安装MQTT服务器
1. 安装mosquitto
sudo apt install mosquitto
sudo apt install libmosquitto-dev
sudo apt install mosquitto-clients
2. 启动mosquitto
默认安装mosquitto后就会自动启动mosquitto进程,其配置文件在/etc/mosquitto下,默认监听端口为1883 /usr/sbin/mosquitto -c /etc/f
查看mosquitto的启动命令
# mosquitto -h
mosquitto version 1.4.15 (build date Tue, 18 Jun 2019 11:42:22 -0300)
mosquitto is an MQTT v3.1.1/v3.1 broker.
Usage: mosquitto [-c config_file] [-d] [-h] [-p port]
-c : specify the broker config file.  (配置文件路径)
-d : put the broker into the background after starting. (后台运行)
-h : display this help. (显示帮助)
开源mqtt服务器-p : start the broker listening on the specified port.
Not recommended in conjunction with the -c option. (指定端口)-v : verbose mode - enable all logging types. This overrides
any logging options given in the config file. (打印日志)
执行:mosquitto -p 5678 -v,在本地端口5678上启动mosquitto服务,并在前台运行打印日志
3. 订阅
使用mosquitto_sub命令启动订阅,查看mosquitto_sub的启动命令
# mosquitto_sub --help
mosquitto_sub is a simple mqtt client that will subscribe to a single topic and print all messages it receives.
mosquitto_sub version 1.4.15 running on libmosquitto 1.4.15.
Usage: mosquitto_sub [-c] [-h host] [-k keepalive] [-p port] [-q qos] [-R] -t topic ...
[-C msg_count] [-T filter_out]
[-A bind_address] [-S]
[-i id] [-I id_prefix]
[-d] [-N] [--quiet] [-v]
[-u username [-P password]]
[--will-topic [--will-payload payload] [--will-qos qos] [--will-retain]]
[{--cafile file | --capath dir} [--cert file] [--key file]
[--ciphers ciphers] [--insecure]]
[--psk hex-key --psk-identity identity [--ciphers ciphers]]
[--proxy socks-url]
mosquitto_sub --help
-A : bind the outgoing socket to this host/ip address. Use to control which interface
the client communicates over.
-c : disable 'clean session' (store subscription and pending messages when client disconnects).
-C : disconnect and exit after receiving the 'msg_count' messages.
-d : enable debug messages.
-h : mqtt host to connect to. Defaults to localhost.
-i : id to use for this client. Defaults to mosquitto_sub_ appended with the process id.
-I : define the client id as id_prefix appended with the process id. Useful
for when the
broker is using the clientid_prefixes option.
-k : keep alive in seconds for this client. Defaults to 60.
-N : do not add an end of line character when printing the payload.
-p : network port to connect to. Defaults to 1883.
-P : provide a password (requires MQTT 3.1 broker)
-q : quality of service level to use for the subscription. Defaults to 0.
-R : do not print stale messages (those with retain set).
-S : use SRV lookups to determine which host to connect to.
-t : mqtt topic to subscribe to. May be repeated multiple times.
-T : topic string to filter out of results. May be repeated.
-
u : provide a username (requires MQTT 3.1 broker)
-v : print published messages verbosely.
-V : specify the version of the MQTT protocol to use when connecting.
Can be mqttv31 or mqttv311. Defaults to mqttv31.
--help : display this message.
--quiet : don't print error messages.
--will-payload : payload for the client Will, which is sent by the broker in case of
unexpected disconnection. If not given and will-topic is set, a zero
length message will be sent.
--will-qos : QoS level for the client Will.
--will-retain : if given, make the client Will retained.
-
-will-topic : the topic on which to publish the client Will.
--cafile : path to a file containing trusted CA certificates to enable encrypted
certificate based communication.
--capath : path to a directory containing trusted CA certificates to enable encrypted
communication.
--cert : client certificate for authentication, if required by server.
--key : client private key for authentication, if required by server.
--ciphers : openssl compatible list of TLS ciphers to support.
--tls-version : TLS protocol version, can be one of tlsv1.2 tlsv1.1 or tlsv1.
Defaults to tlsv1.2 if available.
--insecure : do not check that the server certificate hostname matches the remote
hostname. Using this option means that you cannot be sure that the
remote host is the server you wish to connect to and so is insecure.
Do not use this option in a production environment.
--psk : pre-shared-key in hexadecimal (no leading 0x) to enable TLS-PSK mode.
--psk-identity : client identity string for TLS-PSK mode.
--proxy : SOCKS5 proxy URL of the form:
socks5h://[username[:password]@]hostname[:port]
Only "none" and "username" authentication is supported.
重要的选项:-h指定连接mqtt服务的ip地址,默认为localhost -p指定连接mqtt服务的端口-t指定订阅主题(主题:mqtt中的最重要的概念)
执行命令:mosquitto_sub -v -p 5678 -t topic,订阅topic主题
4. 发布
使用mosquitto_pub命令发布,查看该命令的帮助与mosquitto_sub基本类似,使用同样的选项指定mqtt服务的ip地址,端口,以及发布主题等。-m选项:发布消息的内容执行命令:mosquitto_pub -p 5678 -t
topic -m hello
5. 运行结果
执行发布命令后,在订阅窗口中打印接收到hello消息
添加TLS证书加密
1. 生成证书
如果有证书可跳过本步骤,可以用openssl生成证书。采用github上OweTracks项目下载并运行generate-CA.sh脚本。该脚本创建CA文件,生成服务器证书,并使用CA来签名证书。
运行脚本
$ mkdir myca
$cd myca
$ bash ./generate-CA.sh
generate-CA.sh会产生6个文件:ca.crt,ca.key,ca.srl,,host.csr和host.key。分别为: 证书(.CRT),钥匙(.KEY),请求(.csr文件),并在签名过程中的一系列记录文件(.slr),注意host是系统名字,也就是服务器端的文件。
将证书文件拷贝到mosquitto配置目录/etc/mosquitto下:
$ sudo /etc/mosquitto/ca_certificates/
$ sudo host.key /etc/mosquitto/certs/
2. mosquitto配置
mosquitto支持多端口监听,为了验证配置的正确性,我们在5678端口上配置单向验证。
/etc/f配置文件内容:
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/f.example
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
我们只需将不同端口的配置文件放在conf.d目录下即可。
单向认证配置如下:
listener 5678
cafile /etc/mosquitto/ca_
certfile /etc/mosquitto/
keyfile /etc/mosquitto/certs/server.key
使用root用户启动mosquitto程序:mosquitto -c /etc/f
3. 验证
在本机使用mosquitto_pub,mosquitto_sub命令验证mqtts通信在命令行中通过cafile指定证书文件路径,连接mosquitto服务器。
sub:  mosquitto_sub -p 5678 -t topic --cafile
/etc/mosquitto/ca_ -v
pub:  mosquitto_pub -p 5678 -t topic --cafile
/etc/mosquitto/ca_ -m hello

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。