网站导航
> 文章列表 > CentOS7 内网安装mosquitto

CentOS7 内网安装mosquitto

网友: 文章列表 2024-03-21 19:41:16

CentOS7 内网安装mosquitto

目录

说明:

依赖需求

安装mosquitto

新增用户

设置用户权限

说明:

        mosquitto是一款实现了消息推送协议 MQTT v3.1 的开源消息代理软件,Mosquitto轻量,适用于低功耗单板计算机到完整服务器的所有设备。Mosquitto项目还提供了用于实现MQTT客户端的C库以及非常受欢迎的mosquitto_pub和mosquitto_sub命令行MQTT客户端。

最近有IOT方向开发的需求,MQTT就选用了mosquitto:

下载地址:Download | Eclipse Mosquitto

依赖需求:

1  gcc gcc-c++ libstdc++-devel
2  openssl-devel
3  c-ares-devel
4  uuid-devel
5  libuuid-devel
6  cJSON

 

具体的依赖可以从RPM resource readline-devel 上查找对应的版本然后上传到堡垒机

通过

cat /proc/version

此命令可以查看正在运行的内核版本信息。,然后根据信息选择对应的版本

因为涉及到make的指令,所以g++也需要安装。

RPM resource上下载的都是rpm包,使用 rpm -i(-ivh) 进行安装,过程中出现循环依赖可参考:CentOS离线安装gcc(循环依赖、冲突解决) - 知乎

安装mosquitto:

下载源码包:

https://mosquitto.org/files/source/mosquitto-2.0.15.tar.gz.asc

解压包:

tar -zxvf mosquitto-2.0.15.tar.gz

进入包中make:

cd mosquitto-2.0.15
make && make install
cd /etc/mosquitto

复制mosquitto的配置文件:

cp mosquitto.conf.example mosquitto.conf

启动测试

# 测试启动服务
mosquitto -c /etc/mosquitto/mosquitto.conf
#测试pub 
mosquitto_pub --help

新增用户:

修改mosquitto.conf 配置文件

 3 # into mosquitto (it is recommended that TLS support should be included) then4 # plain text passwords are used, in which case the file should be a text file5 # with lines in the format:6 # username:password7 # The password (and colon) may be omitted if desired, although this8 # offers very little in the way of security.9 #
10 # See the TLS client require_certificate and use_identity_as_username options
11 # for alternative authentication options. If an auth_plugin is used as well as
12 # password_file, the auth_plugin check will be made first.
13 #打开password_file
password_file /etc/mosquitto/pwfile  
创建用户密码
1 mosquitto_passwd -c /etc/mosquitto/pwfile testa 
2 
3 mosquitto_passwd -c /etc/mosquitto/pwfile testb

重启生效。

设置用户权限:

testa只能订阅/req/#主题、发布/res/#主题,testb正好相反

修改mosquitto.conf:

# The form is the same as for the topic keyword, but using pattern as the
# keyword.
# Pattern ACLs apply to all users even if the "user" keyword has previously
# been given.
#
# If using bridges with usernames and ACLs, connection messages can be allowed
# with the following pattern:
# pattern write $SYS/broker/connection/%c/state
#
# pattern [read|write|readwrite] <topic>
#
# Example:
#
# pattern write sensor/%u/data
#
# If an auth_plugin is used as well as acl_file, the auth_plugin check will be
# made first.
acl_file /etc/mosquitto/aclfile

修改aclfile:

cd /etc/mosquitto
cp aclfile.example aclfile
vi aclfile
 1 # This affects access control for clients with no username.2 topic read $SYS/#3 4 # This only affects clients with username "roger".5 user roger6 topic foo/bar7 8 9 # This affects all clients.
10 pattern write $SYS/broker/connection/%c/state
11 
12 
13 user testa
14 topic write /req/#
15 topic read /res/#
16 
17 user testb
18 topic read /req/#
19 topic write /res/#

重启生效。

网络标签:

相关问题