gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-04 02:44:29 +08:00
Code Issues Projects Releases Packages Wiki Activity

add mq dynamic security conf to docker

Browse source
This commit is contained in:
Abhishek Kondur 2022-09-13 23:33:17 +05:30
parent 44d0ef6565
commit c262df563e
3 changed files with 72 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
compose/docker-compose.yml
View file

@ -111,9 +111,9 @@ services:
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- /root/mosquitto.conf:/mosquitto/config/mosquitto.conf - /root/mosquitto.conf:/mosquitto/config/mosquitto.conf
- /root/dynamic-security.json:/mosquitto/config/dynamic-security.json
- mosquitto_data:/mosquitto/data - mosquitto_data:/mosquitto/data
- mosquitto_logs:/mosquitto/log - mosquitto_logs:/mosquitto/log
- shared_certs:/mosquitto/certs
expose: expose:
- "8883" - "8883"
labels: labels:

54
docker/dynamic-security.json Executable file
View file

@ -0,0 +1,54 @@
{
"clients": [{
"username": "bob",
"textName": "Dynsec admin user",
"password": "JEfqgJum2mlJa51WTGdvEAs2Rnc8vno14yAsAhxbjo9nKs0GAgL0+YM2iOUaW/GFK8L/B0EkbP5qd1AeyBdRTg==",
"salt": "MgoCdNVGYMqJh+nU",
"iterations": 101,
"roles": [{
"rolename": "admin"
}]
}],
"roles": [{
"rolename": "admin",
"acls": [{
"acltype": "publishClientSend",
"topic": "$CONTROL/dynamic-security/#",
"allow": true
}, {
"acltype": "publishClientReceive",
"topic": "$CONTROL/dynamic-security/#",
"allow": true
}, {
"acltype": "subscribePattern",
"topic": "$CONTROL/dynamic-security/#",
"allow": true
}, {
"acltype": "publishClientReceive",
"topic": "$SYS/#",
"allow": true
}, {
"acltype": "subscribePattern",
"topic": "$SYS/#",
"allow": true
}, {
"acltype": "publishClientReceive",
"topic": "#",
"allow": true
}, {
"acltype": "subscribePattern",
"topic": "#",
"allow": true
}, {
"acltype": "unsubscribePattern",
"topic": "#",
"allow": true
}]
}],
"defaultACLAccess": {
"publishClientSend": false,
"publishClientReceive": true,
"subscribe": false,
"unsubscribe": true
}
}

26
docker/mosquitto.conf
View file

@ -1,12 +1,20 @@
per_listener_settings true # per_listener_settings true
listener 8883 # listener 8883
allow_anonymous false # allow_anonymous false
require_certificate true # require_certificate true
use_identity_as_username true # use_identity_as_username true
cafile /mosquitto/certs/root.pem # cafile /mosquitto/certs/root.pem
certfile /mosquitto/certs/server.pem # certfile /mosquitto/certs/server.pem
keyfile /mosquitto/certs/server.key # keyfile /mosquitto/certs/server.key
# listener 1883
# allow_anonymous true
per_listener_settings false
listener 1883 listener 1883
allow_anonymous true allow_anonymous false
plugin /usr/lib/mosquitto_dynamic_security.so
plugin_opt_config_file /mosquitto/config/dynamic-security.json