server.crt -days 3650 -sha256;
openssl x509 -req -in "$TLS_DIR/server.csr" -CA "$TLS_DIR/ca.crt" \
-CAkey "$TLS_DIR/ca.key" -CAcreateserial \
-out "$TLS_DIR/server.crt" -days 3650 -sha256
else
echo "Self-signed certificates already exist.";
fi;
echo "Self-signed certificates already exist."
fi
echo "=== Checking mosquitto.conf ===";
echo "=== Checking mosquitto.conf ==="
if [ ! -f "$CONF" ]; then
echo "Generating default mosquitto.conf...";
cat <<EOF > $CONF
listener ${MQTT_TLS_PORT:-8883}
protocol mqtt
cafile /mosquitto/tls/ca.crt
certfile /mosquitto/tls/server.crt
keyfile /mosquitto/tls/server.key
allow_anonymous false
password_file /mosquitto/config/passwd
EOF
echo "Generating default mosquitto.conf..."
printf '%s\n' \
"listener ${MQTT_TLS_PORT:-8883}" \
"protocol mqtt" \
"cafile /mosquitto/tls/ca.crt" \
"certfile /mosquitto/tls/server.crt" \
"keyfile /mosquitto/tls/server.key" \
"allow_anonymous false" \
"password_file /mosquitto/config/passwd" \
> "$CONF"
else
echo "Existing mosquitto.conf found.";
fi;
echo "Existing mosquitto.conf found."
fi
echo "=== Checking user ===";
echo "=== Checking user ==="
if [ ! -f "$PASSWD" ]; then
echo "Generating random password for user: $MQTT_USER";
RANDOM_PASS=$(openssl rand -base64 32);
echo "Generated password (save this!):";
echo "$RANDOM_PASS";
mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS";
echo "Generating random password for user: $MQTT_USER"
RANDOM_PASS=$(openssl rand -base64 32)
echo "Generated password (save this!):"
echo "$RANDOM_PASS"
mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS"
else
echo "Password file exists — skipping user creation.";
fi;
echo "Password file exists — skipping user creation."
fi
echo "=== Starting Mosquitto ===";
mosquitto -c $CONF
'
echo "=== Starting Mosquitto ==="
mosquitto -c "$CONF"