Use the Wiki Feature for better documentation

Tasks

• Enable port 1884 for insecure Websockets (prototype case)
• Enable port 8884 for secure Websockets (selfsigned, certbot case)
• Add simple python script to distinguish the selfsigned can certbot case i.e. Insecure TLS verification

How have the Traefik configuration files be changed to disable the "basic auth" feature for the Traefik dashboard ?
Thanks!

Hi, I am attempted to connect to mosquitto broker but since MQTTFX is no longer free, I've been trying to use MQTT Explorer, MQTTBOX, MQTTLens, EMQX Client ( MQTTX ) with no luck connecting to mosquitto, any help is appreciated.

( I will test selfsigned now, then move on to Lety's Encrypt )
self signed could not complete as error states: IP does not match certificate's altenames: IP: 192.168.10.25 is not in the cert's list:
I edited the generate-certs.sh with the following:
CN=$(192.168.10.25 -I

Certbot folder is missing

00-install-certbot.sh
01-generate-certs.sh

🤔

Possible Source: Digital Ocean Community Tutorial on setting up MQTT broker with Certbot

With the current code on the branch selfsigned, the telegraf container keeps trying to connect to the mosquitto container configured with TLS certificates and available on port 8883 on a machine.

Publishing/Subscribing from mosquitto-clients is possible and data is being sent via usage of client certificates, but telegraf is unable to connect with the broker.

Suspicion lies in using the Common Name (CN) during creation of the Certificates.

Perhaps add CN=0.0.0.0 or CN=mosquitto

Sources

MQTT TLS Ubuntu 18.04

Provide bash scripts for the following tasks:

• Install certbot for the machine (POSIX-ish compliant)
• Enable the HTTP Port (80) via firewall for certbot
• Generate SSL certificates via certbot CLI for a given domain name and e-mail address
• Append necessary environment variables for certbot.env

Scripts:

• 00-install-certbot.sh
• 01-generate-certs.sh

addresses #1

Stack Specifications

Provide basic authentication / authorization for all components

InfluxDB

Source

Environment variables:

INFLUX_USERNAME=admin
INFLUX_PASSWORD=adminInflux
INFLUXDB_HTTP_AUTH_ENABLED=true

Grafana

Source

Environment variables:

GF_SECURITY_ADMIN_USER=admin
GF_SECURITY_ADMIN_PASSWORD=adminGrafana

Mosquitto

The Broker requires a docker container to convert passwords file to encrypted information. Source

Telegraf

It is possible to leverage the Environment Variables in the telegraf.conf file Source

• Create bash script to generate x509 certificates for the host
• adapt the configuration files
• add docker-compose file for the case

Possible Source

Influxdb

Based on the Documentation for InfluxDB v1.x on Docker Hub

Environment Variables for InfluxDB to be used:

INFLUXDB_DB
INFLUXDB_HTTP_AUTH_ENABLED
INFLUXDB_ADMIN_USER
INFLUXDB_ADMIN_PASSWORD

INFLUXDB_USERNAME
INFLUXDB_PASSWORD

According to documentation:

INFLUXDB_USER
The name of a user to be created with no privileges. If INFLUXDB_DB is set, this user will be granted read and write permissions for that database.

     password = "${TG_MOSQUITTO_USERNAME}"

Should be ${TG_MOSQUITTO_PASSWORD}

Using the new Mosquitto 2.0 version should solve our issues with user mangement and topic registration as Mosquitto 2.0 also includes a management dashboard

Based on the Sources mentioned in #3, create an executable bash script for the user to generate the Certificates and generate an .env file at the end to make it convenient for deployment

[[processors.enum]] mapping has a bug for version 1.15 which does not allow string->string mapping for the sensorID with location.

Changes needed to telegraf image in:

• prototype/docker-compose.prototype.yml
• selfsigned/docker-compose.selfsigned.yml
• certbot/docker-compose.certbot.yml

#15 reverted telegraf from the v1.15 to v1.13

Problem

The problem is documented in the GitHub Gist

The [[processors.enum]] was not working with the v1.15 where the sensorID was enumerated to location tag.

Solution

The solution is to mention the order key to all the processors in the telegraf configuration file

1. Regular Expression Parsing should occur first [[processors.regex]] order = 1
2. Enumeration should occur next [[processors.enum]] order = 2

Aim

• Use the reverse proxy to cover InfluxDB, Grafana APIs
• Use traefik to also log information about the stack in InfluxDB + Telegraf (low priority)