上篇用TLS/SSL保證EMQ的網絡傳輸安全講了使用自簽ca加密MQTT傳輸數據,如果mqtt用在web端,如何使用ssl、tsl加密?
1、web客戶端
// 引入mqtt.min.js // 將在全局初始化一個 mqtt 變量 //console.log(mqtt); // 連接選項 const options = { connectTimeout: 4000, // 超時時間 // 認證信息 username: 'xiaoming', password: '123456', }; // ws是普通通訊,端口8083;wss是加密通訊,必須用域名連接,端口是8084 // const client = mqtt.connect('ws://192.168.0.43:8083/mqtt', options); const client = mqtt.connect('wss://www.test.com:8084/mqtt', options); // client. client.on('connect', (error) => { console.log('鏈接成功:', error) }); client.on('reconnect', (error) => { console.log('正在重連:', error) }); client.on('error', (error) => { console.log('連接失敗:', error) }); // 訂閱列表 client.subscribe('pub', { qos: 2 }); // 監聽接收消息事件 client.on('message', (topic, message) => { // console.log('收到來自', topic, '的消息', message.toString()); });
2、EMQX服務端修改配置文件./emqx/etc/emqx.conf
## See: listener.ssl.$name.keyfile ## ## Value: File listener.wss.external.keyfile = etc/certs/MyEMQ1.key ## listener.wss.external.keyfile = etc/certs/emqx.key ## Path to a file containing the user certificate. ## ## See: listener.ssl.$name.certfile ## ## Value: File listener.wss.external.certfile = etc/certs/MyEMQ1.pem ## listener.wss.external.certfile = etc/certs/emqx.pem ## Path to the file containing PEM-encoded CA certificates. ## ## See: listener.ssl.$name.cacert ## ## Value: File listener.wss.external.cacertfile = etc/certs/MyRootCA.pem ## listener.wss.external.cacertfile = etc/certs/my_root_ca.pem
3、注意:把之前生成的ca根證書安裝到本地計算機和瀏覽器上,重啟瀏覽器即可使用ssl加密連接web客戶端和EMQX服務器