Allow Docker images to run with anon, without a config file.
Provide a mechanism for Docker users to run a broker that doesn't use authentication, without having to provide their own configuration file. Closes #2040.
This commit is contained in:
parent
9b08faf0bd
commit
12ff9d5e14
@ -16,6 +16,11 @@ Clients:
|
||||
- Fix possible loss of data in `mosquitto_pub -l` when sending multiple long
|
||||
lines. Closes #2078.
|
||||
|
||||
Build:
|
||||
- Provide a mechanism for Docker users to run a broker that doesn't use
|
||||
authentication, without having to provide their own configuration file.
|
||||
Closes #2040.
|
||||
|
||||
|
||||
2.0.7 - 2021-02-04
|
||||
==================
|
||||
|
@ -106,7 +106,7 @@ RUN set -x && \
|
||||
VOLUME ["/mosquitto/data", "/mosquitto/log"]
|
||||
|
||||
# Set up the entry point script and default command
|
||||
COPY docker-entrypoint.sh /
|
||||
COPY docker-entrypoint.sh mosquitto-no-auth.conf /
|
||||
EXPOSE 1883
|
||||
ENTRYPOINT ["/docker-entrypoint.sh"]
|
||||
CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"]
|
||||
|
@ -18,13 +18,53 @@ Two docker volumes have been created in the image to be used for persistent stor
|
||||
The image runs mosquitto under the mosquitto user and group, which are created
|
||||
with a uid and gid of 1883.
|
||||
|
||||
## Running without a configuration file
|
||||
Mosquitto 2.0 requires you to configure listeners and authentication before it
|
||||
will allow connections from anything other than the loopback interface. In the
|
||||
context of a container, this means you would normally need to provide a
|
||||
configuration file with your settings.
|
||||
|
||||
If you wish to run mosquitto without any authentication, and without setting
|
||||
any other configuration options, you can do so by setting an environment
|
||||
variable when creating the container: `NO_AUTHENTICATION=1`. Doing this will
|
||||
ignore any configuration file you provide.
|
||||
|
||||
```
|
||||
docker run -it -p 1883:1883 -e NO_AUTHENTICATION=1 eclipse-mosquitto:<version>
|
||||
```
|
||||
|
||||
## Configuration
|
||||
When creating a container from the image, the default configuration values are used.
|
||||
To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf`
|
||||
|
||||
```
|
||||
docker run -it -p 1883:1883 -v <absolute-path-to-configuration-file>:/mosquitto/config/mosquitto.conf eclipse-mosquitto:<version>
|
||||
```
|
||||
|
||||
Your configuration file must include a `listener`, and you must configure some
|
||||
form of authentication or allow unauthenticated access. If you do not do this,
|
||||
clients will be unable to connect.
|
||||
|
||||
|
||||
File based authentication and authorisation:
|
||||
```
|
||||
listener 1883
|
||||
password_file /mosquitto/data/mosquitto.password_file
|
||||
acl_file /mosquitto/data/mosquitto.aclfile
|
||||
```
|
||||
|
||||
Plugin based authentication and authorisation:
|
||||
```
|
||||
listener 1883
|
||||
plugin /usr/lib/mosquitto_dynamic_security.so
|
||||
plugin_opt_config_file /mosquitto/data/mosquitto-dynsec.json
|
||||
```
|
||||
|
||||
Unauthenticated access:
|
||||
```
|
||||
listener 1883
|
||||
allow_anonymous true
|
||||
```
|
||||
|
||||
:boom: if the mosquitto configuration (mosquitto.conf) was modified
|
||||
to use non-default ports, the docker run command will need to be updated
|
||||
to expose the ports that have been configured, for example:
|
||||
|
@ -7,4 +7,11 @@ if [ "$user" = '0' ]; then
|
||||
[ -d "/mosquitto" ] && chown -R mosquitto:mosquitto /mosquitto || true
|
||||
fi
|
||||
|
||||
exec "$@"
|
||||
if [ "$NO_AUTHENTICATION" = "1" ] && [ "$*" = '/usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf' ]; then
|
||||
# The user wants to run Mosquitto with no authentication, but without
|
||||
# providing a configuration file. Use the pre-provided file for this.
|
||||
exec /usr/sbin/mosquitto -c /mosquitto-no-auth.conf
|
||||
else
|
||||
# Execute whatever command is requested
|
||||
exec "$@"
|
||||
fi
|
||||
|
5
docker/2.0-openssl/mosquitto-no-auth.conf
Normal file
5
docker/2.0-openssl/mosquitto-no-auth.conf
Normal file
@ -0,0 +1,5 @@
|
||||
# This is a Mosquitto configuration file that creates a listener on port 1883
|
||||
# that allows unauthenticated access.
|
||||
|
||||
listener 1883
|
||||
allow_anonymous true
|
@ -108,7 +108,7 @@ RUN set -x && \
|
||||
VOLUME ["/mosquitto/data", "/mosquitto/log"]
|
||||
|
||||
# Set up the entry point script and default command
|
||||
COPY docker-entrypoint.sh /
|
||||
COPY docker-entrypoint.sh mosquitto-no-auth.conf /
|
||||
EXPOSE 1883
|
||||
ENTRYPOINT ["/docker-entrypoint.sh"]
|
||||
CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"]
|
||||
|
@ -18,13 +18,53 @@ Two docker volumes have been created in the image to be used for persistent stor
|
||||
The image runs mosquitto under the mosquitto user and group, which are created
|
||||
with a uid and gid of 1883.
|
||||
|
||||
## Running without a configuration file
|
||||
Mosquitto 2.0 requires you to configure listeners and authentication before it
|
||||
will allow connections from anything other than the loopback interface. In the
|
||||
context of a container, this means you would normally need to provide a
|
||||
configuration file with your settings.
|
||||
|
||||
If you wish to run mosquitto without any authentication, and without setting
|
||||
any other configuration options, you can do so by setting an environment
|
||||
variable when creating the container: `NO_AUTHENTICATION=1`. Doing this will
|
||||
ignore any configuration file you provide.
|
||||
|
||||
```
|
||||
docker run -it -p 1883:1883 -e NO_AUTHENTICATION=1 eclipse-mosquitto:<version>
|
||||
```
|
||||
|
||||
## Configuration
|
||||
When creating a container from the image, the default configuration values are used.
|
||||
To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf`
|
||||
|
||||
```
|
||||
docker run -it -p 1883:1883 -v <absolute-path-to-configuration-file>:/mosquitto/config/mosquitto.conf eclipse-mosquitto:<version>
|
||||
```
|
||||
|
||||
Your configuration file must include a `listener`, and you must configure some
|
||||
form of authentication or allow unauthenticated access. If you do not do this,
|
||||
clients will be unable to connect.
|
||||
|
||||
|
||||
File based authentication and authorisation:
|
||||
```
|
||||
listener 1883
|
||||
password_file /mosquitto/data/mosquitto.password_file
|
||||
acl_file /mosquitto/data/mosquitto.aclfile
|
||||
```
|
||||
|
||||
Plugin based authentication and authorisation:
|
||||
```
|
||||
listener 1883
|
||||
plugin /usr/lib/mosquitto_dynamic_security.so
|
||||
plugin_opt_config_file /mosquitto/data/mosquitto-dynsec.json
|
||||
```
|
||||
|
||||
Unauthenticated access:
|
||||
```
|
||||
listener 1883
|
||||
allow_anonymous true
|
||||
```
|
||||
|
||||
:boom: if the mosquitto configuration (mosquitto.conf) was modified
|
||||
to use non-default ports, the docker run command will need to be updated
|
||||
to expose the ports that have been configured, for example:
|
||||
|
@ -7,4 +7,11 @@ if [ "$user" = '0' ]; then
|
||||
[ -d "/mosquitto" ] && chown -R mosquitto:mosquitto /mosquitto || true
|
||||
fi
|
||||
|
||||
exec "$@"
|
||||
if [ "$NO_AUTHENTICATION" = "1" ] && [ "$*" = '/usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf' ]; then
|
||||
# The user wants to run Mosquitto with no authentication, but without
|
||||
# providing a configuration file. Use the pre-provided file for this.
|
||||
exec /usr/sbin/mosquitto -c /mosquitto-no-auth.conf
|
||||
else
|
||||
# Execute whatever command is requested
|
||||
exec "$@"
|
||||
fi
|
||||
|
5
docker/2.0/mosquitto-no-auth.conf
Normal file
5
docker/2.0/mosquitto-no-auth.conf
Normal file
@ -0,0 +1,5 @@
|
||||
# This is a Mosquitto configuration file that creates a listener on port 1883
|
||||
# that allows unauthenticated access.
|
||||
|
||||
listener 1883
|
||||
allow_anonymous true
|
Loading…
Reference in New Issue
Block a user