Mosquitto安裝與部署

版本說明：

    Mosquitto版本：v2.0.10
    libwebsockets版本：v3.0.1(用於支持websockets)
    mosquitto-go-auth(Mosquitto plugin)：v1.50(提供權限認證)

1.編譯前准備

    因為我們准備本機編譯源碼包，所以要提前安裝gcc

yum -y install gcc-c++ cmake 

    還有一些三方依賴

yum install openssl-devel
yum install libuuid-devel
yum install c-ares-devel
yum install uuid-devel
yum install libwebsockets-devel.x86_64
yum install libwebsockets.x86_64

2.下載Mosquitto源碼

    從官網下載Mosquitto源碼壓縮包, 或者從github上下載也是可以的, 我這里使用的版本2.0.10

3.解壓並安裝Mosquitto

    Mosquitto默認是不支持websockets的，要在編譯前修改config.mk，WITH_WEBSOCKETS:=yes，把no改為yes
    執行make，make install；

    如果遇到fatal error: cjson/cJSON.h: No such file or directory報錯，那么要提前安裝cJSON(這里cJSON的安裝，yum和apt不一定能找到，可以直接從github上下載源碼壓縮包，然后解壓，進入目錄，並make，make install), 這是當前版本的bug，后期應該會修復吧;

    安裝完成之后，添加名稱為mosquitto的用戶，並將相關文件夾授權給mosquitto用戶

sudo groupadd mosquitto
sudo useradd -s /sbin/nologin mosquitto -g mosquitto -d /var/lib/mosquitto
sudo mkdir -p /var/log/mosquitto/ /var/lib/mosquitto/
sudo chown -R mosquitto:mosquitto /var/log/mosquitto/
sudo chown -R mosquitto:mosquitto /var/lib/mosquitto/

    創建/etc/systemd/system/mosquitto.service文件

[Unit]
Description=Mosquitto MQTT v3.1/v3.1.1 server
Wants=network.target
Documentation=http://mosquitto.org/documentation/

[Service]
Type=simple
User=mosquitto
Group=mosquitto
ExecStart=/usr/local/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
Restart=on-failure
SyslogIdentifier=Mosquitto

[Install]
WantedBy=multi-user.target

    設置開機啟動

sudo systemctl enable mosquitto

4.解壓並安裝Mosquitto auth插件

    我安裝的是mosquitto-go-auth插件，因為是go語言寫的插件，所以要提前安裝golang，建議同時設置go的代理go env -w GOPROXY=https://mirrors.aliyun.com/goproxy，編譯后得到go-auth.so插件

5.配置mosquitto

修改/etc/mosquitto/mosquitto.conf

per_listener_settings true

include_dir /etc/mosquitto/conf


persistence true

persistence_location /var/lib/mosquitto/

log_dest file /var/log/mosquitto/mosquitto.log

#password_file /etc/mosquitto/pwfile

#acl_file /etc/mosquitto/aclfile

log_timestamp true

log_timestamp_format %Y-%m-%dT%H:%M:%S

log_type all

創建/etc/mosquitto/conf文件夾，並將go-auth.so插件移入，創建go-auth-mqtt.conf配置文件，go-auth-websockets.conf配置文件，分別對應mqtt協議，websockets協議


go-auth-mqtt.conf配置

listener 18883

protocol mqtt

connection_messages true

socket_domain ipv4

allow_anonymous false

auth_plugin /etc/mosquitto/conf/go-auth.so

auth_opt_backends mysql

auth_opt_cache true
auth_opt_cache_type redis
auth_opt_cache_reset true
auth_opt_cache_refresh true

auth_opt_auth_cache_seconds 30
auth_opt_acl_cache_seconds 30
auth_opt_auth_jitter_seconds 3
auth_opt_acl_jitter_seconds 3

auth_opt_cache_host XX.X.X.XXX
auth_opt_cache_port 6379
auth_opt_cache_password yourpassword
auth_opt_cache_db 3

auth_opt_hasher pbkdf2


auth_opt_hasher_salt_size 16           # salt bytes length
auth_opt_hasher_iterations 100000      # number of iterations
auth_opt_hasher_keylen 64              # key length
auth_opt_hasher_algorithm sha512       # hashing algorithm, either sha512 (default) or sha256
auth_opt_hasher_salt_encoding base64   # salt encoding, either base64 (default) or utf-8

auth_opt_log_level debug


auth_opt_log_dest file
auth_opt_log_file /var/log/mosquitto/mosquitto_auth.log

auth_opt_retry_count 2

#根據名稱前綴匹配驗證方式
auth_opt_check_prefix false

auth_opt_disable_superuser false

auth_opt_mysql_allow_native_passwords true
auth_opt_mysql_host mysqlhostaddress
auth_opt_mysql_port 3306
auth_opt_mysql_user mqtt
auth_opt_mysql_password mysqlpassword
auth_opt_mysql_dbname mqtt
auth_opt_mysql_userquery SELECT password_hash FROM mqtt_user WHERE username = ? limit 1
auth_opt_mysql_superquery SELECT COUNT(*) FROM mqtt_user WHERE username = ? AND is_admin = 1
auth_opt_mysql_aclquery SELECT topic FROM mqtt_acl WHERE (username = ?) AND (rw = ? OR rw = 3)

go-auth-websockets.conf配置

listener 18884

protocol websockets

connection_messages true

socket_domain ipv4

allow_anonymous false

auth_plugin /etc/mosquitto/conf/go-auth.so

auth_opt_backends jwt

auth_opt_jwt_mode remote
auth_opt_jwt_parse_token false
auth_opt_jwt_userfield username

auth_opt_jwt_host jwtauthserverhost
auth_opt_jwt_port 80
auth_opt_jwt_getuser_uri /op/unauthorized
auth_opt_jwt_superuser_uri /op/unauthorized
auth_opt_jwt_aclcheck_uri /op/unauthorized
auth_opt_jwt_response_mode status
auth_opt_jwt_params_mode json
auth_opt_jwt_with_tls false
auth_opt_jwt_verify_peer false


auth_opt_cache true
auth_opt_cache_type redis
auth_opt_cache_reset true
auth_opt_cache_refresh true

auth_opt_auth_cache_seconds 30
auth_opt_acl_cache_seconds 30
auth_opt_auth_jitter_seconds 3
auth_opt_acl_jitter_seconds 3

auth_opt_cache_host redishostaddress
auth_opt_cache_port 6379
auth_opt_cache_password redispassword
auth_opt_cache_db 3




auth_opt_log_level debug


auth_opt_log_dest file
auth_opt_log_file /var/log/mosquitto/mosquitto_auth.log

auth_opt_retry_count 2

#根據名稱前綴匹配驗證方式
auth_opt_check_prefix false

auth_opt_disable_superuser false