mqtt/sec/docker-compose.yml aktualisiert
This commit is contained in:
@@ -22,63 +22,9 @@ services:
|
|||||||
dns:
|
dns:
|
||||||
- ${DNS_SERVER}
|
- ${DNS_SERVER}
|
||||||
|
|
||||||
command:
|
healthcheck:
|
||||||
- sh
|
test: ["CMD", "mosquitto_sub", "-h", "localhost", "-p", "${MQTT_TLS_PORT:-8883}", "-t", "healthcheck", "-C", "1", "--cafile", "/mosquitto/tls/ca.crt", "--insecure"]
|
||||||
- -c
|
interval: 30s
|
||||||
- |
|
timeout: 10s
|
||||||
TLS_DIR=/mosquitto/tls
|
retries: 5
|
||||||
CONF=/mosquitto/config/mosquitto.conf
|
start_period: 20s
|
||||||
PASSWD=/mosquitto/config/passwd
|
|
||||||
|
|
||||||
mkdir -p "$TLS_DIR"
|
|
||||||
|
|
||||||
echo "=== Checking certificates ==="
|
|
||||||
|
|
||||||
if [ ! -f "$TLS_DIR/server.crt" ]; then
|
|
||||||
echo "Generating self-signed certificates..."
|
|
||||||
openssl genrsa -out "$TLS_DIR/ca.key" 4096
|
|
||||||
openssl req -x509 -new -nodes -key "$TLS_DIR/ca.key" -sha256 -days 3650 \
|
|
||||||
-out "$TLS_DIR/ca.crt" -subj "/CN=LocalMQTT-CA"
|
|
||||||
|
|
||||||
openssl genrsa -out "$TLS_DIR/server.key" 4096
|
|
||||||
openssl req -new -key "$TLS_DIR/server.key" -out "$TLS_DIR/server.csr" \
|
|
||||||
-subj "/CN=$MQTT_HOSTNAME"
|
|
||||||
|
|
||||||
openssl x509 -req -in "$TLS_DIR/server.csr" -CA "$TLS_DIR/ca.crt" \
|
|
||||||
-CAkey "$TLS_DIR/ca.key" -CAcreateserial \
|
|
||||||
-out "$TLS_DIR/server.crt" -days 3650 -sha256
|
|
||||||
else
|
|
||||||
echo "Self-signed certificates already exist."
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "=== Checking mosquitto.conf ==="
|
|
||||||
|
|
||||||
if [ ! -f "$CONF" ]; then
|
|
||||||
echo "Generating default mosquitto.conf..."
|
|
||||||
printf '%s\n' \
|
|
||||||
"listener ${MQTT_TLS_PORT:-8883}" \
|
|
||||||
"protocol mqtt" \
|
|
||||||
"cafile /mosquitto/tls/ca.crt" \
|
|
||||||
"certfile /mosquitto/tls/server.crt" \
|
|
||||||
"keyfile /mosquitto/tls/server.key" \
|
|
||||||
"allow_anonymous false" \
|
|
||||||
"password_file /mosquitto/config/passwd" \
|
|
||||||
> "$CONF"
|
|
||||||
else
|
|
||||||
echo "Existing mosquitto.conf found."
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "=== Checking user ==="
|
|
||||||
|
|
||||||
if [ ! -f "$PASSWD" ]; then
|
|
||||||
echo "Generating random password for user: $MQTT_USER"
|
|
||||||
RANDOM_PASS=$(openssl rand -base64 32)
|
|
||||||
echo "Generated password (save this!):"
|
|
||||||
echo "$RANDOM_PASS"
|
|
||||||
mosquitto_passwd -c -b "$PASSWD" "$MQTT_USER" "$RANDOM_PASS"
|
|
||||||
else
|
|
||||||
echo "Password file exists — skipping user creation."
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "=== Starting Mosquitto ==="
|
|
||||||
mosquitto -c "$CONF"
|
|
||||||
Reference in New Issue
Block a user