thomas/container
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mqtt/sec/docker-compose.yml aktualisiert

Browse Source
This commit is contained in:
Thomas M
2026-01-18 14:21:45 +00:00
parent 8b28c36139
commit 45bddd3c5e
1 changed files with 44 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
mqtt/sec/docker-compose.yml
View File

@@ -14,11 +14,7 @@ services:
- ${CONFIG_PATH:-./config}:/mosquitto/config - ${CONFIG_PATH:-./config}:/mosquitto/config
- ${DATA_PATH:-./data}:/mosquitto/data - ${DATA_PATH:-./data}:/mosquitto/data
- ${LOG_PATH:-./log}:/mosquitto/log - ${LOG_PATH:-./log}:/mosquitto/log
# System Root CAs (read-only)
- /etc/ssl/certs:/etc/ssl/certs:ro - /etc/ssl/certs:/etc/ssl/certs:ro
# Self-signed TLS certs (writeable)
- ${TLS_PATH:-./tls}:/mosquitto/tls - ${TLS_PATH:-./tls}:/mosquitto/tls
ports: ports:
@@ -27,62 +23,63 @@ services:
dns: dns:
- ${DNS_SERVER} - ${DNS_SERVER}
command: > command:
sh -c ' - sh
TLS_DIR=/mosquitto/tls; - -c
CONF=/mosquitto/config/mosquitto.conf; - |
PASSWD=/mosquitto/config/passwd; TLS_DIR=/mosquitto/tls
CONF=/mosquitto/config/mosquitto.conf
PASSWD=/mosquitto/config/passwd
mkdir -p "$TLS_DIR"; mkdir -p "$TLS_DIR"
echo "=== Checking certificates ==="; echo "=== Checking certificates ==="
if [ ! -f "$TLS_DIR/server.crt" ]; then if [ ! -f "$TLS_DIR/server.crt" ]; then
echo "Generating self-signed certificates..."; echo "Generating self-signed certificates..."
openssl genrsa -out $TLS_DIR/ca.key 4096; openssl genrsa -out "$TLS_DIR/ca.key" 4096
openssl req -x509 -new -nodes -key $TLS_DIR/ca.key -sha256 -days 3650 \ openssl req -x509 -new -nodes -key "$TLS_DIR/ca.key" -sha256 -days 3650 \
-out $TLS_DIR/ca.crt -subj "/CN=LocalMQTT-CA"; -out "$TLS_DIR/ca.crt" -subj "/CN=LocalMQTT-CA"
openssl genrsa -out $TLS_DIR/server.key 4096; openssl genrsa -out "$TLS_DIR/server.key" 4096
openssl req -new -key $TLS_DIR/server.key -out $TLS_DIR/server.csr \ openssl req -new -key "$TLS_DIR/server.key" -out "$TLS_DIR/server.csr" \
-subj "/CN=$MQTT_HOSTNAME"; -subj "/CN=$MQTT_HOSTNAME"
openssl x509 -req -in $TLS_DIR/server.csr -CA $TLS_DIR/ca.crt \ openssl x509 -req -in "$TLS_DIR/server.csr" -CA "$TLS_DIR/ca.crt" \
-CAkey $TLS_DIR/ca.key -CAcreateserial \ -CAkey "$TLS_DIR/ca.key" -CAcreateserial \
-out $TLS_DIR/server.crt -days 3650 -sha256; -out "$TLS_DIR/server.crt" -days 3650 -sha256
else else
echo "Self-signed certificates already exist."; echo "Self-signed certificates already exist."
fi; fi
echo "=== Checking mosquitto.conf ==="; echo "=== Checking mosquitto.conf ==="
if [ ! -f "$CONF" ]; then if [ ! -f "$CONF" ]; then
echo "Generating default mosquitto.conf..."; echo "Generating default mosquitto.conf..."
cat <<EOF > $CONF printf '%s\n' \
listener ${MQTT_TLS_PORT:-8883} "listener ${MQTT_TLS_PORT:-8883}" \
protocol mqtt "protocol mqtt" \
cafile /mosquitto/tls/ca.crt "cafile /mosquitto/tls/ca.crt" \
certfile /mosquitto/tls/server.crt "certfile /mosquitto/tls/server.crt" \
keyfile /mosquitto/tls/server.key "keyfile /mosquitto/tls/server.key" \
allow_anonymous false "allow_anonymous false" \
password_file /mosquitto/config/passwd "password_file /mosquitto/config/passwd" \
EOF > "$CONF"
else else
echo "Existing mosquitto.conf found."; echo "Existing mosquitto.conf found."
fi; fi
echo "=== Checking user ==="; echo "=== Checking user ==="
if [ ! -f "$PASSWD" ]; then if [ ! -f "$PASSWD" ]; then
echo "Generating random password for user: $MQTT_USER"; echo "Generating random password for user: $MQTT_USER"
RANDOM_PASS=$(openssl rand -base64 32); RANDOM_PASS=$(openssl rand -base64 32)
echo "Generated password (save this!):"; echo "Generated password (save this!):"
echo "$RANDOM_PASS"; echo "$RANDOM_PASS"
mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS"; mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS"
else else
echo "Password file exists — skipping user creation."; echo "Password file exists — skipping user creation."
fi; fi
echo "=== Starting Mosquitto ==="; echo "=== Starting Mosquitto ==="
mosquitto -c $CONF mosquitto -c "$CONF"
'