thomas/container
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mqtt/sec/docker-compose.yml aktualisiert

Browse Source
This commit is contained in:
Thomas M
2026-01-18 14:10:29 +00:00
parent 2ea1223236
commit b1d058f939
1 changed files with 17 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
mqtt/sec/docker-compose.yml
View File

@@ -9,22 +9,24 @@ services:
MQTT_HOSTNAME: ${MQTT_HOSTNAME:-mqtt.local} MQTT_HOSTNAME: ${MQTT_HOSTNAME:-mqtt.local}
MQTT_USER: ${MQTT_USER:-mqttuser} MQTT_USER: ${MQTT_USER:-mqttuser}
MQTT_TLS_PORT: ${MQTT_TLS_PORT:-8883} MQTT_TLS_PORT: ${MQTT_TLS_PORT:-8883}
dns:
- ${DNS_SERVER}
volumes: volumes:
- ${VOLUME_ROOT:-.}/config:/mosquitto/config - ${CONFIG_PATH:-./config}:/mosquitto/config
- ${VOLUME_ROOT:-.}/data:/mosquitto/data - ${DATA_PATH:-./data}:/mosquitto/data
- ${VOLUME_ROOT:-.}/log:/mosquitto/log - ${LOG_PATH:-./log}:/mosquitto/log
# System Root CAs (read-only)
- /etc/ssl/certs:/etc/ssl/certs:ro
# Self-signed TLS certs (writeable) # Self-signed TLS certs (writeable)
- ${VOLUME_ROOT:-.}/tls:/mosquitto/tls - ${TLS_PATH:-./tls}:/mosquitto/tls
# System CA store (read-only)
- /etc/ssl/certs:/etc/ssl/certs:ro
ports: ports:
- "${MQTT_TLS_PORT:-8883}:8883" - "${MQTT_TLS_PORT:-8883}:8883"
dns:
- ${DNS_SERVER}
command: > command: >
sh -c ' sh -c '
TLS_DIR=/mosquitto/tls; TLS_DIR=/mosquitto/tls;
@@ -33,10 +35,10 @@ services:
mkdir -p "$TLS_DIR"; mkdir -p "$TLS_DIR";
echo "=== Checking self-signed certificates ==="; echo "=== Checking certificates ===";
if [ ! -f "$TLS_DIR/server.crt" ]; then if [ ! -f "$TLS_DIR/server.crt" ]; then
echo "Generating self-signed certificates in $TLS_DIR..."; echo "Generating self-signed certificates...";
openssl genrsa -out $TLS_DIR/ca.key 4096; openssl genrsa -out $TLS_DIR/ca.key 4096;
openssl req -x509 -new -nodes -key $TLS_DIR/ca.key -sha256 -days 3650 \ openssl req -x509 -new -nodes -key $TLS_DIR/ca.key -sha256 -days 3650 \
-out $TLS_DIR/ca.crt -subj "/CN=LocalMQTT-CA"; -out $TLS_DIR/ca.crt -subj "/CN=LocalMQTT-CA";
@@ -49,13 +51,13 @@ services:
-CAkey $TLS_DIR/ca.key -CAcreateserial \ -CAkey $TLS_DIR/ca.key -CAcreateserial \
-out $TLS_DIR/server.crt -days 3650 -sha256; -out $TLS_DIR/server.crt -days 3650 -sha256;
else else
echo "Self-signed certificates already exist in $TLS_DIR."; echo "Self-signed certificates already exist.";
fi; fi;
echo "=== Checking mosquitto.conf ==="; echo "=== Checking mosquitto.conf ===";
if [ ! -f "$CONF" ]; then if [ ! -f "$CONF" ]; then
echo "Generating default mosquitto.conf at $CONF..."; echo "Generating default mosquitto.conf...";
cat <<EOF > $CONF cat <<EOF > $CONF
listener ${MQTT_TLS_PORT:-8883} listener ${MQTT_TLS_PORT:-8883}
protocol mqtt protocol mqtt
@@ -66,7 +68,7 @@ allow_anonymous false
password_file /mosquitto/config/passwd password_file /mosquitto/config/passwd
EOF EOF
else else
echo "Existing mosquitto.conf found at $CONF."; echo "Existing mosquitto.conf found.";
fi; fi;
echo "=== Checking user ==="; echo "=== Checking user ===";
@@ -78,7 +80,7 @@ EOF
echo "$RANDOM_PASS"; echo "$RANDOM_PASS";
mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS"; mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS";
else else
echo "Password file exists at $PASSWD — skipping user creation."; echo "Password file exists — skipping user creation.";
fi; fi;
echo "=== Starting Mosquitto ==="; echo "=== Starting Mosquitto ===";