mqtt/sec/docker-compose.yml aktualisiert

mqtt/sec/docker-compose.yml

@@ -29,37 +29,37 @@ services:
 
     command: >
       sh -c '
-      TLS_DIR=/mosquitto/tls;
+        TLS_DIR=/mosquitto/tls;
-      CONF=/mosquitto/config/mosquitto.conf;
+        CONF=/mosquitto/config/mosquitto.conf;
-      PASSWD=/mosquitto/config/passwd;
+        PASSWD=/mosquitto/config/passwd;
 
-      mkdir -p "$TLS_DIR";
+        mkdir -p "$TLS_DIR";
 
-      echo "=== Checking certificates ===";
+        echo "=== Checking certificates ===";
 
-      if [ ! -f "$TLS_DIR/server.crt" ]; then
+        if [ ! -f "$TLS_DIR/server.crt" ]; then
-        echo "Generating self-signed certificates...";
+          echo "Generating self-signed certificates...";
-        openssl genrsa -out $TLS_DIR/ca.key 4096;
+          openssl genrsa -out $TLS_DIR/ca.key 4096;
-        openssl req -x509 -new -nodes -key $TLS_DIR/ca.key -sha256 -days 3650 \
+          openssl req -x509 -new -nodes -key $TLS_DIR/ca.key -sha256 -days 3650 \
-          -out $TLS_DIR/ca.crt -subj "/CN=LocalMQTT-CA";
+            -out $TLS_DIR/ca.crt -subj "/CN=LocalMQTT-CA";
 
-        openssl genrsa -out $TLS_DIR/server.key 4096;
+          openssl genrsa -out $TLS_DIR/server.key 4096;
-        openssl req -new -key $TLS_DIR/server.key -out $TLS_DIR/server.csr \
+          openssl req -new -key $TLS_DIR/server.key -out $TLS_DIR/server.csr \
-          -subj "/CN=$MQTT_HOSTNAME";
+            -subj "/CN=$MQTT_HOSTNAME";
 
-        openssl x509 -req -in $TLS_DIR/server.csr -CA $TLS_DIR/ca.crt \
+          openssl x509 -req -in $TLS_DIR/server.csr -CA $TLS_DIR/ca.crt \
-          -CAkey $TLS_DIR/ca.key -CAcreateserial \
+            -CAkey $TLS_DIR/ca.key -CAcreateserial \
-          -out $TLS_DIR/server.crt -days 3650 -sha256;
+            -out $TLS_DIR/server.crt -days 3650 -sha256;
-      else
+        else
-        echo "Self-signed certificates already exist.";
+          echo "Self-signed certificates already exist.";
-      fi;
+        fi;
 
-      echo "=== Checking mosquitto.conf ===";
+        echo "=== Checking mosquitto.conf ===";
 
-      if [ ! -f "$CONF" ]; then
+        if [ ! -f "$CONF" ]; then
-        echo "Generating default mosquitto.conf...";
+          echo "Generating default mosquitto.conf...";
-        cat <<EOF > $CONF
+          cat <<EOF > $CONF
-listener 8883
+listener ${MQTT_TLS_PORT:-8883}
 protocol mqtt
 cafile /mosquitto/tls/ca.crt
 certfile /mosquitto/tls/server.crt
@@ -67,22 +67,22 @@ keyfile /mosquitto/tls/server.key
 allow_anonymous false
 password_file /mosquitto/config/passwd
 EOF
-      else
+        else
-        echo "Existing mosquitto.conf found.";
+          echo "Existing mosquitto.conf found.";
-      fi;
+        fi;
 
-      echo "=== Checking user ===";
+        echo "=== Checking user ===";
 
-      if [ ! -f "$PASSWD" ]; then
+        if [ ! -f "$PASSWD" ]; then
-        echo "Generating random password for user: $MQTT_USER";
+          echo "Generating random password for user: $MQTT_USER";
-        RANDOM_PASS=$(openssl rand -base64 32);
+          RANDOM_PASS=$(openssl rand -base64 32);
-        echo "Generated password (save this!):";
+          echo "Generated password (save this!):";
-        echo "$RANDOM_PASS";
+          echo "$RANDOM_PASS";
-        mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS";
+          mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS";
-      else
+        else
-        echo "Password file exists — skipping user creation.";
+          echo "Password file exists — skipping user creation.";
-      fi;
+        fi;
 
-      echo "=== Starting Mosquitto ===";
+        echo "=== Starting Mosquitto ===";
-      mosquitto -c $CONF
+        mosquitto -c $CONF
       '