From facd152783d49f47a8aec4c9b85a419db2886a6e Mon Sep 17 00:00:00 2001
From: Thomas M <thomas@famm.name>
Date: Fri, 10 Apr 2026 17:02:28 +0000
Subject: [PATCH] mqtt/sec/docker-compose.yml aktualisiert

---
 mqtt/sec/docker-compose.yml | 66 ++++---------------------------------
 1 file changed, 6 insertions(+), 60 deletions(-)

diff --git a/mqtt/sec/docker-compose.yml b/mqtt/sec/docker-compose.yml
index 7ab0aaf..ddd8031 100644
--- a/mqtt/sec/docker-compose.yml
+++ b/mqtt/sec/docker-compose.yml
@@ -22,63 +22,9 @@ services:
     dns:
       - ${DNS_SERVER}
 
-    command:
-      - sh
-      - -c
-      - |
-        TLS_DIR=/mosquitto/tls
-        CONF=/mosquitto/config/mosquitto.conf
-        PASSWD=/mosquitto/config/passwd
-
-        mkdir -p "$TLS_DIR"
-
-        echo "=== Checking certificates ==="
-
-        if [ ! -f "$TLS_DIR/server.crt" ]; then
-          echo "Generating self-signed certificates..."
-          openssl genrsa -out "$TLS_DIR/ca.key" 4096
-          openssl req -x509 -new -nodes -key "$TLS_DIR/ca.key" -sha256 -days 3650 \
-            -out "$TLS_DIR/ca.crt" -subj "/CN=LocalMQTT-CA"
-
-          openssl genrsa -out "$TLS_DIR/server.key" 4096
-          openssl req -new -key "$TLS_DIR/server.key" -out "$TLS_DIR/server.csr" \
-            -subj "/CN=$MQTT_HOSTNAME"
-
-          openssl x509 -req -in "$TLS_DIR/server.csr" -CA "$TLS_DIR/ca.crt" \
-            -CAkey "$TLS_DIR/ca.key" -CAcreateserial \
-            -out "$TLS_DIR/server.crt" -days 3650 -sha256
-        else
-          echo "Self-signed certificates already exist."
-        fi
-
-        echo "=== Checking mosquitto.conf ==="
-
-        if [ ! -f "$CONF" ]; then
-          echo "Generating default mosquitto.conf..."
-          printf '%s\n' \
-            "listener ${MQTT_TLS_PORT:-8883}" \
-            "protocol mqtt" \
-            "cafile /mosquitto/tls/ca.crt" \
-            "certfile /mosquitto/tls/server.crt" \
-            "keyfile /mosquitto/tls/server.key" \
-            "allow_anonymous false" \
-            "password_file /mosquitto/config/passwd" \
-            > "$CONF"
-        else
-          echo "Existing mosquitto.conf found."
-        fi
-
-        echo "=== Checking user ==="
-
-        if [ ! -f "$PASSWD" ]; then
-          echo "Generating random password for user: $MQTT_USER"
-          RANDOM_PASS=$(openssl rand -base64 32)
-          echo "Generated password (save this!):"
-          echo "$RANDOM_PASS"
-          mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS"
-        else
-          echo "Password file exists — skipping user creation."
-        fi
-
-        echo "=== Starting Mosquitto ==="
-        mosquitto -c "$CONF"
+    healthcheck:
+      test: ["CMD", "mosquitto_sub", "-h", "localhost", "-p", "${MQTT_TLS_PORT:-8883}", "-t", "healthcheck", "-C", "1", "--cafile", "/mosquitto/tls/ca.crt", "--insecure"]
+      interval: 30s
+      timeout: 10s
+      retries: 5
+      start_period: 20s
\ No newline at end of file