sudo apt-add-repository ppa:mosquitto-dev/mosquitto-ppa sudo apt-get update sudo apt-get install mosquitto -y sudo apt-get install mosquitto-clients -y
通过上诉命令完成mosquitto的安装,版本mosquitto version 2.0.10。
修改配置文件,用以启用mosquitto的各项功能。
# Place your local configuration in /etc/mosquitto/conf.d/ # # A full description of the configuration file is at # /usr/share/doc/mosquitto/examples/mosquitto.conf.example persistence true persistence_location /var/lib/mosquitto/ log_dest file /var/log/mosquitto/mosquitto.log include_dir /etc/mosquitto/conf.d
打开/etc/mosquitto/mosquitto.conf,发现需要将配置文件放置于/etc/mosquitto/conf.d/目录下,示例文件可以从/usr/share/doc/mosquitto/examples/目录下提取,发现其是一个压缩包,将其解压缩,然后复制到/etc/mosquitto/conf.d/目录下。
xx@ubuntu:/etc/mosquitto$ cd /usr/share/doc/mosquitto/examples/ xx@ubuntu:/usr/share/doc/mosquitto/examples$ ls -lh 总用量 24K -rw-r--r-- 1 root root 230 Apr 3 2021 aclfile.example -rw-r--r-- 1 root root 12K Apr 3 2021 mosquitto.conf.gz -rw-r--r-- 1 root root 23 Apr 3 2021 pskfile.example -rw-r--r-- 1 root root 355 Apr 3 2021 pwfile.example
cd /usr/share/doc/mosquitto/examples/ sudo gzip -d mosquitto.conf.gz sudp cp mosquitto.conf /etc/mosquitto/conf.d/
手动启动mosquitto,方便查看日志排查出现的问题。
mosquitto -c /etc/mosquitto/conf.d/mosquitto.conf -v
1.配置成无用户密码校验和无TLS连接
listener 1883 allow_anonymous true
配置文件如上配置,然后启动mosquito。
验证:
订阅 mosquitto_sub -t mytest -h localhost -p 1883 发布 mosquitto_pub -t mytest -m mymessage -h localhost -p 1883
2.配置成用户密码校验和无TLS连接
listener 1883 allow_anonymous false password_file /etc/mosquitto/pwfile
修改配置文件如上,然后添加用户
xx@ubuntu:~$ sudo mosquitto_passwd -c /etc/mosquitto/pwfile test Password: Reenter password:
启动mosquito进行验证
订阅 mosquitto_sub -t mytest -h localhost -p 1883 -u test -P test 发布 mosquitto_pub -t mytest -m mymessage -h localhost -p 1883 -u test -P test
3.配置无密码用户校验和tls单向认证
listener 8883 cafile /etc/mosquitto/Myca/ca.crt certfile /etc/mosquitto/Myca/server.crt keyfile /etc/mosquitto/Myca/server.key allow_anonymous true
一般默认tls连接使用8883端口号。
接下来需要通过penssl生成证书。参考链接https://www.cnblogs.com/juanjuankaikai/p/11425598.html
sudo mkdir /etc/mosquitto/Myca cd /etc/mosquitto/Myca sudo openssl genrsa -des3 -out ca.key 2048 sudo openssl req -new -x509 -days 3650 -key ca.key -out ca.crt sudo openssl genrsa -out server.key 2048 sudo openssl req -new -out server.csr -key server.key sudo openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650
启动mosquito进行验证
订阅 mosquitto_sub -t testtls --cafile /etc/mosquitto/Myca/ca.crt -h 1.168.31.195 -p 8883 --tls-version tlsv1.2 发布 mosquitto_pub -t testtls -m tls_MQTT --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2
4.配置密码用户校验和tls单向认证
listener 8883 cafile /etc/mosquitto/Myca/ca.crt certfile /etc/mosquitto/Myca/server.crt keyfile /etc/mosquitto/Myca/server.key allow_anonymous false password_file /etc/mosquitto/pwfile
启动mosquito进行验证
订阅 mosquitto_sub -t testtls --cafile /etc/mosquitto/Myca/ca.crt -h 1.168.31.195 -p 8883 --tls-version tlsv1.2 -u test -P test 发布 mosquitto_pub -t testtls -m tls_MQTT --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2 -u test -P test
5.配置无密码用户校验和tls双向认证
listener 8883 cafile /etc/mosquitto/Myca/ca.crt certfile /etc/mosquitto/Myca/server.crt keyfile /etc/mosquitto/Myca/server.key allow_anonymous true require_certificate true use_identity_as_username true
配置文件修改成如上。
参数配置详情可参考此链接https://blog.csdn.net/lclfans1983/article/details/105670039
生成客户端证书
sudo openssl genrsa -out client.key 2048 sudo openssl req -new -out client.csr -key client.key sudo openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 3650
启动mosquito进行验证
订阅 mosquitto_sub -t testtls --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2 -u test -P test --cert /etc/mosquitto/Myca/client.crt --key /etc/mosquitto/Myca/client.key 发布 mosquitto_pub -t testtls -m tls_MQTT --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2 --cert /etc/mosquitto/Myca/client.crt --key /etc/mosquitto/Myca/client.key
6.配置密码用户校验和tls双向认证
listener 8883 cafile /etc/mosquitto/Myca/ca.crt certfile /etc/mosquitto/Myca/server.crt keyfile /etc/mosquitto/Myca/server.key allow_anonymous false require_certificate true use_identity_as_username false password_file /etc/mosquitto/pwfile
启动mosquito进行验证
订阅 mosquitto_sub -t testtls --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2 -u test -P test --cert /etc/mosquitto/Myca/client.crt --key /etc/mosquitto/Myca/client.key 发布 mosquitto_pub -t testtls -m tls_MQTT --cafile /etc/mosquitto/Myca/ca.crt -h 192.168.31.195 -p 8883 --tls-version tlsv1.2 --cert /etc/mosquitto/Myca/client.crt --key /etc/mosquitto/Myca/client.key -u test -P test
