sudo apt-add-repository ppa:mosquitto-dev/mosquitto-ppa
sudo apt-get update
sudo apt-get install mosquitto -y
sudo apt-get install mosquitto-clients -y
通过上诉命令完成mosquitto的安装,版本mosquitto version 2.0.10。
修改配置文件,用以启用mosquitto的各项功能。
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
打开/etc/mosquitto/mosquitto.conf,发现需要将配置文件放置于/etc/mosquitto/conf.d/目录下,示例文件可以从/usr/share/doc/mosquitto/examples/目录下提取,发现其是一个压缩包,将其解压缩,然后复制到/etc/mosquitto/conf.d/目录下。
xx@ubuntu:/etc/mosquitto$ cd /usr/share/doc/mosquitto/examples/
xx@ubuntu:/usr/share/doc/mosquitto/examples$ ls -lh
总用量 24K
-rw-r--r-- 1 root root 230 Apr 3 2021 aclfile.example
-rw-r--r-- 1 root root 12K Apr 3 2021 mosquitto.conf.gz
-rw-r--r-- 1 root root 23 Apr 3 2021 pskfile.example
-rw-r--r-- 1 root root 355 Apr 3 2021 pwfile.example
cd /usr/share/doc/mosquitto/examples/
sudo gzip -d mosquitto.conf.gz
sudp cp mosquitto.conf /etc/mosquitto/conf.d/
手动启动mosquitto,方便查看日志排查出现的问题。
mosquitto -c /etc/mosquitto/conf.d/mosquitto.conf -v
1.配置成无用户密码校验和无TLS连接
listener 1883
allow_anonymous true
配置文件如上配置,然后启动mosquito。
验证:
订阅
mosquitto_sub -t mytest -h localhost -p 1883
发布
mosquitto_pub -t mytest -m mymessage -h localhost -p 1883
2.配置成用户密码校验和无TLS连接
listener 1883
allow_anonymous false
password_file /etc/mosquitto/pwfile
修改配置文件如上,然后添加用户
xx@ubuntu:~$ sudo mosquitto_passwd -c /etc/mosquitto/pwfile test
Password:
Reenter password:
启动mosquito进行验证
订阅
mosquitto_sub -t mytest -h localhost -p 1883 -u test -P test
发布
mosquitto_pub -t mytest -m mymessage -h localhost -p 1883 -u test -P test
3.配置无密码用户校验和tls单向认证
listener 8883
cafile /etc/mosquitto/Myca/ca.crt
certfile /etc/mosquitto/Myca/server.crt
keyfile /etc/mosquitto/Myca/server.key
allow_anonymous true
一般默认tls连接使用8883端口号。
接下来需要通过penssl生成证书。参考链接https://www.cnblogs.com/juanjuankaikai/p/11425598.html
sudo mkdir /etc/mosquitto/Myca
cd /etc/mosquitto/Myca
sudo openssl genrsa -des3 -out ca.key 2048
sudo openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
sudo openssl genrsa -out server.key 2048
sudo openssl req -new -out server.csr -key server.key
sudo openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650
启动mosquito进行验证
订阅
mosquitto_sub -t testtls --cafile /etc/mosquitto/Myca/ca.crt -h 1.168.31.195 -p 8883 --tls-version tlsv1.2
发布
mosquitto_pub -t testtls -m tls_MQTT --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2
4.配置密码用户校验和tls单向认证
listener 8883
cafile /etc/mosquitto/Myca/ca.crt
certfile /etc/mosquitto/Myca/server.crt
keyfile /etc/mosquitto/Myca/server.key
allow_anonymous false
password_file /etc/mosquitto/pwfile
启动mosquito进行验证
订阅
mosquitto_sub -t testtls --cafile /etc/mosquitto/Myca/ca.crt -h 1.168.31.195 -p 8883 --tls-version tlsv1.2 -u test -P test
发布
mosquitto_pub -t testtls -m tls_MQTT --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2 -u test -P test
5.配置无密码用户校验和tls双向认证
listener 8883
cafile /etc/mosquitto/Myca/ca.crt
certfile /etc/mosquitto/Myca/server.crt
keyfile /etc/mosquitto/Myca/server.key
allow_anonymous true
require_certificate true
use_identity_as_username true
配置文件修改成如上。
参数配置详情可参考此链接https://blog.csdn.net/lclfans1983/article/details/105670039
生成客户端证书
sudo openssl genrsa -out client.key 2048
sudo openssl req -new -out client.csr -key client.key
sudo openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 3650
启动mosquito进行验证
订阅
mosquitto_sub -t testtls --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2 -u test -P test --cert /etc/mosquitto/Myca/client.crt --key /etc/mosquitto/Myca/client.key
发布
mosquitto_pub -t testtls -m tls_MQTT --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2 --cert /etc/mosquitto/Myca/client.crt --key /etc/mosquitto/Myca/client.key
6.配置密码用户校验和tls双向认证
listener 8883
cafile /etc/mosquitto/Myca/ca.crt
certfile /etc/mosquitto/Myca/server.crt
keyfile /etc/mosquitto/Myca/server.key
allow_anonymous false
require_certificate true
use_identity_as_username false
password_file /etc/mosquitto/pwfile
启动mosquito进行验证
订阅
mosquitto_sub -t testtls --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2 -u test -P test --cert /etc/mosquitto/Myca/client.crt --key /etc/mosquitto/Myca/client.key
发布
mosquitto_pub -t testtls -m tls_MQTT --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2 --cert /etc/mosquitto/Myca/client.crt --key /etc/mosquitto/Myca/client.key -u test -P test