Diferència entre revisions de la pàgina «Configuració de MQTTS a un servidor remot basat en Debian 9»
De Wiki d'en Jordi Binefa
(Hi ha 4 revisions intermèdies del mateix usuari que no es mostren) | |||
Línia 7: | Línia 7: | ||
root@remot:/etc/mosquitto/certs# wget https://raw.githubusercontent.com/owntracks/tools/master/TLS/generate-CA.sh | root@remot:/etc/mosquitto/certs# wget https://raw.githubusercontent.com/owntracks/tools/master/TLS/generate-CA.sh | ||
root@remot:/etc/mosquitto/certs# chmod +x generate-CA.sh | root@remot:/etc/mosquitto/certs# chmod +x generate-CA.sh | ||
− | root@remot:/etc/ | + | root@remot:/etc/mosquitto/certs# HOSTLIST="broker.electronics.cat" ./generate-CA.sh broker.electronics.cat |
+ | == Incorporació dels certificats a l'arxiu de configuració mosquitto.conf == | ||
+ | Podeu visualitzar els certificats públics i privats generats: | ||
− | en | + | root@remot:/etc/mosquitto/certs# ls /etc/mosquitto/certs/ -ls |
+ | total 48 | ||
+ | 4 -r--r--r-- 1 root root 1330 Aug 1 21:31 ca.crt | ||
+ | 4 -r-------- 1 root root 1704 Aug 1 21:31 ca.key | ||
+ | 4 -rw-r--r-- 1 root root 17 Aug 1 21:31 ca.srl | ||
+ | 12 -rwxr-xr-x 1 root root 8711 Aug 1 21:30 generate-CA.sh | ||
+ | 4 -r--r--r-- 1 root root 1911 Aug 1 21:31 broker.electronics.cat.crt | ||
+ | 4 -rw-r--r-- 1 root root 1013 Aug 1 21:31 broker.electronics.cat.csr | ||
+ | 4 -r-------- 1 root root 1679 Aug 1 21:31 broker.electronics.cat.key | ||
+ | 4 -rw-r--r-- 1 root root 130 May 12 22:13 README | ||
+ | |||
+ | Ara els heu d'incorporar a l'arxiu /etc/mosquitto/mosquitto.conf | ||
+ | root@remot:/etc/mosquitto/certs# cd /etc/mosquitto/ | ||
+ | root@remot:/etc/mosquitto# nano mosquitto.conf | ||
+ | root@remot:/etc/mosquitto# cat mosquitto.conf | ||
+ | # Place your local configuration in /etc/mosquitto/conf.d/ | ||
+ | # | ||
+ | # A full description of the configuration file is at | ||
+ | # /usr/share/doc/mosquitto/examples/mosquitto.conf.example | ||
+ | pid_file /var/run/mosquitto.pid | ||
+ | persistence true | ||
+ | persistence_location /var/lib/mosquitto/ | ||
+ | log_dest file /var/log/mosquitto/mosquitto.log | ||
+ | include_dir /etc/mosquitto/conf.d | ||
+ | allow_anonymous false | ||
+ | password_file /etc/mosquitto/certs/contrasenyes.txt | ||
+ | '''# MQTT over TLS/SSL''' | ||
+ | '''listener 8883''' | ||
+ | '''cafile /etc/mosquitto/certs/ca.crt''' | ||
+ | '''certfile /etc/mosquitto/certs/broker.electronics.cat.crt''' | ||
+ | '''keyfile /etc/mosquitto/certs/broker.electronics.cat.key''' | ||
+ | root@remot:/etc/mosquitto# service mosquitto stop | ||
+ | root@remot:/etc/mosquitto# service mosquitto start | ||
+ | |||
+ | Un cop reiniciat el servei ''mosquitto'' ja el podeu provar. | ||
+ | |||
+ | == Gestió d'usuaris i contrasenyes == | ||
+ | [http://www.steves-internet-guide.com/mqtt-username-password-example/ Mosquitto Username and Password Authentication -Configuration and Testing] | ||
+ | |||
+ | == Eina de conversió de certificats a codi incorporable a l'Arduino IDE == | ||
+ | |||
+ | [https://raw.githubusercontent.com/jordibinefa/ms-drivers-and-tools/master/certToArduino_01.py Programa en Python convertidor de certificats a codi enganxable a l'Arduino IDE] | ||
+ | |||
+ | |||
+ | == Exemple de codi MQTTS per a l'ESP32 fent servir l'Arduino IDE == | ||
+ | |||
+ | Codi de mostra per a l'ESP32: [https://github.com/jordibinefa/arduino-IDE-codes/blob/master/esp32_mqtts_pubSub_00/esp32_mqtts_pubSub_00.ino esp32_mqtts_pubSub_00.ino] |
Revisió de 08:31, 8 oct 2018
Prèviament haureu de tenir una Instal·lació de MQTT a un servidor remot basat en Debian 9
Contingut
Generació dels certificats TLS
És molt important que definiu al principi si voleu accedir al servidor intermediari (broker) mitjançant IP (local o pública) o per nom de domini. En aquest exemple fem l'accés per nom de domini broker.electronics.cat
root@remot:/etc/mosquitto# cd /etc/mosquitto/certs/ root@remot:/etc/mosquitto/certs# wget https://raw.githubusercontent.com/owntracks/tools/master/TLS/generate-CA.sh root@remot:/etc/mosquitto/certs# chmod +x generate-CA.sh root@remot:/etc/mosquitto/certs# HOSTLIST="broker.electronics.cat" ./generate-CA.sh broker.electronics.cat
Incorporació dels certificats a l'arxiu de configuració mosquitto.conf
Podeu visualitzar els certificats públics i privats generats:
root@remot:/etc/mosquitto/certs# ls /etc/mosquitto/certs/ -ls total 48 4 -r--r--r-- 1 root root 1330 Aug 1 21:31 ca.crt 4 -r-------- 1 root root 1704 Aug 1 21:31 ca.key 4 -rw-r--r-- 1 root root 17 Aug 1 21:31 ca.srl 12 -rwxr-xr-x 1 root root 8711 Aug 1 21:30 generate-CA.sh 4 -r--r--r-- 1 root root 1911 Aug 1 21:31 broker.electronics.cat.crt 4 -rw-r--r-- 1 root root 1013 Aug 1 21:31 broker.electronics.cat.csr 4 -r-------- 1 root root 1679 Aug 1 21:31 broker.electronics.cat.key 4 -rw-r--r-- 1 root root 130 May 12 22:13 README
Ara els heu d'incorporar a l'arxiu /etc/mosquitto/mosquitto.conf
root@remot:/etc/mosquitto/certs# cd /etc/mosquitto/ root@remot:/etc/mosquitto# nano mosquitto.conf root@remot:/etc/mosquitto# cat mosquitto.conf # Place your local configuration in /etc/mosquitto/conf.d/ # # A full description of the configuration file is at # /usr/share/doc/mosquitto/examples/mosquitto.conf.example pid_file /var/run/mosquitto.pid persistence true persistence_location /var/lib/mosquitto/ log_dest file /var/log/mosquitto/mosquitto.log include_dir /etc/mosquitto/conf.d allow_anonymous false password_file /etc/mosquitto/certs/contrasenyes.txt # MQTT over TLS/SSL listener 8883 cafile /etc/mosquitto/certs/ca.crt certfile /etc/mosquitto/certs/broker.electronics.cat.crt keyfile /etc/mosquitto/certs/broker.electronics.cat.key root@remot:/etc/mosquitto# service mosquitto stop root@remot:/etc/mosquitto# service mosquitto start
Un cop reiniciat el servei mosquitto ja el podeu provar.
Gestió d'usuaris i contrasenyes
Mosquitto Username and Password Authentication -Configuration and Testing
Eina de conversió de certificats a codi incorporable a l'Arduino IDE
Programa en Python convertidor de certificats a codi enganxable a l'Arduino IDE
Exemple de codi MQTTS per a l'ESP32 fent servir l'Arduino IDE
Codi de mostra per a l'ESP32: esp32_mqtts_pubSub_00.ino