{"id":328,"date":"2019-07-02T14:57:38","date_gmt":"2019-07-02T14:57:38","guid":{"rendered":"https:\/\/silviamarin.ro\/?p=74"},"modified":"2019-07-02T14:57:38","modified_gmt":"2019-07-02T14:57:38","slug":"instalare-mosquitto-broker-2","status":"publish","type":"post","link":"https:\/\/marinelvis.xyz\/index.php\/2019\/07\/02\/instalare-mosquitto-broker-2\/","title":{"rendered":"INSTALARE MOSQUITTO BROKER"},"content":{"rendered":"<h3>Instalarea Mosquitto Broker<\/h3>\n<pre>apt update\napt install -y mosquitto mosquitto-clients\nsystemctl enable mosquitto.service<\/pre>\n<p>Verificare:<\/p>\n<pre>mosquitto -v<\/pre>\n<h3>Securizarea Mosquito<\/h3>\n<h4>a. Configurarea parolei<\/h4>\n<p>Mosquitto genereaz\u0103 un fi\u0219ier cu parol\u0103 cu utilitarul <em>mosquitto_passwd<\/em>. Dup\u0103 introducerea comenzii se genereaz\u0103 o parol\u0103 pentru utilizatorul <span style=\"color: #ff0000;\"><em>elvis<\/em><\/span> \u0219i se plaseaz\u0103 rezultatele \u00een <em>\/etc\/mosquitto\/passwd<\/em>.<\/p>\n<pre>mosquitto_passwd -c \/etc\/mosquitto\/passwd <span style=\"color: #ff0000;\">elvis<\/span><\/pre>\n<p>Se genereaz\u0103 un nou fi\u0219ier de configurare pentru Mosquitto prin care toate conexiunile vor necesita autentificare:<\/p>\n<pre>nano \/etc\/mosquitto\/conf.d\/default.conf<\/pre>\n<p>Se introduc urm\u0103toarele r\u00e2nduri:<\/p>\n<blockquote><p><em> listener 1883<\/em><br \/>\n<em>allow_anonymous false<\/em><br \/>\n<em>password_file \/etc\/mosquitto\/passwd<\/em><\/p><\/blockquote>\n<p>\u00cenregistrarea <em>allow_anonymous false<\/em> va dezactiva toate conexiunile neautentificate, iar \u00eenregistrarea <em>password_file<\/em> spune Mosquitto unde s\u0103 caute informa\u021bii despre utilizator \u0219i parol\u0103. Se salveaz\u0103 \u015fi se iese din fi\u015fier (Ctrl+o \u015fo Ctrl+x).<br \/>\nSe reporne\u015fte Mosquitto:<\/p>\n<pre>systemctl restart mosquitto<\/pre>\n<p>Se poate testa prin publicarea unui mesaj f\u0103r\u0103 parol\u0103:<\/p>\n<pre>mosquitto_pub -h localhost -t \"test\" -m \"salut lume\"<\/pre>\n<p>Mesajul este respins:<\/p>\n<blockquote><p><em>Connection Refused: not authorised.<\/em><br \/>\n<em>Error: The connection was refused.<\/em><\/p><\/blockquote>\n<p>Se deschide o noua fereastr\u0103 a terminalului, se subscrie la topicul \u201etest\u201d folosind de data aceasta numele de utilizator \u0219i parola:<\/p>\n<pre>mosquitto_sub -h localhost -t test -u \"<span style=\"color: #ff0000;\">elvis<\/span>\" -P \"<span style=\"color: #ff0000;\">parola<\/span>\"<\/pre>\n<p>Terminalul va r\u0103mane deschis pentru a\u015fteptarea mesajelor de testare.<br \/>\nSe public\u0103 un nou mesaj cu cel\u0103lalt terminal folosind numele de utilizator \u0219i parola:<\/p>\n<pre>mosquitto_pub -h localhost -t \"test\" -m \"Hello world\" -u \"<span style=\"color: #ff0000;\">elvis<\/span>\" -P \"<span style=\"color: #ff0000;\">parola<\/span>\"<\/pre>\n<p>Mesajul &#8222;Hello world&#8221; se afi\u015feaz\u0103 \u00een terminalul deschis anterior. Parolele sunt transmise necriptat.<\/p>\n<h4>b. Configurarea SSL<\/h4>\n<p>Pentru a activa criptarea SSL se indic\u0103 loca\u0163ia certificatelor Let&#8217;s Encrypt \u00een fi\u0219ierul de configurare generat anterior:<\/p>\n<pre>nano \/etc\/mosquitto\/conf.d\/default.conf<\/pre>\n<p>Se introduc urm\u0103toarele linii la finalul fi\u0219ierului:<\/p>\n<blockquote><p><em>. . .<\/em><br \/>\n<em>listener 1883 localhost<\/em><\/p>\n<p><em>listener 8883<\/em><br \/>\n<em>certfile \/etc\/letsencrypt\/live\/<span style=\"color: #ff0000;\">marinelvis.xyz\/<\/span>\/cert.pem<\/em><br \/>\n<em>cafile \/etc\/letsencrypt\/live\/<span style=\"color: #ff0000;\">marinelvis.xyz\/<\/span>\/chain.pem<\/em><br \/>\n<em>keyfile \/etc\/letsencrypt\/live\/<span style=\"color: #ff0000;\">marinelvis.xyz\/<\/span>\/privkey.pem<\/em><\/p><\/blockquote>\n<p>S-au ad\u0103ugat dou\u0103 blocuri la configura\u021bie. Primul bloc <em>localhost listener 1883<\/em>, impune ca toate conexiunile f\u0103r\u0103 parol\u0103 pe portul 1883 s\u0103 se fac\u0103 numai pe localhost f\u0103c\u00e2ndu-l inaccesibil din exterior. Cererile externe pe portul 1883 vor fi oricum blocate de firewall.<br \/>\n<em>listener 8883 <\/em>configureaz\u0103 criptarea conexiunilor pe portul 8883 (portul standard pentru MQTTS).<br \/>\nSe salveaz\u0103 \u015fi se iese din fi\u015fier (Ctrl+o \u015fi Ctrl+x).<br \/>\nSe reporne\u015fte Mosquitto:<\/p>\n<pre>systemctl restart mosquitto<\/pre>\n<p>Se actualizeaz\u0103 firewall-ul pentru a permite conexiunile la portul 8883 \u015fi blocarea portului 1883:<\/p>\n<pre>ufw allow 8883\nufw deny 1883<\/pre>\n<p>Se poate testa din nou folosind <em>mosquitto_pub<\/em>, cu op\u021biunile specifice pentru SSL:<\/p>\n<pre>mosquitto_pub -h <span style=\"color: #ff0000;\"><em>marinelvis.xyz\/<\/em><\/span>\u00a0-t test -m \"Hello again\" -p 8883 --capath \/etc\/ssl\/certs\/ -u \"<span style=\"color: #ff0000;\">elvis<\/span>\" -P \"parola\"<\/pre>\n<p>\u00cen terminalul deschis trebuie s\u0103 apar\u0103 mesajul <em>\u201eHello again\u201d<\/em><\/p>\n<h3>Bridge intre doua brokere:<\/h3>\n<p>Ipoteza in care broker-ul 1 (elvismarin.eu) trebuie sa primeasca mesajele de la broker-ul 2 (marinmihai.go.ro):<\/p>\n<p>Se editeaza fisierul de configurare al broker-ului 1:<\/p>\n<pre>nano \/etc\/mosquitto\/mosquitto.conf<\/pre>\n<p>Se introduc liniile:<\/p>\n<blockquote><p><em>connection SERVER<\/em><br \/>\n<em>address marinmihai.go.ro:1883<\/em><br \/>\n<em>remote_username elvis<\/em><br \/>\n<em>remote_password Cocosata123@<\/em><br \/>\n<em>#topic # out 0<\/em><br \/>\n<em>#topic # in 0<\/em><br \/>\n<em>topic # both 0<\/em><\/p><\/blockquote>\n<p>Se reporneste Mosquitto:<\/p>\n<pre>systemctl restart mosquitto<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Instalarea Mosquitto Broker apt update apt install -y mosquitto mosquitto-clients systemctl enable mosquitto.service Verificare: mosquitto -v Securizarea Mosquito a. Configurarea parolei Mosquitto genereaz\u0103 un fi\u0219ier cu parol\u0103 cu utilitarul mosquitto_passwd. Dup\u0103 introducerea comenzii se genereaz\u0103 o parol\u0103 pentru utilizatorul elvis \u0219i se plaseaz\u0103 rezultatele \u00een \/etc\/mosquitto\/passwd. mosquitto_passwd -c \/etc\/mosquitto\/passwd elvis Se genereaz\u0103 un nou fi\u0219ier [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-328","post","type-post","status-publish","format-standard","hentry","category-fara-categorie"],"_links":{"self":[{"href":"https:\/\/marinelvis.xyz\/index.php\/wp-json\/wp\/v2\/posts\/328","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/marinelvis.xyz\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/marinelvis.xyz\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/marinelvis.xyz\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/marinelvis.xyz\/index.php\/wp-json\/wp\/v2\/comments?post=328"}],"version-history":[{"count":0,"href":"https:\/\/marinelvis.xyz\/index.php\/wp-json\/wp\/v2\/posts\/328\/revisions"}],"wp:attachment":[{"href":"https:\/\/marinelvis.xyz\/index.php\/wp-json\/wp\/v2\/media?parent=328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/marinelvis.xyz\/index.php\/wp-json\/wp\/v2\/categories?post=328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/marinelvis.xyz\/index.php\/wp-json\/wp\/v2\/tags?post=328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}