thomas/container
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mqtt/sec/docker-compose.yml aktualisiert

Browse Source
This commit is contained in:
Thomas M
2026-01-18 14:05:46 +00:00
parent 739505d87b
commit 94c89cc10d
1 changed files with 30 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
mqtt/sec/docker-compose.yml
View File

@@ -11,57 +11,61 @@ services:
MQTT_TLS_PORT: ${MQTT_TLS_PORT:-8883} MQTT_TLS_PORT: ${MQTT_TLS_PORT:-8883}
volumes: volumes:
- ${VOLUME_ROOT/config:-./config}:/mosquitto/config - ${VOLUME_ROOT:-.}/config:/mosquitto/config
- ${VOLUME_ROOT/data:-./data}:/mosquitto/data - ${VOLUME_ROOT:-.}/data:/mosquitto/data
- ${VOLUME_ROOT/log:-./log}:/mosquitto/log - ${VOLUME_ROOT:-.}/log:/mosquitto/log
- /etc/ssl/certs:/mosquitto/certs:ro
# Self-signed TLS certs (writeable)
- ${VOLUME_ROOT:-.}/tls:/mosquitto/tls
# System CA store (read-only)
- /etc/ssl/certs:/etc/ssl/certs:ro
ports: ports:
- "${MQTT_TLS_PORT:-8883}:8883" - "${MQTT_TLS_PORT:-8883}:8883"
dns:
- ${DNS_SERVER}
command: > command: >
sh -c ' sh -c '
CERT_DIR=/mosquitto/certs; TLS_DIR=/mosquitto/tls;
CONF=/mosquitto/config/mosquitto.conf; CONF=/mosquitto/config/mosquitto.conf;
PASSWD=/mosquitto/config/passwd; PASSWD=/mosquitto/config/passwd;
echo "=== Checking certificates ==="; mkdir -p "$TLS_DIR";
if [ ! -f "$CERT_DIR/server.crt" ]; then echo "=== Checking self-signed certificates ===";
echo "Generating self-signed certificates...";
openssl genrsa -out $CERT_DIR/ca.key 4096;
openssl req -x509 -new -nodes -key $CERT_DIR/ca.key -sha256 -days 3650 \
-out $CERT_DIR/ca.crt -subj "/CN=LocalMQTT-CA";
openssl genrsa -out $CERT_DIR/server.key 4096; if [ ! -f "$TLS_DIR/server.crt" ]; then
openssl req -new -key $CERT_DIR/server.key -out $CERT_DIR/server.csr \ echo "Generating self-signed certificates in $TLS_DIR...";
openssl genrsa -out $TLS_DIR/ca.key 4096;
openssl req -x509 -new -nodes -key $TLS_DIR/ca.key -sha256 -days 3650 \
-out $TLS_DIR/ca.crt -subj "/CN=LocalMQTT-CA";
openssl genrsa -out $TLS_DIR/server.key 4096;
openssl req -new -key $TLS_DIR/server.key -out $TLS_DIR/server.csr \
-subj "/CN=$MQTT_HOSTNAME"; -subj "/CN=$MQTT_HOSTNAME";
openssl x509 -req -in $CERT_DIR/server.csr -CA $CERT_DIR/ca.crt \ openssl x509 -req -in $TLS_DIR/server.csr -CA $TLS_DIR/ca.crt \
-CAkey $CERT_DIR/ca.key -CAcreateserial \ -CAkey $TLS_DIR/ca.key -CAcreateserial \
-out $CERT_DIR/server.crt -days 3650 -sha256; -out $TLS_DIR/server.crt -days 3650 -sha256;
else else
echo "Certificates already exist."; echo "Self-signed certificates already exist in $TLS_DIR.";
fi; fi;
echo "=== Checking mosquitto.conf ==="; echo "=== Checking mosquitto.conf ===";
if [ ! -f "$CONF" ]; then if [ ! -f "$CONF" ]; then
echo "Generating default mosquitto.conf..."; echo "Generating default mosquitto.conf at $CONF...";
cat <<EOF > $CONF cat <<EOF > $CONF
listener ${MQTT_TLS_PORT:-8883} listener ${MQTT_TLS_PORT:-8883}
protocol mqtt protocol mqtt
cafile /mosquitto/certs/ca.crt cafile /mosquitto/tls/ca.crt
certfile /mosquitto/certs/server.crt certfile /mosquitto/tls/server.crt
keyfile /mosquitto/certs/server.key keyfile /mosquitto/tls/server.key
allow_anonymous false allow_anonymous false
password_file /mosquitto/config/passwd password_file /mosquitto/config/passwd
EOF EOF
else else
echo "Existing mosquitto.conf found."; echo "Existing mosquitto.conf found at $CONF.";
fi; fi;
echo "=== Checking user ==="; echo "=== Checking user ===";
@@ -73,7 +77,7 @@ EOF
echo "$RANDOM_PASS"; echo "$RANDOM_PASS";
mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS"; mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS";
else else
echo "Password file exists — skipping user creation."; echo "Password file exists at $PASSWD — skipping user creation.";
fi; fi;
echo "=== Starting Mosquitto ==="; echo "=== Starting Mosquitto ===";