Allow Docker images to run with anon, without a config file.

Provide a mechanism for Docker users to run a broker that doesn't use
authentication, without having to provide their own configuration file.

Closes #2040.

ChangeLog.txt

@@ -16,6 +16,11 @@ Clients:
 - Fix possible loss of data in `mosquitto_pub -l` when sending multiple long
   lines. Closes #2078.
 
+Build:
+- Provide a mechanism for Docker users to run a broker that doesn't use
+  authentication, without having to provide their own configuration file.
+  Closes #2040.
+
 
 2.0.7 - 2021-02-04
 ==================

docker/2.0-openssl/Dockerfile

@@ -106,7 +106,7 @@ RUN set -x && \
 VOLUME ["/mosquitto/data", "/mosquitto/log"]
 
 # Set up the entry point script and default command
-COPY docker-entrypoint.sh /
+COPY docker-entrypoint.sh mosquitto-no-auth.conf /
 EXPOSE 1883
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"]

docker/2.0-openssl/README.md

@@ -18,13 +18,53 @@ Two docker volumes have been created in the image to be used for persistent stor
 The image runs mosquitto under the mosquitto user and group, which are created
 with a uid and gid of 1883.
 
+## Running without a configuration file
+Mosquitto 2.0 requires you to configure listeners and authentication before it
+will allow connections from anything other than the loopback interface. In the
+context of a container, this means you would normally need to provide a
+configuration file with your settings.
+
+If you wish to run mosquitto without any authentication, and without setting
+any other configuration options, you can do so by setting an environment
+variable when creating the container: `NO_AUTHENTICATION=1`. Doing this will
+ignore any configuration file you provide.
+
+```
+docker run -it -p 1883:1883 -e NO_AUTHENTICATION=1 eclipse-mosquitto:<version>
+```
+
 ## Configuration
-When creating a container from the image, the default configuration values are used.
 To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf`
+
 ```
 docker run -it -p 1883:1883 -v <absolute-path-to-configuration-file>:/mosquitto/config/mosquitto.conf eclipse-mosquitto:<version>
 ```
 
+Your configuration file must include a `listener`, and you must configure some
+form of authentication or allow unauthenticated access. If you do not do this,
+clients will be unable to connect.
+
+
+File based authentication and authorisation:
+```
+listener 1883
+password_file /mosquitto/data/mosquitto.password_file
+acl_file /mosquitto/data/mosquitto.aclfile
+```
+
+Plugin based authentication and authorisation:
+```
+listener 1883
+plugin /usr/lib/mosquitto_dynamic_security.so
+plugin_opt_config_file /mosquitto/data/mosquitto-dynsec.json
+```
+
+Unauthenticated access:
+```
+listener 1883
+allow_anonymous true
+```
+
 :boom: if the mosquitto configuration (mosquitto.conf) was modified
 to use non-default ports, the docker run command will need to be updated
 to expose the ports that have been configured, for example:

docker/2.0-openssl/docker-entrypoint.sh

@@ -7,4 +7,11 @@ if [ "$user" = '0' ]; then
 	[ -d "/mosquitto" ] && chown -R mosquitto:mosquitto /mosquitto || true
 fi
 
-exec "$@"
+if [ "$NO_AUTHENTICATION" = "1" ] && [ "$*" = '/usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf' ]; then
+	# The user wants to run Mosquitto with no authentication, but without
+	# providing a configuration file. Use the pre-provided file for this.
+	exec /usr/sbin/mosquitto -c /mosquitto-no-auth.conf
+else
+	# Execute whatever command is requested
+	exec "$@"
+fi

docker/2.0-openssl/mosquitto-no-auth.conf

@@ -0,0 +1,5 @@
+# This is a Mosquitto configuration file that creates a listener on port 1883
+# that allows unauthenticated access.
+
+listener 1883
+allow_anonymous true

docker/2.0/Dockerfile

@@ -108,7 +108,7 @@ RUN set -x && \
 VOLUME ["/mosquitto/data", "/mosquitto/log"]
 
 # Set up the entry point script and default command
-COPY docker-entrypoint.sh /
+COPY docker-entrypoint.sh mosquitto-no-auth.conf /
 EXPOSE 1883
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"]

docker/2.0/README.md

@@ -18,13 +18,53 @@ Two docker volumes have been created in the image to be used for persistent stor
 The image runs mosquitto under the mosquitto user and group, which are created
 with a uid and gid of 1883.
 
+## Running without a configuration file
+Mosquitto 2.0 requires you to configure listeners and authentication before it
+will allow connections from anything other than the loopback interface. In the
+context of a container, this means you would normally need to provide a
+configuration file with your settings.
+
+If you wish to run mosquitto without any authentication, and without setting
+any other configuration options, you can do so by setting an environment
+variable when creating the container: `NO_AUTHENTICATION=1`. Doing this will
+ignore any configuration file you provide.
+
+```
+docker run -it -p 1883:1883 -e NO_AUTHENTICATION=1 eclipse-mosquitto:<version>
+```
+
 ## Configuration
-When creating a container from the image, the default configuration values are used.
 To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf`
+
 ```
 docker run -it -p 1883:1883 -v <absolute-path-to-configuration-file>:/mosquitto/config/mosquitto.conf eclipse-mosquitto:<version>
 ```
 
+Your configuration file must include a `listener`, and you must configure some
+form of authentication or allow unauthenticated access. If you do not do this,
+clients will be unable to connect.
+
+
+File based authentication and authorisation:
+```
+listener 1883
+password_file /mosquitto/data/mosquitto.password_file
+acl_file /mosquitto/data/mosquitto.aclfile
+```
+
+Plugin based authentication and authorisation:
+```
+listener 1883
+plugin /usr/lib/mosquitto_dynamic_security.so
+plugin_opt_config_file /mosquitto/data/mosquitto-dynsec.json
+```
+
+Unauthenticated access:
+```
+listener 1883
+allow_anonymous true
+```
+
 :boom: if the mosquitto configuration (mosquitto.conf) was modified
 to use non-default ports, the docker run command will need to be updated
 to expose the ports that have been configured, for example:

docker/2.0/docker-entrypoint.sh

@@ -7,4 +7,11 @@ if [ "$user" = '0' ]; then
 	[ -d "/mosquitto" ] && chown -R mosquitto:mosquitto /mosquitto || true
 fi
 
-exec "$@"
+if [ "$NO_AUTHENTICATION" = "1" ] && [ "$*" = '/usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf' ]; then
+	# The user wants to run Mosquitto with no authentication, but without
+	# providing a configuration file. Use the pre-provided file for this.
+	exec /usr/sbin/mosquitto -c /mosquitto-no-auth.conf
+else
+	# Execute whatever command is requested
+	exec "$@"
+fi

docker/2.0/mosquitto-no-auth.conf

@@ -0,0 +1,5 @@
+# This is a Mosquitto configuration file that creates a listener on port 1883
+# that allows unauthenticated access.
+
+listener 1883
+allow_anonymous true