Ubuntu mosquitto 安装及配置

sudo apt-add-repository ppa:mosquitto-dev/mosquitto-ppa
sudo apt-get update
sudo apt-get install mosquitto -y
sudo apt-get install mosquitto-clients -y

通过上诉命令完成mosquitto的安装,版本mosquitto version 2.0.10。

修改配置文件,用以启用mosquitto的各项功能。

# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example

persistence true
persistence_location /var/lib/mosquitto/

log_dest file /var/log/mosquitto/mosquitto.log

include_dir /etc/mosquitto/conf.d

打开/etc/mosquitto/mosquitto.conf,发现需要将配置文件放置于/etc/mosquitto/conf.d/目录下,示例文件可以从/usr/share/doc/mosquitto/examples/目录下提取,发现其是一个压缩包,将其解压缩,然后复制到/etc/mosquitto/conf.d/目录下。

xx@ubuntu:/etc/mosquitto$ cd  /usr/share/doc/mosquitto/examples/
xx@ubuntu:/usr/share/doc/mosquitto/examples$ ls -lh
总用量 24K
-rw-r--r-- 1 root root 230 Apr  3  2021 aclfile.example
-rw-r--r-- 1 root root 12K Apr  3  2021 mosquitto.conf.gz
-rw-r--r-- 1 root root  23 Apr  3  2021 pskfile.example
-rw-r--r-- 1 root root 355 Apr  3  2021 pwfile.example
cd  /usr/share/doc/mosquitto/examples/
sudo gzip -d mosquitto.conf.gz 
sudp cp mosquitto.conf /etc/mosquitto/conf.d/

手动启动mosquitto,方便查看日志排查出现的问题。

mosquitto -c /etc/mosquitto/conf.d/mosquitto.conf -v

1.配置成无用户密码校验和无TLS连接

listener 1883
allow_anonymous true 

配置文件如上配置,然后启动mosquito。

验证:

订阅
mosquitto_sub -t mytest  -h localhost -p 1883

发布
mosquitto_pub  -t mytest -m mymessage -h localhost -p 1883

2.配置成用户密码校验和无TLS连接

listener 1883
allow_anonymous false
password_file /etc/mosquitto/pwfile

修改配置文件如上,然后添加用户

xx@ubuntu:~$ sudo mosquitto_passwd -c /etc/mosquitto/pwfile test
Password: 
Reenter password: 

启动mosquito进行验证

订阅
 mosquitto_sub -t mytest  -h localhost -p 1883 -u test -P test

发布
mosquitto_pub  -t mytest -m mymessage -h localhost -p 1883 -u test -P test

3.配置无密码用户校验和tls单向认证

listener  8883  
cafile /etc/mosquitto/Myca/ca.crt
certfile /etc/mosquitto/Myca/server.crt
keyfile /etc/mosquitto/Myca/server.key
allow_anonymous true   

一般默认tls连接使用8883端口号。

接下来需要通过penssl生成证书。参考链接https://www.cnblogs.com/juanjuankaikai/p/11425598.html

sudo mkdir /etc/mosquitto/Myca 
cd /etc/mosquitto/Myca
sudo  openssl genrsa -des3 -out ca.key 2048
sudo openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
sudo openssl genrsa -out server.key 2048
sudo openssl req -new -out server.csr -key server.key
sudo openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650

启动mosquito进行验证

订阅
mosquitto_sub -t testtls --cafile /etc/mosquitto/Myca/ca.crt -h 1.168.31.195 -p 8883 --tls-version tlsv1.2

发布
mosquitto_pub -t testtls -m tls_MQTT --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2

4.配置密码用户校验和tls单向认证

listener  8883  
cafile /etc/mosquitto/Myca/ca.crt
certfile /etc/mosquitto/Myca/server.crt
keyfile /etc/mosquitto/Myca/server.key
allow_anonymous false    
password_file /etc/mosquitto/pwfile

启动mosquito进行验证

订阅
mosquitto_sub -t testtls --cafile /etc/mosquitto/Myca/ca.crt -h 1.168.31.195 -p 8883 --tls-version tlsv1.2 -u test -P test

发布
mosquitto_pub -t testtls -m tls_MQTT --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2 -u test -P test

5.配置无密码用户校验和tls双向认证

listener  8883  
cafile /etc/mosquitto/Myca/ca.crt
certfile /etc/mosquitto/Myca/server.crt
keyfile /etc/mosquitto/Myca/server.key
allow_anonymous true    
require_certificate true 
use_identity_as_username true  

配置文件修改成如上。

参数配置详情可参考此链接https://blog.csdn.net/lclfans1983/article/details/105670039

生成客户端证书

sudo openssl genrsa -out client.key 2048
sudo openssl req -new -out client.csr -key client.key
sudo  openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 3650

启动mosquito进行验证

订阅
mosquitto_sub -t testtls --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2 -u test -P test --cert /etc/mosquitto/Myca/client.crt --key /etc/mosquitto/Myca/client.key

发布
mosquitto_pub -t testtls -m tls_MQTT --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2  --cert /etc/mosquitto/Myca/client.crt --key /etc/mosquitto/Myca/client.key

6.配置密码用户校验和tls双向认证

listener  8883  
cafile /etc/mosquitto/Myca/ca.crt
certfile /etc/mosquitto/Myca/server.crt
keyfile /etc/mosquitto/Myca/server.key
allow_anonymous false    
require_certificate true 
use_identity_as_username false  
password_file /etc/mosquitto/pwfile

启动mosquito进行验证

订阅
mosquitto_sub -t testtls --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2 -u test -P test --cert /etc/mosquitto/Myca/client.crt --key /etc/mosquitto/Myca/client.key

发布
mosquitto_pub -t testtls -m tls_MQTT --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2  --cert /etc/mosquitto/Myca/client.crt --key /etc/mosquitto/Myca/client.key -u test -P test

上一篇:NUMA + hwloc


下一篇:Linux c++ 试验-2 mosquitto.so库使用