Code Monkey home page Code Monkey logo

secure-mqtt-docker's Introduction

Basic Docker setup for a TLS enabled MQTT Server

Getting Started

First you must generate the certificates used for TLS, if you already have certificates skip to the next section.

Generate Certificates

cd ./config before executing this section.

Create Root CA (Done once)

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!

openssl genrsa -des3 -out rootCA.key 4096

If you want a non password protected key just remove the -des3 option

Create and self sign the Root Certificate

openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt

Here we used our root key to create the root certificate that needs to be distributed in all the computers that have to trust us.

Create a server certificate

Create the certificate key

openssl genrsa -out server.key 2048

Create the signing (csr)

The certificate signing request is where you specify the details for the certificate you want to generate. This request will be processed by the owner of the Root key (you in this case since you create it earlier) to generate the certificate.

Important: Please mind that while creating the signign request is important to specify the Common Name providing the IP address or domain name for the service, otherwise the certificate cannot be verified.

If you generate the csr in this way, openssl will ask you questions about the certificate to generate like the organization details and the Common Name (CN) that is the web address you are creating the certificate for, e.g mydomain.com.

openssl req -new -key server.key -out server.csr

Verify the csr's content

openssl req -in server.csr -noout -text

Generate the certificate using the server csr and key along with the CA Root key

openssl x509 -req -in server.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out server.crt -days 500 -sha256

Verify the certificate's content

openssl x509 -in server.crt -text -noout

Create a client certificate

Create the certificate key

openssl genrsa -out client.key

Create the signing (csr)

openssl req -new -key client.key -out client.csr

Verify the csr's content

openssl req -in client.csr -noout -text

Generate the certificate using the client csr and key along with the CA Root key

openssl x509 -req -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -in client.csr -out client.crt

Verify the certificate's content

openssl x509 -in client.crt -text -noout

Move Certificates and Verify Docker Compose Values

Move the rootCA.crt and server.* into the ./config directory and adjust the file names in docker-compose.yml accordingly.

Generate Passwords File

docker run -it --rm -v $pwd/config:/mosquitto/config eclipse-mosquitto mosquitto_passwd -c /mosquitto/config/passwords.txt <username>

to add more users change -c to -b

secure-mqtt-docker's People

Contributors

mchestr avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.