Detailed explanation of the process of building an MQTT server using Docker

1. Pull the image

docker pull registry.cn-hangzhou.aliyuncs.com/synbop/emqttd:2.3.6

2. Run the image

–name name
-p 18083 server startup port
-p 1882 TCP port
-p 8083 WS port
-p 8084 WSS port
-p 8883 SSL port
-d specifies the container

docker run --name emq -p 18083:18083 -p 1883:1883 -p 8084:8084 -p 8883:8883 -p 8083:8083 -d registry.cn-hangzhou.aliyuncs.com/synbop/emqttd:2.3.6

3. Enter the emq service page

Enter機器IP:18083 in the browser to enter the emqtt page

Initial account: admin, password: public

4. Configure emq (for V3.1.0)

Configure permissions for emq users. emq also supports multiple database authentication, including mongo, redis, pgsql, etc. If you are interested, you can study it yourself.

# Enter the container, you cannot use /bin/bash to enter docker exec -it emq /bin/sh

1. First, turn off anonymous authentication (it is turned on by default and anyone can log in)

# Edit the configuration file vi /opt/emqttd/etc/emq.conf
# Change allowAnonymous True -> false
allow_anonymous = false

2. Create a mysql table of users and permissions. You can pull a mysql container or create it directly in mysql in your ubuntu

CREATE DATABASE emq charset utf8;

use eqm;

CREATE TABLE mqtt_user ( 
id int(11) unsigned NOT NULL AUTO_INCREMENT, 
username varchar(100) DEFAULT NULL, 
password varchar(100) DEFAULT NULL, 
salt varchar(20) DEFAULT NULL, 
is_superuser tinyint(1) DEFAULT 0, 
created datetime DEFAULT NULL, 
PRIMARY KEY (id), 
UNIQUE KEY mqtt_username (username) 
)ENGINE=MyISAM DEFAULT CHARSET=utf8;

CREATE TABLE mqtt_acl ( 
id int(11) unsigned NOT NULL AUTO_INCREMENT, 
allow int(1) DEFAULT NULL COMMENT '0: deny, 1: allow', 
ipaddr varchar(60) DEFAULT NULL COMMENT 'IpAddress', 
username varchar(100) DEFAULT NULL COMMENT 'Username', 
clientid varchar(100) DEFAULT NULL COMMENT 'ClientId', 
access int(2) NOT NULL COMMENT '1: subscribe, 2: publish, 3: pubsub', 
topic varchar(100) NOT NULL DEFAULT '' COMMENT 'Topic Filter', 
PRIMARY KEY (id) 
)ENGINE=InnoDB DEFAULT CHARSET=utf8;

3. Insert ACL rules-ACL rules

Tips: !!! Do not set it directly according to the example below. Check the ACL rules first and then configure it according to your own situation.

INSERT INTO `mqtt_acl` (`id`, `allow`, `ipaddr`, `username`, `clientid`, `access`, `topic`) VALUES 
(1,1,NULL,'$all',NULL,2,'#'),
(2,0,NULL,'$all',NULL,1,'$SYS/#'),
(3,0,NULL,'$all',NULL,1,'eq #'),
(5,1,'127.0.0.1',NULL,NULL,2,'$SYS/#'),
(6,1,'127.0.0.1',NULL,NULL,2,'#'),
(7,1,NULL,'dashboard',NULL,1,'$SYS/#');

4. Insert the user. From now on, all subscribing and publishing clients must pass the user verification (please convert the sha256 value yourself)

# You can configure a super administrator (the super administrator will have the right to subscribe and push to all topics regardless of ACL rules)
insert into mqtt_user (`username`, `password`) values ('admin', '03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4');
update mqtt_user set is_superuser=1 where id=super administrator ID;

ps: Note that auth.mysql.password_hash (default is sha256) If it is sha256, you need to manually pass the encrypted value when adding a new user. If it is plain, it does not need to be encrypted and is stored in plain text.

5. Modify the mysql configuration file of emq

vi /opt/emqttd/etc/plugins/emq_auth_mysql.conf
auth.mysql.server = yourmysql-IP:3306 
auth.mysql.username = root 
auth.mysql.password = xxxxxxxx 
auth.mysql.database = emq

6. Restart emq

/opt/emqttd/bin/emqx stop
/opt/emqttd/bin/emqx start
/opt/emqttd/bin/emqttd_ctl plugins load emq_auth_mysql #Open mysql authentication plugin

ACL Rules

Rules table field description:

allow: prohibit (0), allow (1)
ipaddr: Set IP address
Username: The username of the connected client. If the value here is set to $all, it means that the rule applies to all users.
clientid: Client ID of the connecting client
access: Allowed operations: subscribe (1), publish (2), both subscribe and publish (3)
Topic: The topic of the control. Wildcards can be used, and placeholders can be added to the topic to match client information. For example, t/%c will replace the topic with the Client ID of the current client when matching.

%u: User name

%c：Client ID

Example

-- All users cannot subscribe to system topics INSERT INTO mqtt_acl (allow, ipaddr, username, clientid, access, topic) VALUES (0, NULL, '$all', NULL, 1, '$SYS/#');

-- Allow clients on 10.59.1.100 to subscribe to system topics INSERT INTO mqtt_acl (allow, ipaddr, username, clientid, access, topic) VALUES (1, '10.59.1.100', NULL, NULL, 1, '$SYS/#');

-- Forbid clients to subscribe to the /smarthome/+/temperature topic INSERT INTO mqtt_acl (allow, ipaddr, username, clientid, access, topic) VALUES (0, NULL, NULL, NULL, 1, '/smarthome/+/temperature');

-- Allow the client to subscribe to the /smarthome/${clientid}/temperature topic containing its own Client ID INSERT INTO mqtt_acl (allow, ipaddr, username, clientid, access, topic) VALUES (1, NULL, NULL, NULL, 1, '/smarthome/%c/temperature');

This is the end of this article about using Docker to build an MQTT server. For more information about Docker MQTT server, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!

You may also be interested in: