mirror of
https://github.com/daniviga/bite.git
synced 2024-12-23 08:41:24 +01:00
Implement MQTT over WebSocket support (#19)
* Update README.md * Change default port in EEPROM * Add more docs * Implement MQTT over WS * Update diagrams * Update README.md and fix travis * Fix simulator.py * Fix a warning in .travis.yml * Sync travis with simulator.py * Fix serial in EDGE composer
This commit is contained in:
parent
05a5271e9a
commit
b318c32485
15
.travis.yml
15
.travis.yml
@ -1,5 +1,6 @@
|
||||
language: python
|
||||
os: linux
|
||||
dist: bionic
|
||||
language: python
|
||||
|
||||
services:
|
||||
- docker
|
||||
@ -7,15 +8,15 @@ services:
|
||||
before_install:
|
||||
- pip -q install -U docker-compose
|
||||
|
||||
simulator: &simulator
|
||||
_iot-simulator: &iot-simulator
|
||||
stage: simulator
|
||||
install:
|
||||
- docker-compose -f docker/docker-compose.yml pull
|
||||
- docker-compose -f docker/docker-compose.yml build
|
||||
before_script:
|
||||
- docker-compose -f docker/docker-compose.yml -f docker/edge/docker-compose.edge.yml up -d
|
||||
- DOCKER_HOST='127.0.0.1:22375' docker-compose -f docker/docker-compose.yml -f docker/edge/docker-compose.edge.yml pull
|
||||
- DOCKER_HOST='127.0.0.1:22375' docker-compose -f docker/docker-compose.yml -f docker/edge/docker-compose.edge.yml build
|
||||
- DOCKER_HOST='127.0.0.1:22375' docker-compose -f docker/edge/docker-compose.modules.yml pull
|
||||
- DOCKER_HOST='127.0.0.1:22375' docker-compose -f docker/edge/docker-compose.modules.yml build
|
||||
script:
|
||||
- sleep 5 # warm-up
|
||||
- sed -i 's/# IOT_SERIAL/IOT_SERIAL/g' docker/edge/docker-compose.modules.yml
|
||||
@ -41,7 +42,9 @@ jobs:
|
||||
- docker-compose -f docker/docker-compose.yml up -d
|
||||
script:
|
||||
- docker-compose -f docker/docker-compose.yml exec bite python manage.py test
|
||||
- <<: *simulator
|
||||
- <<: *iot-simulator
|
||||
env: IOT_TL=http
|
||||
- <<: *simulator
|
||||
- <<: *iot-simulator
|
||||
env: IOT_TL=mqtt
|
||||
- <<: *iot-simulator
|
||||
env: IOT_TL=ws
|
||||
|
67
README.md
67
README.md
@ -2,10 +2,17 @@
|
||||
|
||||
Playing with IoT
|
||||
|
||||
This project is for educational purposes only. It does not implement any authentication and/or encryption protocol, so it is not suitable for real production.
|
||||
This project is for educational purposes only. It does not implement any
|
||||
authentication and/or encryption protocol, so it is not suitable for real
|
||||
production.
|
||||
|
||||
![Application Schema](./docs/application_chart.svg)
|
||||
|
||||
### Future implementations
|
||||
|
||||
- Broker HA via [Nginx stream module](http://nginx.org/en/docs/stream/ngx_stream_core_module.html)
|
||||
- Stream analytics via [Apache Spark](https://spark.apache.org/)
|
||||
|
||||
## Installation
|
||||
|
||||
### Requirements
|
||||
@ -13,17 +20,23 @@ This project is for educational purposes only. It does not implement any authent
|
||||
- `docker-ce` or `moby`
|
||||
- `docker-compose`
|
||||
|
||||
The project is compatible with Docker for Windows (using Linux executors), but it is advised to directly use a minimal Linux VM instead (via the preferred hypervisor).
|
||||
The project is compatible with Docker for Windows (using Linux executors),
|
||||
but it is advised to directly use a minimal Linux VM instead
|
||||
(via the preferred hypervisor).
|
||||
|
||||
The application stack is composed by the following components:
|
||||
|
||||
- [Django](https://www.djangoproject.com/) with [Django REST framework](https://www.django-rest-framework.org/) web application (running via `gunicorn` in production mode)
|
||||
- [Django](https://www.djangoproject.com/) with
|
||||
[Django REST framework](https://www.django-rest-framework.org/)
|
||||
web application (running via `gunicorn` in production mode)
|
||||
- `mqtt-to-db` custom daemon to dump telemetry into the timeseries database
|
||||
- telemetry payload is stored as json object (via PostgreSQL JSON data type)
|
||||
- [Timescale](https://www.timescale.com/) DB, a [PostgreSQL](https://www.postgresql.org/) database with a timeseries extension
|
||||
- [Timescale](https://www.timescale.com/) DB,
|
||||
a [PostgreSQL](https://www.postgresql.org/) database with a timeseries extension
|
||||
- [Mosquitto](https://mosquitto.org/) MQTT broker (see alternatives below)
|
||||
- [Nginx](http://nginx.org/) as ingress for HTTP (see alternative below)
|
||||
- [Chrony](https://chrony.tuxfamily.org/) as NTP server (with optional `MD5` encryption)
|
||||
- [Chrony](https://chrony.tuxfamily.org/) as NTP server
|
||||
(with optional `MD5` encryption)
|
||||
|
||||
## Deployment
|
||||
|
||||
@ -33,7 +46,8 @@ The application stack is composed by the following components:
|
||||
docker-compose -f docker/docker-compose.yml up -d [--scale {bite,mqtt-to-db)=N]
|
||||
```
|
||||
It exposes:
|
||||
- `http://localhost:80` (HTTP)
|
||||
|
||||
- `http://localhost:80` (HTTP and MQTT over Websockets)
|
||||
- `tcp://localhost:1883` (MQTT)
|
||||
- `udp://localhost:123` (NTP)
|
||||
|
||||
@ -44,22 +58,26 @@ Django runs with `DEBUG = True` and `SKIP_WHITELIST = True`
|
||||
```bash
|
||||
docker-compose -f docker/docker-compose.yml -f docker-compose.dev.yml up -d [--scale {bite,mqtt-to-db)=N]
|
||||
```
|
||||
|
||||
It exposes:
|
||||
- `http://localhost:80` (HTTP)
|
||||
|
||||
- `http://localhost:80` (HTTP and MQTT over Websockets)
|
||||
- `http://localhost:8080` (Django's `runserver`)
|
||||
- `tcp://localhost:1883` (MQTT)
|
||||
- `tcp://localhost:9001` (MQTT over Websockets)
|
||||
- `udp://localhost:123` (NTP)
|
||||
- `tcp://localhost:5432` (PostgreSQL/Timescale)
|
||||
|
||||
Django runs with `DEBUG = True` and `SKIP_WHITELIST = True`
|
||||
|
||||
### Production
|
||||
### Production (kind of)
|
||||
|
||||
```bash
|
||||
docker-compose -f docker/docker-compose.yml -f docker-compose.prod.yml up -d [--scale {bite,mqtt-to-db)=N]
|
||||
```
|
||||
It exposes:
|
||||
- `http://localhost:80` (HTTP)
|
||||
|
||||
- `http://localhost:80` (HTTP and MQTT over Websockets)
|
||||
- `tcp://localhost:1883` (MQTT)
|
||||
- `udp://localhost:123` (NTP)
|
||||
|
||||
@ -80,24 +98,28 @@ docker-compose -f docker/docker-compose.yml up -f docker/ingress/docker-compose.
|
||||
|
||||
A ~8x memory usage can be expected compared to Mosquitto.
|
||||
|
||||
To use [VerneMQ](https://vernemq.com/) instead of Mosquitto use:
|
||||
To use [VerneMQ](https://vernemq.com/) instead of Mosquitto run:
|
||||
```bash
|
||||
docker-compose -f docker/docker-compose.yml up -f docker/mqtt/docker-compose.vernemq.yml -d
|
||||
```
|
||||
|
||||
### RabbitMQ
|
||||
|
||||
RabbitMQ does provides AMQP protocol too, but ingestion on the application side is not implemented yet.
|
||||
RabbitMQ does provide AMQP protocol too, but ingestion on the application side
|
||||
is not implemented yet.
|
||||
A ~10x memory usage can be expected compared to Mosquitto.
|
||||
|
||||
To use [RabbitMQ](https://www.rabbitmq.com/) (with the MQTT plugin enabled) instead of Mosquitto use:
|
||||
To use [RabbitMQ](https://www.rabbitmq.com/) (with the MQTT plugin enabled)
|
||||
instead of Mosquitto run:
|
||||
|
||||
```bash
|
||||
docker-compose -f docker/docker-compose.yml up -f docker/mqtt/docker-compose.rabbitmq.yml -d
|
||||
```
|
||||
|
||||
## EDGE gateway simulation (via dind)
|
||||
|
||||
An EDGE gateway, with containers as modules, may be simulated via dind (docker-in-docker).
|
||||
An EDGE gateway, with containers as modules, may be simulated via dind
|
||||
(docker-in-docker).
|
||||
|
||||
### Start the EDGE
|
||||
|
||||
@ -108,18 +130,23 @@ docker-compose -f docker/docker-compose.yml up -f docker/edge/docker-compose.edg
|
||||
### Run the modules inside the EDGE
|
||||
|
||||
```bash
|
||||
DOCKER_HOST='127.0.0.1:22375' docker-compose -f docker-compose.modules.yml up -d [--scale {device-http,device-mqtt}=N]
|
||||
DOCKER_HOST='127.0.0.1:22375' docker-compose -f docker-compose.modules.yml up -d [--scale {device-http,device-ws,device-mqtt}=N]
|
||||
```
|
||||
|
||||
## Arduino
|
||||
|
||||
A simple Arduino UNO sketch is provided in the `arduino/tempLightSensor` folder. The sketch reads temperature and light from sensors. The simple schematic is:
|
||||
A simple Arduino UNO sketch is provided in the `arduino/tempLightSensor` folder.
|
||||
The sketch reads temperature and light from sensors.
|
||||
|
||||
![tempLightSensor](./arduino/tempLightSensor/tempLightSensor.svg)
|
||||
[Read more ...](./arduino/README.md)
|
||||
|
||||
The sketch does require an Ethernet shield and a bunch of libraries which are available as git submodules under `arduino/libraries`.
|
||||
Be advised that some libraries (notably the NTP one) are customized.
|
||||
## Testing
|
||||
|
||||
Configuration parameters are stored and retrieved from the EEPROM. An helper sketch to update the EEPROM is available under `arduino/eeprom_prog`
|
||||
Application tests are part of the Django suite:
|
||||
|
||||
An `ESP32` board (or similar Arduino) may be used, with some adaptions, too.
|
||||
```bash
|
||||
python manage.py test
|
||||
```
|
||||
|
||||
End-to-End tests are performed via Travis-CI. See [`.travis.yml`](.travis.yml)
|
||||
for further explanations.
|
58
arduino/README.md
Normal file
58
arduino/README.md
Normal file
@ -0,0 +1,58 @@
|
||||
# Arduino IoT device
|
||||
|
||||
A simple Arduino UNO sketch is provided in the `arduino/tempLightSensor` folder.
|
||||
The sketch reads temperature and light from sensors.
|
||||
|
||||
The simple schematic is:
|
||||
|
||||
![tempLightSensor](./tempLightSensor/tempLightSensor.svg)
|
||||
|
||||
The sketch does require an Ethernet shield and a bunch of libraries which are
|
||||
available as git submodules under `arduino/libraries`.
|
||||
|
||||
```bash
|
||||
git submodule update --init
|
||||
```
|
||||
|
||||
Be advised that some libraries (notably the `NTP` one) have been customized.
|
||||
|
||||
An `ESP32` board (or similar Arduino) may be used, with some adaptions, too.
|
||||
|
||||
## EEPROM
|
||||
|
||||
Configuration parameters are stored and retrieved from the `EEPROM`.
|
||||
An helper sketch to update the `EEPROM` is available under
|
||||
`arduino/eeprom_prog`.
|
||||
|
||||
The data stored in the `EEPROM` is:
|
||||
|
||||
```c
|
||||
// Ethernet MAC address
|
||||
const byte mac[6];
|
||||
|
||||
// Device serial number
|
||||
const char serial[];
|
||||
|
||||
// IoT platform address and port
|
||||
struct netConfig {
|
||||
IPAddress address;
|
||||
unsigned int port;
|
||||
};
|
||||
|
||||
```
|
||||
|
||||
The `EEPROM` can be completely erased setting the `ERASE_FIRST` macro to `1`.
|
||||
|
||||
```c
|
||||
#define ERASE_FIRST 0
|
||||
```
|
||||
|
||||
## Firmware options
|
||||
|
||||
The following macros are available in the firmware (to be set at compile time):
|
||||
|
||||
```c
|
||||
#define DEBUG_TO_SERIAL 1 // debug on serial port
|
||||
#define USE_MQTT 1 // use mqtt protocol instead of http post
|
||||
#define USE_INTERNAL_NTP 0 // use default ntp server or the internal one
|
||||
```
|
@ -15,7 +15,7 @@ struct netConfig {
|
||||
|
||||
netConfig config = {
|
||||
{192, 168, 10, 123},
|
||||
8000
|
||||
80
|
||||
};
|
||||
|
||||
void setup() {
|
||||
|
@ -5,6 +5,11 @@ services:
|
||||
ports:
|
||||
- "5432:5432"
|
||||
|
||||
broker:
|
||||
ports:
|
||||
- "1883:1883"
|
||||
- "9001:9001"
|
||||
|
||||
bite:
|
||||
volumes:
|
||||
- ../bite:/srv/app/bite
|
||||
|
@ -36,6 +36,8 @@ services:
|
||||
broker:
|
||||
<<: *service_default
|
||||
image: eclipse-mosquitto
|
||||
volumes:
|
||||
- "./mqtt/mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf"
|
||||
networks:
|
||||
- net
|
||||
ports:
|
||||
|
@ -18,6 +18,20 @@ services:
|
||||
IOT_DEBUG: 1
|
||||
network_mode: "host"
|
||||
|
||||
device-ws:
|
||||
<<: *service_default
|
||||
build:
|
||||
context: ../simulator
|
||||
image: daniviga/bite-device-simulator
|
||||
environment:
|
||||
IOT_HTTP: "http://ingress"
|
||||
IOT_MQTT: "ingress:80"
|
||||
# IOT_SERIAL: "ws1234"
|
||||
# IOT_DELAY: 10
|
||||
IOT_DEBUG: 1
|
||||
command: ["/opt/bite/device_simulator.py", "-t", "ws"]
|
||||
network_mode: "host"
|
||||
|
||||
device-mqtt:
|
||||
<<: *service_default
|
||||
build:
|
||||
|
@ -1,4 +1,3 @@
|
||||
|
||||
user nginx;
|
||||
worker_processes auto;
|
||||
|
||||
@ -25,12 +24,23 @@ http {
|
||||
keepalive_timeout 65;
|
||||
gzip off;
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
upstream bite {
|
||||
# We point to the Docker 'service' instead of directly to the container
|
||||
# Docker does then a DNS round-robin internally
|
||||
server bite:8000;
|
||||
}
|
||||
|
||||
upstream broker {
|
||||
# We point to the Docker 'service' instead of directly to the container
|
||||
# Docker does then a DNS round-robin internally
|
||||
server broker:9001;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
@ -51,6 +61,13 @@ http {
|
||||
proxy_connect_timeout 300;
|
||||
}
|
||||
|
||||
location /mqtt {
|
||||
proxy_pass http://broker;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
}
|
||||
|
||||
location /static/ {
|
||||
root /srv/appdata/bite;
|
||||
}
|
||||
|
988
docker/mqtt/mosquitto/mosquitto.conf
Normal file
988
docker/mqtt/mosquitto/mosquitto.conf
Normal file
@ -0,0 +1,988 @@
|
||||
# Config file for mosquitto
|
||||
#
|
||||
# See mosquitto.conf(5) for more information.
|
||||
#
|
||||
# Default values are shown, uncomment to change.
|
||||
#
|
||||
# Use the # character to indicate a comment, but only if it is the
|
||||
# very first character on the line.
|
||||
|
||||
# =================================================================
|
||||
# General configuration
|
||||
# =================================================================
|
||||
|
||||
# Use per listener security settings.
|
||||
#
|
||||
# It is recommended this option be set before any other options.
|
||||
#
|
||||
# If this option is set to true, then all authentication and access control
|
||||
# options are controlled on a per listener basis. The following options are
|
||||
# affected:
|
||||
#
|
||||
# password_file acl_file psk_file auth_plugin auth_opt_* allow_anonymous
|
||||
# auto_id_prefix allow_zero_length_clientid
|
||||
#
|
||||
# Note that if set to true, then a durable client (i.e. with clean session set
|
||||
# to false) that has disconnected will use the ACL settings defined for the
|
||||
# listener that it was most recently connected to.
|
||||
#
|
||||
# The default behaviour is for this to be set to false, which maintains the
|
||||
# setting behaviour from previous versions of mosquitto.
|
||||
#per_listener_settings false
|
||||
|
||||
|
||||
# If a client is subscribed to multiple subscriptions that overlap, e.g. foo/#
|
||||
# and foo/+/baz , then MQTT expects that when the broker receives a message on
|
||||
# a topic that matches both subscriptions, such as foo/bar/baz, then the client
|
||||
# should only receive the message once.
|
||||
# Mosquitto keeps track of which clients a message has been sent to in order to
|
||||
# meet this requirement. The allow_duplicate_messages option allows this
|
||||
# behaviour to be disabled, which may be useful if you have a large number of
|
||||
# clients subscribed to the same set of topics and are very concerned about
|
||||
# minimising memory usage.
|
||||
# It can be safely set to true if you know in advance that your clients will
|
||||
# never have overlapping subscriptions, otherwise your clients must be able to
|
||||
# correctly deal with duplicate messages even when then have QoS=2.
|
||||
#allow_duplicate_messages false
|
||||
|
||||
# This option controls whether a client is allowed to connect with a zero
|
||||
# length client id or not. This option only affects clients using MQTT v3.1.1
|
||||
# and later. If set to false, clients connecting with a zero length client id
|
||||
# are disconnected. If set to true, clients will be allocated a client id by
|
||||
# the broker. This means it is only useful for clients with clean session set
|
||||
# to true.
|
||||
#allow_zero_length_clientid true
|
||||
|
||||
# If allow_zero_length_clientid is true, this option allows you to set a prefix
|
||||
# to automatically generated client ids to aid visibility in logs.
|
||||
# Defaults to 'auto-'
|
||||
#auto_id_prefix auto-
|
||||
|
||||
# This option affects the scenario when a client subscribes to a topic that has
|
||||
# retained messages. It is possible that the client that published the retained
|
||||
# message to the topic had access at the time they published, but that access
|
||||
# has been subsequently removed. If check_retain_source is set to true, the
|
||||
# default, the source of a retained message will be checked for access rights
|
||||
# before it is republished. When set to false, no check will be made and the
|
||||
# retained message will always be published. This affects all listeners.
|
||||
#check_retain_source true
|
||||
|
||||
# QoS 1 and 2 messages will be allowed inflight per client until this limit
|
||||
# is exceeded. Defaults to 0. (No maximum)
|
||||
# See also max_inflight_messages
|
||||
#max_inflight_bytes 0
|
||||
|
||||
# The maximum number of QoS 1 and 2 messages currently inflight per
|
||||
# client.
|
||||
# This includes messages that are partway through handshakes and
|
||||
# those that are being retried. Defaults to 20. Set to 0 for no
|
||||
# maximum. Setting to 1 will guarantee in-order delivery of QoS 1
|
||||
# and 2 messages.
|
||||
#max_inflight_messages 20
|
||||
|
||||
# For MQTT v5 clients, it is possible to have the server send a "server
|
||||
# keepalive" value that will override the keepalive value set by the client.
|
||||
# This is intended to be used as a mechanism to say that the server will
|
||||
# disconnect the client earlier than it anticipated, and that the client should
|
||||
# use the new keepalive value. The max_keepalive option allows you to specify
|
||||
# that clients may only connect with keepalive less than or equal to this
|
||||
# value, otherwise they will be sent a server keepalive telling them to use
|
||||
# max_keepalive. This only applies to MQTT v5 clients. The maximum value
|
||||
# allowable is 65535. Do not set below 10.
|
||||
#max_keepalive 65535
|
||||
|
||||
# For MQTT v5 clients, it is possible to have the server send a "maximum packet
|
||||
# size" value that will instruct the client it will not accept MQTT packets
|
||||
# with size greater than max_packet_size bytes. This applies to the full MQTT
|
||||
# packet, not just the payload. Setting this option to a positive value will
|
||||
# set the maximum packet size to that number of bytes. If a client sends a
|
||||
# packet which is larger than this value, it will be disconnected. This applies
|
||||
# to all clients regardless of the protocol version they are using, but v3.1.1
|
||||
# and earlier clients will of course not have received the maximum packet size
|
||||
# information. Defaults to no limit. Setting below 20 bytes is forbidden
|
||||
# because it is likely to interfere with ordinary client operation, even with
|
||||
# very small payloads.
|
||||
#max_packet_size 0
|
||||
|
||||
# QoS 1 and 2 messages above those currently in-flight will be queued per
|
||||
# client until this limit is exceeded. Defaults to 0. (No maximum)
|
||||
# See also max_queued_messages.
|
||||
# If both max_queued_messages and max_queued_bytes are specified, packets will
|
||||
# be queued until the first limit is reached.
|
||||
#max_queued_bytes 0
|
||||
|
||||
# The maximum number of QoS 1 and 2 messages to hold in a queue per client
|
||||
# above those that are currently in-flight. Defaults to 100. Set
|
||||
# to 0 for no maximum (not recommended).
|
||||
# See also queue_qos0_messages.
|
||||
# See also max_queued_bytes.
|
||||
#max_queued_messages 100
|
||||
#
|
||||
# This option sets the maximum number of heap memory bytes that the broker will
|
||||
# allocate, and hence sets a hard limit on memory use by the broker. Memory
|
||||
# requests that exceed this value will be denied. The effect will vary
|
||||
# depending on what has been denied. If an incoming message is being processed,
|
||||
# then the message will be dropped and the publishing client will be
|
||||
# disconnected. If an outgoing message is being sent, then the individual
|
||||
# message will be dropped and the receiving client will be disconnected.
|
||||
# Defaults to no limit.
|
||||
#memory_limit 0
|
||||
|
||||
# This option sets the maximum publish payload size that the broker will allow.
|
||||
# Received messages that exceed this size will not be accepted by the broker.
|
||||
# The default value is 0, which means that all valid MQTT messages are
|
||||
# accepted. MQTT imposes a maximum payload size of 268435455 bytes.
|
||||
#message_size_limit 0
|
||||
|
||||
# This option allows persistent clients (those with clean session set to false)
|
||||
# to be removed if they do not reconnect within a certain time frame.
|
||||
#
|
||||
# This is a non-standard option in MQTT V3.1 but allowed in MQTT v3.1.1.
|
||||
#
|
||||
# Badly designed clients may set clean session to false whilst using a randomly
|
||||
# generated client id. This leads to persistent clients that will never
|
||||
# reconnect. This option allows these clients to be removed.
|
||||
#
|
||||
# The expiration period should be an integer followed by one of h d w m y for
|
||||
# hour, day, week, month and year respectively. For example
|
||||
#
|
||||
# persistent_client_expiration 2m
|
||||
# persistent_client_expiration 14d
|
||||
# persistent_client_expiration 1y
|
||||
#
|
||||
# The default if not set is to never expire persistent clients.
|
||||
#persistent_client_expiration
|
||||
|
||||
# Write process id to a file. Default is a blank string which means
|
||||
# a pid file shouldn't be written.
|
||||
# This should be set to /var/run/mosquitto.pid if mosquitto is
|
||||
# being run automatically on boot with an init script and
|
||||
# start-stop-daemon or similar.
|
||||
#pid_file
|
||||
|
||||
# Set to true to queue messages with QoS 0 when a persistent client is
|
||||
# disconnected. These messages are included in the limit imposed by
|
||||
# max_queued_messages and max_queued_bytes
|
||||
# Defaults to false.
|
||||
# This is a non-standard option for the MQTT v3.1 spec but is allowed in
|
||||
# v3.1.1.
|
||||
#queue_qos0_messages false
|
||||
|
||||
# Set to false to disable retained message support. If a client publishes a
|
||||
# message with the retain bit set, it will be disconnected if this is set to
|
||||
# false.
|
||||
#retain_available true
|
||||
|
||||
# Disable Nagle's algorithm on client sockets. This has the effect of reducing
|
||||
# latency of individual messages at the potential cost of increasing the number
|
||||
# of packets being sent.
|
||||
#set_tcp_nodelay false
|
||||
|
||||
# Time in seconds between updates of the $SYS tree.
|
||||
# Set to 0 to disable the publishing of the $SYS tree.
|
||||
#sys_interval 10
|
||||
|
||||
# The MQTT specification requires that the QoS of a message delivered to a
|
||||
# subscriber is never upgraded to match the QoS of the subscription. Enabling
|
||||
# this option changes this behaviour. If upgrade_outgoing_qos is set true,
|
||||
# messages sent to a subscriber will always match the QoS of its subscription.
|
||||
# This is a non-standard option explicitly disallowed by the spec.
|
||||
#upgrade_outgoing_qos false
|
||||
|
||||
# When run as root, drop privileges to this user and its primary
|
||||
# group.
|
||||
# Set to root to stay as root, but this is not recommended.
|
||||
# If run as a non-root user, this setting has no effect.
|
||||
# Note that on Windows this has no effect and so mosquitto should
|
||||
# be started by the user you wish it to run as.
|
||||
#user mosquitto
|
||||
|
||||
# =================================================================
|
||||
# Default listener
|
||||
# =================================================================
|
||||
|
||||
# IP address/hostname to bind the default listener to. If not
|
||||
# given, the default listener will not be bound to a specific
|
||||
# address and so will be accessible to all network interfaces.
|
||||
# bind_address ip-address/host name
|
||||
#bind_address
|
||||
|
||||
# Port to use for the default listener.
|
||||
port 1883
|
||||
|
||||
# Bind the listener to a specific interface. This is similar to
|
||||
# bind_address above but is useful when an interface has multiple addresses or
|
||||
# the address may change. It is valid to use this with the bind_address option,
|
||||
# but take care that the interface you are binding to contains the address you
|
||||
# are binding to, otherwise you will not be able to connect.
|
||||
# Example: bind_interface eth0
|
||||
#bind_interface
|
||||
|
||||
# When a listener is using the websockets protocol, it is possible to serve
|
||||
# http data as well. Set http_dir to a directory which contains the files you
|
||||
# wish to serve. If this option is not specified, then no normal http
|
||||
# connections will be possible.
|
||||
#http_dir
|
||||
|
||||
# The maximum number of client connections to allow. This is
|
||||
# a per listener setting.
|
||||
# Default is -1, which means unlimited connections.
|
||||
# Note that other process limits mean that unlimited connections
|
||||
# are not really possible. Typically the default maximum number of
|
||||
# connections possible is around 1024.
|
||||
#max_connections -1
|
||||
|
||||
# Choose the protocol to use when listening.
|
||||
# This can be either mqtt or websockets.
|
||||
# Websockets support is currently disabled by default at compile time.
|
||||
# Certificate based TLS may be used with websockets, except that
|
||||
# only the cafile, certfile, keyfile and ciphers options are supported.
|
||||
protocol mqtt
|
||||
|
||||
# Set use_username_as_clientid to true to replace the clientid that a client
|
||||
# connected with with its username. This allows authentication to be tied to
|
||||
# the clientid, which means that it is possible to prevent one client
|
||||
# disconnecting another by using the same clientid.
|
||||
# If a client connects with no username it will be disconnected as not
|
||||
# authorised when this option is set to true.
|
||||
# Do not use in conjunction with clientid_prefixes.
|
||||
# See also use_identity_as_username.
|
||||
#use_username_as_clientid
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Certificate based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# The following options can be used to enable SSL/TLS support for
|
||||
# this listener. Note that the recommended port for MQTT over TLS
|
||||
# is 8883, but this must be set manually.
|
||||
#
|
||||
# See also the mosquitto-tls man page.
|
||||
|
||||
# At least one of cafile or capath must be defined. They both
|
||||
# define methods of accessing the PEM encoded Certificate
|
||||
# Authority certificates that have signed your server certificate
|
||||
# and that you wish to trust.
|
||||
# cafile defines the path to a file containing the CA certificates.
|
||||
# capath defines a directory that will be searched for files
|
||||
# containing the CA certificates. For capath to work correctly, the
|
||||
# certificate files must have ".crt" as the file ending and you must run
|
||||
# "openssl rehash <path to capath>" each time you add/remove a certificate.
|
||||
#cafile
|
||||
#capath
|
||||
|
||||
# Path to the PEM encoded server certificate.
|
||||
#certfile
|
||||
|
||||
# Path to the PEM encoded keyfile.
|
||||
#keyfile
|
||||
|
||||
|
||||
# If you have require_certificate set to true, you can create a certificate
|
||||
# revocation list file to revoke access to particular client certificates. If
|
||||
# you have done this, use crlfile to point to the PEM encoded revocation file.
|
||||
#crlfile
|
||||
|
||||
# If you wish to control which encryption ciphers are used, use the ciphers
|
||||
# option. The list of available ciphers can be obtained using the "openssl
|
||||
# ciphers" command and should be provided in the same format as the output of
|
||||
# that command.
|
||||
# If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
|
||||
#ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH
|
||||
|
||||
# To allow the use of ephemeral DH key exchange, which provides forward
|
||||
# security, the listener must load DH parameters. This can be specified with
|
||||
# the dhparamfile option. The dhparamfile can be generated with the command
|
||||
# e.g. "openssl dhparam -out dhparam.pem 2048"
|
||||
#dhparamfile
|
||||
|
||||
# By default a TLS enabled listener will operate in a similar fashion to a
|
||||
# https enabled web server, in that the server has a certificate signed by a CA
|
||||
# and the client will verify that it is a trusted certificate. The overall aim
|
||||
# is encryption of the network traffic. By setting require_certificate to true,
|
||||
# the client must provide a valid certificate in order for the network
|
||||
# connection to proceed. This allows access to the broker to be controlled
|
||||
# outside of the mechanisms provided by MQTT.
|
||||
#require_certificate false
|
||||
|
||||
# This option defines the version of the TLS protocol to use for this listener.
|
||||
# The default value allows all of v1.3, v1.2 and v1.1. The valid values are
|
||||
# tlsv1.3 tlsv1.2 and tlsv1.1.
|
||||
#tls_version
|
||||
|
||||
# If require_certificate is true, you may set use_identity_as_username to true
|
||||
# to use the CN value from the client certificate as a username. If this is
|
||||
# true, the password_file option will not be used for this listener.
|
||||
# This takes priority over use_subject_as_username.
|
||||
# See also use_subject_as_username.
|
||||
#use_identity_as_username false
|
||||
|
||||
# If require_certificate is true, you may set use_subject_as_username to true
|
||||
# to use the complete subject value from the client certificate as a username.
|
||||
# If this is true, the password_file option will not be used for this listener.
|
||||
# See also use_identity_as_username
|
||||
#use_subject_as_username false
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Pre-shared-key based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# The following options can be used to enable PSK based SSL/TLS support for
|
||||
# this listener. Note that the recommended port for MQTT over TLS is 8883, but
|
||||
# this must be set manually.
|
||||
#
|
||||
# See also the mosquitto-tls man page and the "Certificate based SSL/TLS
|
||||
# support" section. Only one of certificate or PSK encryption support can be
|
||||
# enabled for any listener.
|
||||
|
||||
# The psk_hint option enables pre-shared-key support for this listener and also
|
||||
# acts as an identifier for this listener. The hint is sent to clients and may
|
||||
# be used locally to aid authentication. The hint is a free form string that
|
||||
# doesn't have much meaning in itself, so feel free to be creative.
|
||||
# If this option is provided, see psk_file to define the pre-shared keys to be
|
||||
# used or create a security plugin to handle them.
|
||||
#psk_hint
|
||||
|
||||
# When using PSK, the encryption ciphers used will be chosen from the list of
|
||||
# available PSK ciphers. If you want to control which ciphers are available,
|
||||
# use the "ciphers" option. The list of available ciphers can be obtained
|
||||
# using the "openssl ciphers" command and should be provided in the same format
|
||||
# as the output of that command.
|
||||
#ciphers
|
||||
|
||||
# Set use_identity_as_username to have the psk identity sent by the client used
|
||||
# as its username. Authentication will be carried out using the PSK rather than
|
||||
# the MQTT username/password and so password_file will not be used for this
|
||||
# listener.
|
||||
#use_identity_as_username false
|
||||
|
||||
|
||||
# =================================================================
|
||||
# Extra listeners
|
||||
# =================================================================
|
||||
|
||||
# Listen on a port/ip address combination. By using this variable
|
||||
# multiple times, mosquitto can listen on more than one port. If
|
||||
# this variable is used and neither bind_address nor port given,
|
||||
# then the default listener will not be started.
|
||||
# The port number to listen on must be given. Optionally, an ip
|
||||
# address or host name may be supplied as a second argument. In
|
||||
# this case, mosquitto will attempt to bind the listener to that
|
||||
# address and so restrict access to the associated network and
|
||||
# interface. By default, mosquitto will listen on all interfaces.
|
||||
# Note that for a websockets listener it is not possible to bind to a host
|
||||
# name.
|
||||
# listener port-number [ip address/host name]
|
||||
listener 9001
|
||||
|
||||
# Bind the listener to a specific interface. This is similar to
|
||||
# the [ip address/host name] part of the listener definition, but is useful
|
||||
# when an interface has multiple addresses or the address may change. It is
|
||||
# valid to use this with the [ip address/host name] part of the listener
|
||||
# definition, but take care that the interface you are binding to contains the
|
||||
# address you are binding to, otherwise you will not be able to connect.
|
||||
# Only available on Linux and requires elevated privileges.
|
||||
#
|
||||
# Example: bind_interface eth0
|
||||
#bind_interface
|
||||
|
||||
# When a listener is using the websockets protocol, it is possible to serve
|
||||
# http data as well. Set http_dir to a directory which contains the files you
|
||||
# wish to serve. If this option is not specified, then no normal http
|
||||
# connections will be possible.
|
||||
#http_dir
|
||||
|
||||
# The maximum number of client connections to allow. This is
|
||||
# a per listener setting.
|
||||
# Default is -1, which means unlimited connections.
|
||||
# Note that other process limits mean that unlimited connections
|
||||
# are not really possible. Typically the default maximum number of
|
||||
# connections possible is around 1024.
|
||||
#max_connections -1
|
||||
|
||||
# The listener can be restricted to operating within a topic hierarchy using
|
||||
# the mount_point option. This is achieved be prefixing the mount_point string
|
||||
# to all topics for any clients connected to this listener. This prefixing only
|
||||
# happens internally to the broker; the client will not see the prefix.
|
||||
#mount_point
|
||||
|
||||
# Choose the protocol to use when listening.
|
||||
# This can be either mqtt or websockets.
|
||||
# Certificate based TLS may be used with websockets, except that only the
|
||||
# cafile, certfile, keyfile and ciphers options are supported.
|
||||
protocol websockets
|
||||
|
||||
# Set use_username_as_clientid to true to replace the clientid that a client
|
||||
# connected with with its username. This allows authentication to be tied to
|
||||
# the clientid, which means that it is possible to prevent one client
|
||||
# disconnecting another by using the same clientid.
|
||||
# If a client connects with no username it will be disconnected as not
|
||||
# authorised when this option is set to true.
|
||||
# Do not use in conjunction with clientid_prefixes.
|
||||
# See also use_identity_as_username.
|
||||
#use_username_as_clientid
|
||||
|
||||
# Change the websockets headers size. This is a global option, it is not
|
||||
# possible to set per listener. This option sets the size of the buffer used in
|
||||
# the libwebsockets library when reading HTTP headers. If you are passing large
|
||||
# header data such as cookies then you may need to increase this value. If left
|
||||
# unset, or set to 0, then the default of 1024 bytes will be used.
|
||||
#websockets_headers_size
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Certificate based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# The following options can be used to enable certificate based SSL/TLS support
|
||||
# for this listener. Note that the recommended port for MQTT over TLS is 8883,
|
||||
# but this must be set manually.
|
||||
#
|
||||
# See also the mosquitto-tls man page and the "Pre-shared-key based SSL/TLS
|
||||
# support" section. Only one of certificate or PSK encryption support can be
|
||||
# enabled for any listener.
|
||||
|
||||
# At least one of cafile or capath must be defined to enable certificate based
|
||||
# TLS encryption. They both define methods of accessing the PEM encoded
|
||||
# Certificate Authority certificates that have signed your server certificate
|
||||
# and that you wish to trust.
|
||||
# cafile defines the path to a file containing the CA certificates.
|
||||
# capath defines a directory that will be searched for files
|
||||
# containing the CA certificates. For capath to work correctly, the
|
||||
# certificate files must have ".crt" as the file ending and you must run
|
||||
# "openssl rehash <path to capath>" each time you add/remove a certificate.
|
||||
#cafile
|
||||
#capath
|
||||
|
||||
# Path to the PEM encoded server certificate.
|
||||
#certfile
|
||||
|
||||
# Path to the PEM encoded keyfile.
|
||||
#keyfile
|
||||
|
||||
|
||||
# If you wish to control which encryption ciphers are used, use the ciphers
|
||||
# option. The list of available ciphers can be optained using the "openssl
|
||||
# ciphers" command and should be provided in the same format as the output of
|
||||
# that command.
|
||||
#ciphers
|
||||
|
||||
# If you have require_certificate set to true, you can create a certificate
|
||||
# revocation list file to revoke access to particular client certificates. If
|
||||
# you have done this, use crlfile to point to the PEM encoded revocation file.
|
||||
#crlfile
|
||||
|
||||
# To allow the use of ephemeral DH key exchange, which provides forward
|
||||
# security, the listener must load DH parameters. This can be specified with
|
||||
# the dhparamfile option. The dhparamfile can be generated with the command
|
||||
# e.g. "openssl dhparam -out dhparam.pem 2048"
|
||||
#dhparamfile
|
||||
|
||||
# By default an TLS enabled listener will operate in a similar fashion to a
|
||||
# https enabled web server, in that the server has a certificate signed by a CA
|
||||
# and the client will verify that it is a trusted certificate. The overall aim
|
||||
# is encryption of the network traffic. By setting require_certificate to true,
|
||||
# the client must provide a valid certificate in order for the network
|
||||
# connection to proceed. This allows access to the broker to be controlled
|
||||
# outside of the mechanisms provided by MQTT.
|
||||
#require_certificate false
|
||||
|
||||
# If require_certificate is true, you may set use_identity_as_username to true
|
||||
# to use the CN value from the client certificate as a username. If this is
|
||||
# true, the password_file option will not be used for this listener.
|
||||
#use_identity_as_username false
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Pre-shared-key based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# The following options can be used to enable PSK based SSL/TLS support for
|
||||
# this listener. Note that the recommended port for MQTT over TLS is 8883, but
|
||||
# this must be set manually.
|
||||
#
|
||||
# See also the mosquitto-tls man page and the "Certificate based SSL/TLS
|
||||
# support" section. Only one of certificate or PSK encryption support can be
|
||||
# enabled for any listener.
|
||||
|
||||
# The psk_hint option enables pre-shared-key support for this listener and also
|
||||
# acts as an identifier for this listener. The hint is sent to clients and may
|
||||
# be used locally to aid authentication. The hint is a free form string that
|
||||
# doesn't have much meaning in itself, so feel free to be creative.
|
||||
# If this option is provided, see psk_file to define the pre-shared keys to be
|
||||
# used or create a security plugin to handle them.
|
||||
#psk_hint
|
||||
|
||||
# When using PSK, the encryption ciphers used will be chosen from the list of
|
||||
# available PSK ciphers. If you want to control which ciphers are available,
|
||||
# use the "ciphers" option. The list of available ciphers can be optained
|
||||
# using the "openssl ciphers" command and should be provided in the same format
|
||||
# as the output of that command.
|
||||
#ciphers
|
||||
|
||||
# Set use_identity_as_username to have the psk identity sent by the client used
|
||||
# as its username. Authentication will be carried out using the PSK rather than
|
||||
# the MQTT username/password and so password_file will not be used for this
|
||||
# listener.
|
||||
#use_identity_as_username false
|
||||
|
||||
|
||||
# =================================================================
|
||||
# Persistence
|
||||
# =================================================================
|
||||
|
||||
# If persistence is enabled, save the in-memory database to disk
|
||||
# every autosave_interval seconds. If set to 0, the persistence
|
||||
# database will only be written when mosquitto exits. See also
|
||||
# autosave_on_changes.
|
||||
# Note that writing of the persistence database can be forced by
|
||||
# sending mosquitto a SIGUSR1 signal.
|
||||
#autosave_interval 1800
|
||||
|
||||
# If true, mosquitto will count the number of subscription changes, retained
|
||||
# messages received and queued messages and if the total exceeds
|
||||
# autosave_interval then the in-memory database will be saved to disk.
|
||||
# If false, mosquitto will save the in-memory database to disk by treating
|
||||
# autosave_interval as a time in seconds.
|
||||
#autosave_on_changes false
|
||||
|
||||
# Save persistent message data to disk (true/false).
|
||||
# This saves information about all messages, including
|
||||
# subscriptions, currently in-flight messages and retained
|
||||
# messages.
|
||||
# retained_persistence is a synonym for this option.
|
||||
#persistence false
|
||||
|
||||
# The filename to use for the persistent database, not including
|
||||
# the path.
|
||||
#persistence_file mosquitto.db
|
||||
|
||||
# Location for persistent database. Must include trailing /
|
||||
# Default is an empty string (current directory).
|
||||
# Set to e.g. /var/lib/mosquitto/ if running as a proper service on Linux or
|
||||
# similar.
|
||||
#persistence_location
|
||||
|
||||
|
||||
# =================================================================
|
||||
# Logging
|
||||
# =================================================================
|
||||
|
||||
# Places to log to. Use multiple log_dest lines for multiple
|
||||
# logging destinations.
|
||||
# Possible destinations are: stdout stderr syslog topic file
|
||||
#
|
||||
# stdout and stderr log to the console on the named output.
|
||||
#
|
||||
# syslog uses the userspace syslog facility which usually ends up
|
||||
# in /var/log/messages or similar.
|
||||
#
|
||||
# topic logs to the broker topic '$SYS/broker/log/<severity>',
|
||||
# where severity is one of D, E, W, N, I, M which are debug, error,
|
||||
# warning, notice, information and message. Message type severity is used by
|
||||
# the subscribe/unsubscribe log_types and publishes log messages to
|
||||
# $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe.
|
||||
#
|
||||
# The file destination requires an additional parameter which is the file to be
|
||||
# logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be
|
||||
# closed and reopened when the broker receives a HUP signal. Only a single file
|
||||
# destination may be configured.
|
||||
#
|
||||
# Note that if the broker is running as a Windows service it will default to
|
||||
# "log_dest none" and neither stdout nor stderr logging is available.
|
||||
# Use "log_dest none" if you wish to disable logging.
|
||||
#log_dest stderr
|
||||
|
||||
# Types of messages to log. Use multiple log_type lines for logging
|
||||
# multiple types of messages.
|
||||
# Possible types are: debug, error, warning, notice, information,
|
||||
# none, subscribe, unsubscribe, websockets, all.
|
||||
# Note that debug type messages are for decoding the incoming/outgoing
|
||||
# network packets. They are not logged in "topics".
|
||||
#log_type error
|
||||
#log_type warning
|
||||
#log_type notice
|
||||
#log_type information
|
||||
|
||||
|
||||
# If set to true, client connection and disconnection messages will be included
|
||||
# in the log.
|
||||
#connection_messages true
|
||||
|
||||
# If using syslog logging (not on Windows), messages will be logged to the
|
||||
# "daemon" facility by default. Use the log_facility option to choose which of
|
||||
# local0 to local7 to log to instead. The option value should be an integer
|
||||
# value, e.g. "log_facility 5" to use local5.
|
||||
#log_facility
|
||||
|
||||
# If set to true, add a timestamp value to each log message.
|
||||
#log_timestamp true
|
||||
|
||||
# Set the format of the log timestamp. If left unset, this is the number of
|
||||
# seconds since the Unix epoch.
|
||||
# This is a free text string which will be passed to the strftime function. To
|
||||
# get an ISO 8601 datetime, for example:
|
||||
# log_timestamp_format %Y-%m-%dT%H:%M:%S
|
||||
#log_timestamp_format
|
||||
|
||||
# Change the websockets logging level. This is a global option, it is not
|
||||
# possible to set per listener. This is an integer that is interpreted by
|
||||
# libwebsockets as a bit mask for its lws_log_levels enum. See the
|
||||
# libwebsockets documentation for more details. "log_type websockets" must also
|
||||
# be enabled.
|
||||
#websockets_log_level 0
|
||||
|
||||
|
||||
# =================================================================
|
||||
# Security
|
||||
# =================================================================
|
||||
|
||||
# If set, only clients that have a matching prefix on their
|
||||
# clientid will be allowed to connect to the broker. By default,
|
||||
# all clients may connect.
|
||||
# For example, setting "secure-" here would mean a client "secure-
|
||||
# client" could connect but another with clientid "mqtt" couldn't.
|
||||
#clientid_prefixes
|
||||
|
||||
# Boolean value that determines whether clients that connect
|
||||
# without providing a username are allowed to connect. If set to
|
||||
# false then a password file should be created (see the
|
||||
# password_file option) to control authenticated client access.
|
||||
#
|
||||
# Defaults to true if no other security options are set. If `password_file` or
|
||||
# `psk_file` is set, or if an authentication plugin is loaded which implements
|
||||
# username/password or TLS-PSK checks, then `allow_anonymous` defaults to
|
||||
# false.
|
||||
#
|
||||
#allow_anonymous true
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Default authentication and topic access control
|
||||
# -----------------------------------------------------------------
|
||||
|
||||
# Control access to the broker using a password file. This file can be
|
||||
# generated using the mosquitto_passwd utility. If TLS support is not compiled
|
||||
# into mosquitto (it is recommended that TLS support should be included) then
|
||||
# plain text passwords are used, in which case the file should be a text file
|
||||
# with lines in the format:
|
||||
# username:password
|
||||
# The password (and colon) may be omitted if desired, although this
|
||||
# offers very little in the way of security.
|
||||
#
|
||||
# See the TLS client require_certificate and use_identity_as_username options
|
||||
# for alternative authentication options. If an auth_plugin is used as well as
|
||||
# password_file, the auth_plugin check will be made first.
|
||||
#password_file
|
||||
|
||||
# Access may also be controlled using a pre-shared-key file. This requires
|
||||
# TLS-PSK support and a listener configured to use it. The file should be text
|
||||
# lines in the format:
|
||||
# identity:key
|
||||
# The key should be in hexadecimal format without a leading "0x".
|
||||
# If an auth_plugin is used as well, the auth_plugin check will be made first.
|
||||
#psk_file
|
||||
|
||||
# Control access to topics on the broker using an access control list
|
||||
# file. If this parameter is defined then only the topics listed will
|
||||
# have access.
|
||||
# If the first character of a line of the ACL file is a # it is treated as a
|
||||
# comment.
|
||||
# Topic access is added with lines of the format:
|
||||
#
|
||||
# topic [read|write|readwrite] <topic>
|
||||
#
|
||||
# The access type is controlled using "read", "write" or "readwrite". This
|
||||
# parameter is optional (unless <topic> contains a space character) - if not
|
||||
# given then the access is read/write. <topic> can contain the + or #
|
||||
# wildcards as in subscriptions.
|
||||
#
|
||||
# The first set of topics are applied to anonymous clients, assuming
|
||||
# allow_anonymous is true. User specific topic ACLs are added after a
|
||||
# user line as follows:
|
||||
#
|
||||
# user <username>
|
||||
#
|
||||
# The username referred to here is the same as in password_file. It is
|
||||
# not the clientid.
|
||||
#
|
||||
#
|
||||
# If is also possible to define ACLs based on pattern substitution within the
|
||||
# topic. The patterns available for substition are:
|
||||
#
|
||||
# %c to match the client id of the client
|
||||
# %u to match the username of the client
|
||||
#
|
||||
# The substitution pattern must be the only text for that level of hierarchy.
|
||||
#
|
||||
# The form is the same as for the topic keyword, but using pattern as the
|
||||
# keyword.
|
||||
# Pattern ACLs apply to all users even if the "user" keyword has previously
|
||||
# been given.
|
||||
#
|
||||
# If using bridges with usernames and ACLs, connection messages can be allowed
|
||||
# with the following pattern:
|
||||
# pattern write $SYS/broker/connection/%c/state
|
||||
#
|
||||
# pattern [read|write|readwrite] <topic>
|
||||
#
|
||||
# Example:
|
||||
#
|
||||
# pattern write sensor/%u/data
|
||||
#
|
||||
# If an auth_plugin is used as well as acl_file, the auth_plugin check will be
|
||||
# made first.
|
||||
#acl_file
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# External authentication and topic access plugin options
|
||||
# -----------------------------------------------------------------
|
||||
|
||||
# External authentication and access control can be supported with the
|
||||
# auth_plugin option. This is a path to a loadable plugin. See also the
|
||||
# auth_opt_* options described below.
|
||||
#
|
||||
# The auth_plugin option can be specified multiple times to load multiple
|
||||
# plugins. The plugins will be processed in the order that they are specified
|
||||
# here. If the auth_plugin option is specified alongside either of
|
||||
# password_file or acl_file then the plugin checks will be made first.
|
||||
#
|
||||
#auth_plugin
|
||||
|
||||
# If the auth_plugin option above is used, define options to pass to the
|
||||
# plugin here as described by the plugin instructions. All options named
|
||||
# using the format auth_opt_* will be passed to the plugin, for example:
|
||||
#
|
||||
# auth_opt_db_host
|
||||
# auth_opt_db_port
|
||||
# auth_opt_db_username
|
||||
# auth_opt_db_password
|
||||
|
||||
|
||||
# =================================================================
|
||||
# Bridges
|
||||
# =================================================================
|
||||
|
||||
# A bridge is a way of connecting multiple MQTT brokers together.
|
||||
# Create a new bridge using the "connection" option as described below. Set
|
||||
# options for the bridges using the remaining parameters. You must specify the
|
||||
# address and at least one topic to subscribe to.
|
||||
#
|
||||
# Each connection must have a unique name.
|
||||
#
|
||||
# The address line may have multiple host address and ports specified. See
|
||||
# below in the round_robin description for more details on bridge behaviour if
|
||||
# multiple addresses are used. Note that if you use an IPv6 address, then you
|
||||
# are required to specify a port.
|
||||
#
|
||||
# The direction that the topic will be shared can be chosen by
|
||||
# specifying out, in or both, where the default value is out.
|
||||
# The QoS level of the bridged communication can be specified with the next
|
||||
# topic option. The default QoS level is 0, to change the QoS the topic
|
||||
# direction must also be given.
|
||||
#
|
||||
# The local and remote prefix options allow a topic to be remapped when it is
|
||||
# bridged to/from the remote broker. This provides the ability to place a topic
|
||||
# tree in an appropriate location.
|
||||
#
|
||||
# For more details see the mosquitto.conf man page.
|
||||
#
|
||||
# Multiple topics can be specified per connection, but be careful
|
||||
# not to create any loops.
|
||||
#
|
||||
# If you are using bridges with cleansession set to false (the default), then
|
||||
# you may get unexpected behaviour from incoming topics if you change what
|
||||
# topics you are subscribing to. This is because the remote broker keeps the
|
||||
# subscription for the old topic. If you have this problem, connect your bridge
|
||||
# with cleansession set to true, then reconnect with cleansession set to false
|
||||
# as normal.
|
||||
#connection <name>
|
||||
#address <host>[:<port>] [<host>[:<port>]]
|
||||
#topic <topic> [[[out | in | both] qos-level] local-prefix remote-prefix]
|
||||
|
||||
|
||||
# If a bridge has topics that have "out" direction, the default behaviour is to
|
||||
# send an unsubscribe request to the remote broker on that topic. This means
|
||||
# that changing a topic direction from "in" to "out" will not keep receiving
|
||||
# incoming messages. Sending these unsubscribe requests is not always
|
||||
# desirable, setting bridge_attempt_unsubscribe to false will disable sending
|
||||
# the unsubscribe request.
|
||||
#bridge_attempt_unsubscribe true
|
||||
|
||||
# Set the version of the MQTT protocol to use with for this bridge. Can be one
|
||||
# of mqttv311 or mqttv11. Defaults to mqttv311.
|
||||
#bridge_protocol_version mqttv311
|
||||
|
||||
# Set the clean session variable for this bridge.
|
||||
# When set to true, when the bridge disconnects for any reason, all
|
||||
# messages and subscriptions will be cleaned up on the remote
|
||||
# broker. Note that with cleansession set to true, there may be a
|
||||
# significant amount of retained messages sent when the bridge
|
||||
# reconnects after losing its connection.
|
||||
# When set to false, the subscriptions and messages are kept on the
|
||||
# remote broker, and delivered when the bridge reconnects.
|
||||
#cleansession false
|
||||
|
||||
# Set the amount of time a bridge using the lazy start type must be idle before
|
||||
# it will be stopped. Defaults to 60 seconds.
|
||||
#idle_timeout 60
|
||||
|
||||
# Set the keepalive interval for this bridge connection, in
|
||||
# seconds.
|
||||
#keepalive_interval 60
|
||||
|
||||
# Set the clientid to use on the local broker. If not defined, this defaults to
|
||||
# 'local.<clientid>'. If you are bridging a broker to itself, it is important
|
||||
# that local_clientid and clientid do not match.
|
||||
#local_clientid
|
||||
|
||||
# If set to true, publish notification messages to the local and remote brokers
|
||||
# giving information about the state of the bridge connection. Retained
|
||||
# messages are published to the topic $SYS/broker/connection/<clientid>/state
|
||||
# unless the notification_topic option is used.
|
||||
# If the message is 1 then the connection is active, or 0 if the connection has
|
||||
# failed.
|
||||
# This uses the last will and testament feature.
|
||||
#notifications true
|
||||
|
||||
# Choose the topic on which notification messages for this bridge are
|
||||
# published. If not set, messages are published on the topic
|
||||
# $SYS/broker/connection/<clientid>/state
|
||||
#notification_topic
|
||||
|
||||
# Set the client id to use on the remote end of this bridge connection. If not
|
||||
# defined, this defaults to 'name.hostname' where name is the connection name
|
||||
# and hostname is the hostname of this computer.
|
||||
# This replaces the old "clientid" option to avoid confusion. "clientid"
|
||||
# remains valid for the time being.
|
||||
#remote_clientid
|
||||
|
||||
# Set the password to use when connecting to a broker that requires
|
||||
# authentication. This option is only used if remote_username is also set.
|
||||
# This replaces the old "password" option to avoid confusion. "password"
|
||||
# remains valid for the time being.
|
||||
#remote_password
|
||||
|
||||
# Set the username to use when connecting to a broker that requires
|
||||
# authentication.
|
||||
# This replaces the old "username" option to avoid confusion. "username"
|
||||
# remains valid for the time being.
|
||||
#remote_username
|
||||
|
||||
# Set the amount of time a bridge using the automatic start type will wait
|
||||
# until attempting to reconnect.
|
||||
# This option can be configured to use a constant delay time in seconds, or to
|
||||
# use a backoff mechanism based on "Decorrelated Jitter", which adds a degree
|
||||
# of randomness to when the restart occurs.
|
||||
#
|
||||
# Set a constant timeout of 20 seconds:
|
||||
# restart_timeout 20
|
||||
#
|
||||
# Set backoff with a base (start value) of 10 seconds and a cap (upper limit) of
|
||||
# 60 seconds:
|
||||
# restart_timeout 10 30
|
||||
#
|
||||
# Defaults to jitter with a base of 5 and cap of 30
|
||||
#restart_timeout 5 30
|
||||
|
||||
# If the bridge has more than one address given in the address/addresses
|
||||
# configuration, the round_robin option defines the behaviour of the bridge on
|
||||
# a failure of the bridge connection. If round_robin is false, the default
|
||||
# value, then the first address is treated as the main bridge connection. If
|
||||
# the connection fails, the other secondary addresses will be attempted in
|
||||
# turn. Whilst connected to a secondary bridge, the bridge will periodically
|
||||
# attempt to reconnect to the main bridge until successful.
|
||||
# If round_robin is true, then all addresses are treated as equals. If a
|
||||
# connection fails, the next address will be tried and if successful will
|
||||
# remain connected until it fails
|
||||
#round_robin false
|
||||
|
||||
# Set the start type of the bridge. This controls how the bridge starts and
|
||||
# can be one of three types: automatic, lazy and once. Note that RSMB provides
|
||||
# a fourth start type "manual" which isn't currently supported by mosquitto.
|
||||
#
|
||||
# "automatic" is the default start type and means that the bridge connection
|
||||
# will be started automatically when the broker starts and also restarted
|
||||
# after a short delay (30 seconds) if the connection fails.
|
||||
#
|
||||
# Bridges using the "lazy" start type will be started automatically when the
|
||||
# number of queued messages exceeds the number set with the "threshold"
|
||||
# parameter. It will be stopped automatically after the time set by the
|
||||
# "idle_timeout" parameter. Use this start type if you wish the connection to
|
||||
# only be active when it is needed.
|
||||
#
|
||||
# A bridge using the "once" start type will be started automatically when the
|
||||
# broker starts but will not be restarted if the connection fails.
|
||||
#start_type automatic
|
||||
|
||||
# Set the number of messages that need to be queued for a bridge with lazy
|
||||
# start type to be restarted. Defaults to 10 messages.
|
||||
# Must be less than max_queued_messages.
|
||||
#threshold 10
|
||||
|
||||
# If try_private is set to true, the bridge will attempt to indicate to the
|
||||
# remote broker that it is a bridge not an ordinary client. If successful, this
|
||||
# means that loop detection will be more effective and that retained messages
|
||||
# will be propagated correctly. Not all brokers support this feature so it may
|
||||
# be necessary to set try_private to false if your bridge does not connect
|
||||
# properly.
|
||||
#try_private true
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# Certificate based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# Either bridge_cafile or bridge_capath must be defined to enable TLS support
|
||||
# for this bridge.
|
||||
# bridge_cafile defines the path to a file containing the
|
||||
# Certificate Authority certificates that have signed the remote broker
|
||||
# certificate.
|
||||
# bridge_capath defines a directory that will be searched for files containing
|
||||
# the CA certificates. For bridge_capath to work correctly, the certificate
|
||||
# files must have ".crt" as the file ending and you must run "openssl rehash
|
||||
# <path to capath>" each time you add/remove a certificate.
|
||||
#bridge_cafile
|
||||
#bridge_capath
|
||||
|
||||
|
||||
# If the remote broker has more than one protocol available on its port, e.g.
|
||||
# MQTT and WebSockets, then use bridge_alpn to configure which protocol is
|
||||
# requested. Note that WebSockets support for bridges is not yet available.
|
||||
#bridge_alpn
|
||||
|
||||
# When using certificate based encryption, bridge_insecure disables
|
||||
# verification of the server hostname in the server certificate. This can be
|
||||
# useful when testing initial server configurations, but makes it possible for
|
||||
# a malicious third party to impersonate your server through DNS spoofing, for
|
||||
# example. Use this option in testing only. If you need to resort to using this
|
||||
# option in a production environment, your setup is at fault and there is no
|
||||
# point using encryption.
|
||||
#bridge_insecure false
|
||||
|
||||
# Path to the PEM encoded client certificate, if required by the remote broker.
|
||||
#bridge_certfile
|
||||
|
||||
# Path to the PEM encoded client private key, if required by the remote broker.
|
||||
#bridge_keyfile
|
||||
|
||||
# -----------------------------------------------------------------
|
||||
# PSK based SSL/TLS support
|
||||
# -----------------------------------------------------------------
|
||||
# Pre-shared-key encryption provides an alternative to certificate based
|
||||
# encryption. A bridge can be configured to use PSK with the bridge_identity
|
||||
# and bridge_psk options. These are the client PSK identity, and pre-shared-key
|
||||
# in hexadecimal format with no "0x". Only one of certificate and PSK based
|
||||
# encryption can be used on one
|
||||
# bridge at once.
|
||||
#bridge_identity
|
||||
#bridge_psk
|
||||
|
||||
|
||||
# =================================================================
|
||||
# External config files
|
||||
# =================================================================
|
||||
|
||||
# External configuration files may be included by using the
|
||||
# include_dir option. This defines a directory that will be searched
|
||||
# for config files. All files that end in '.conf' will be loaded as
|
||||
# a configuration file. It is best to have this as the last option
|
||||
# in the main file. This option will only be processed from the main
|
||||
# configuration file. The directory specified must not contain the
|
||||
# main configuration file.
|
||||
# Files within include_dir will be loaded sorted in case-sensitive
|
||||
# alphabetical order, with capital letters ordered first. If this option is
|
||||
# given multiple times, all of the files from the first instance will be
|
||||
# processed before the next instance. See the man page for examples.
|
||||
#include_dir
|
@ -37,7 +37,7 @@ def post_json(endpoint, url, data):
|
||||
sleep(10) # retry in 10 seconds
|
||||
|
||||
|
||||
def publish_json(endpoint, data):
|
||||
def publish_json(transport, endpoint, data):
|
||||
json_data = json.dumps(data)
|
||||
serial = data['device']
|
||||
|
||||
@ -52,6 +52,7 @@ def publish_json(endpoint, data):
|
||||
hostname=endpoint.split(':')[0],
|
||||
port=int(endpoint.split(':')[1]),
|
||||
client_id=serial,
|
||||
transport=('websockets' if transport == 'ws' else 'tcp'),
|
||||
# auth=auth FIXME
|
||||
)
|
||||
|
||||
@ -69,7 +70,7 @@ def main():
|
||||
'127.0.0.1:1883'),
|
||||
help='IoT MQTT endpoint')
|
||||
parser.add_argument('-t', '--transport',
|
||||
choices=['mqtt', 'http'],
|
||||
choices=['mqtt', 'ws', 'http'],
|
||||
default=os.environ.get('IOT_TL', 'http'),
|
||||
help='IoT transport layer')
|
||||
parser.add_argument('-s', '--serial',
|
||||
@ -103,8 +104,9 @@ def main():
|
||||
}
|
||||
if args.transport == 'http':
|
||||
post_json(args.endpoint, telemetry, {**data, 'payload': payload})
|
||||
elif args.transport == 'mqtt':
|
||||
publish_json(args.mqtt, {**data, 'payload': payload})
|
||||
elif args.transport in ('mqtt', 'ws'):
|
||||
publish_json(
|
||||
args.transport, args.mqtt, {**data, 'payload': payload})
|
||||
else:
|
||||
raise NotImplementedError
|
||||
sleep(args.delay)
|
||||
|
Binary file not shown.
File diff suppressed because one or more lines are too long
Before Width: | Height: | Size: 248 KiB After Width: | Height: | Size: 260 KiB |
Loading…
Reference in New Issue
Block a user