diff --git a/mqtt/sec/docker-compose.yml b/mqtt/sec/docker-compose.yml index 78a2681..ead4511 100644 --- a/mqtt/sec/docker-compose.yml +++ b/mqtt/sec/docker-compose.yml @@ -29,37 +29,37 @@ services: command: > sh -c ' - TLS_DIR=/mosquitto/tls; - CONF=/mosquitto/config/mosquitto.conf; - PASSWD=/mosquitto/config/passwd; + TLS_DIR=/mosquitto/tls; + CONF=/mosquitto/config/mosquitto.conf; + PASSWD=/mosquitto/config/passwd; - mkdir -p "$TLS_DIR"; + mkdir -p "$TLS_DIR"; - echo "=== Checking certificates ==="; + echo "=== Checking certificates ==="; - if [ ! -f "$TLS_DIR/server.crt" ]; then - echo "Generating self-signed certificates..."; - openssl genrsa -out $TLS_DIR/ca.key 4096; - openssl req -x509 -new -nodes -key $TLS_DIR/ca.key -sha256 -days 3650 \ - -out $TLS_DIR/ca.crt -subj "/CN=LocalMQTT-CA"; + if [ ! -f "$TLS_DIR/server.crt" ]; then + echo "Generating self-signed certificates..."; + openssl genrsa -out $TLS_DIR/ca.key 4096; + openssl req -x509 -new -nodes -key $TLS_DIR/ca.key -sha256 -days 3650 \ + -out $TLS_DIR/ca.crt -subj "/CN=LocalMQTT-CA"; - openssl genrsa -out $TLS_DIR/server.key 4096; - openssl req -new -key $TLS_DIR/server.key -out $TLS_DIR/server.csr \ - -subj "/CN=$MQTT_HOSTNAME"; + openssl genrsa -out $TLS_DIR/server.key 4096; + openssl req -new -key $TLS_DIR/server.key -out $TLS_DIR/server.csr \ + -subj "/CN=$MQTT_HOSTNAME"; - openssl x509 -req -in $TLS_DIR/server.csr -CA $TLS_DIR/ca.crt \ - -CAkey $TLS_DIR/ca.key -CAcreateserial \ - -out $TLS_DIR/server.crt -days 3650 -sha256; - else - echo "Self-signed certificates already exist."; - fi; + openssl x509 -req -in $TLS_DIR/server.csr -CA $TLS_DIR/ca.crt \ + -CAkey $TLS_DIR/ca.key -CAcreateserial \ + -out $TLS_DIR/server.crt -days 3650 -sha256; + else + echo "Self-signed certificates already exist."; + fi; - echo "=== Checking mosquitto.conf ==="; + echo "=== Checking mosquitto.conf ==="; - if [ ! -f "$CONF" ]; then - echo "Generating default mosquitto.conf..."; - cat < $CONF -listener 8883 + if [ ! -f "$CONF" ]; then + echo "Generating default mosquitto.conf..."; + cat < $CONF +listener ${MQTT_TLS_PORT:-8883} protocol mqtt cafile /mosquitto/tls/ca.crt certfile /mosquitto/tls/server.crt @@ -67,22 +67,22 @@ keyfile /mosquitto/tls/server.key allow_anonymous false password_file /mosquitto/config/passwd EOF - else - echo "Existing mosquitto.conf found."; - fi; + else + echo "Existing mosquitto.conf found."; + fi; - echo "=== Checking user ==="; + echo "=== Checking user ==="; - if [ ! -f "$PASSWD" ]; then - echo "Generating random password for user: $MQTT_USER"; - RANDOM_PASS=$(openssl rand -base64 32); - echo "Generated password (save this!):"; - echo "$RANDOM_PASS"; - mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS"; - else - echo "Password file exists — skipping user creation."; - fi; + if [ ! -f "$PASSWD" ]; then + echo "Generating random password for user: $MQTT_USER"; + RANDOM_PASS=$(openssl rand -base64 32); + echo "Generated password (save this!):"; + echo "$RANDOM_PASS"; + mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS"; + else + echo "Password file exists — skipping user creation."; + fi; - echo "=== Starting Mosquitto ==="; - mosquitto -c $CONF + echo "=== Starting Mosquitto ==="; + mosquitto -c $CONF '