우주인

1. Mosquitto Build at CentOS 7 참조하여 Mosquitto 설치

2. auth-plug.so 빌드

  2.1 mosquitto-auth-plug 소스 다운로드 

# git clone https://github.com/jpmens/mosquitto-auth-plug.git  

# cd mosquitto-auth-plug

# cp config.mk.in config.mk

# yum install mysql-devel

# make & make install

# mv auth-plug.so /etc/mosquitto/

 2.2 이미 설치된 mosquitto 의 설정파일(mosquitto.conf)를 수정한다.

    # vi mosquitto.conf

   auth_plugin /etc/mosquitto/auth-plug.so

   auth_opt_backends mysql

   auth_opt_host localhost

   auth_opt_port 3306

   auth_opt_dbname market

   auth_opt_user root

   auth_opt_pass 123456

   auth_opt_userquery SELECT pw FROM users WHERE username = ‘%s’

   auth_opt_superquery SELECT COUNT(*) FROM users WHERE username = ‘%s’ AND super = 1

   auth_opt_aclquery SELECT topic FROM acls WHERE (username = ‘%s’) AND (rw >= %d)

   auth_opt_anonusername AnonymouS

2.3 Table(users, acls)  생성

       * users, acls 테이블 생성

     mosquitto-auth-plug 디렉토리의 np( mosquitto-auth-plug 컴파일시 생성) 실행파일을 이용하여 PBKDF2 (Password-Based Key Derivation Function 2) 생성하여 users 테이블에 저장.

   mosquitto_sub, mosquitto_pub 시에는 오리지널 키를 저장.

2.4 mosquitto broker 실행

     # mosquitto -c mosquitto.conf -d -v

2.5 subscribe

     # mosquitto_sub -h localhost -p 8883 --cafile /etc/mosquitto/ca_certificates/ca.crt -t hello/world/myid  -u jjolie -P 2222       

 //개인 아이디로 subscription, -u : username, -P: password

2.6 publiish

# mosquitto_pub -h localhost -p 8883 --cafile /etc/mosquitto/ca_certificates/ca.crt -t hello/world/myid   -u jjolie -P 2222  -m "Test is Test"

1. OpenSSL 을 이용한 인증서 생성 -

  Server

   Generate a server key.

# openssl genrsa -des3 -out server.key 2048

   Generate a server key without encryption.

# openssl genrsa -out server.key 2048

   Generate a certificate signing request to send to the CA.

# openssl req -out server.csr -key server.key -new

    Send the CSR to the CA, or sign it with your CA key:

# openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days <duration>

 Create By Script(OwnTracks)

다운로드 generate-CA.sh

# mkdir CA
# chmod 700 CA
# cd CA

# wget https://github.com/owntracks/tools/raw/master/TLS/generate-CA.sh .
# ./generate-CA.sh

6개의 파일 생성 :

 ca.crt(certificates), ca.key(keys), ca.srl(serial number record), localhost.crt, localhost.csr(request), localhost.key

# sudo cp ca.crt /etc/mosquitto/ca
# sudo cp localhost.crt localhost.key /etc/mosquitto/crt/

==> mosquitto.conf 설정
# vi /usr/local/mosquitto/mosquitto.conf 후 아래항목 추가

listener 8883
protocol mqtt

cafile /etc/mosquitto/ca/ca.crt
certfile /etc/mosquitto/crt/localhost.crt
keyfile /etc/mosquitto/crt/localhost.key

require_certificate false  

#listener 1883  => 주석처리하여 TLS 외에는 접속 불가하게 만듦.
#protocol mqtt
 

 Client

    Generate a client key.

# openssl genrsa -des3 -out client.key 2048

    Generate a certificate signing request to send to the CA.

# openssl req -out client.csr -key client.key -new

    Send the CSR to the CA, or sign it with your CA key:

# openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days <duration>

Broker 시작

# mosquitto -c mosquitto.conf

# mosquitto_sub -h localhost -p 8883 --cafile /etc/mosquitto/ca_certficates/ca.crt -t hello

Publish 시작

# mosquitto_pub -h localhost -p 8883 --cafile /etc/mosquitto/ca_certficates/ca.crt -t hello -m "Test is Test"  ==> space 가 들어가 있을 때는  "" 로 묵어줌.

1. Mosquitto 관련 Package 설치

# yum install openssl openssl-devel

# yum install pcre pcre-devel               //Perl Compatible Regular Expressions

# yum install zlib zlib-devel

# yum install glibc glibc-devel

# yum install libuuid libuuid-devel

# yum install libxslt

2. Mosquitto 소스 다운로드

# yum -y install wget  // wget 설치

# cd /usr/local/src

# wget http://mosquitto.org/files/source/mosquitto-1.4.7.tar.gz

# tar zxvf  mosquitto-1.4.7.tar.gz

# cp -Rf mosquitto-1.4.7  /usr/src/mosquitto

# cd /usr/src/mosquitto

# make

   error 발생

    a. <ares.h> No such file or directory  발생 시 config.mk 파일에서 WITH_SRV:=yes => no 로 수정

    b. xsltParseStylesheetProcess : document is not a stylesheet  ==> make binary 로 실행

# make install

3. 방화벽 설정 :   MQTT port 1883  Open

  - CentOS 7 에는 Firewalld 라는 기본 방화벽이 동작됨.

  - /etc/sysconfig/iptables 파일도 존재하지 않음

     : Firewalld 를 종료하고 iptables 사용

 #systemctl stop firewalld  //firewalld  데몬 종료

 #systemctl mask firewalld  //재부팅시 다시 시작되는 것을 막음.

 #yum install iptables-services

 #iptables -I INPUT -m tcp -p tcp --dport 1883 -j ACCEPT

 #service iptables save  //iptables 규칙저장 (or /usr/libexec/iptables/iptables.init save)

 #systemctl enable iptables  //재부팅시 서비스 자동시작

 #systemctl restart iptables

#mosquitto -c /usr/local/mosquitto/mosquitto.conf

#mosquitto_sub -h localhost -t hello/world

#mosquitto_pub -h "10.11.12.13" -t hello/world -m "HELLOOOO Woorld"