From d553f604a9db898085e30a5533c4ac37aebbe3b2 Mon Sep 17 00:00:00 2001 From: Ruakij Date: Fri, 21 Oct 2022 14:48:29 +0200 Subject: [PATCH] Add own certs to mosquitto --- .../files/opt/netmaker_server/mosquitto/config/mosquitto.conf | 3 +++ netmaker_server/tasks/certs.yml | 1 + netmaker_server/templates/docker-compose.yml.template | 1 + 3 files changed, 5 insertions(+) diff --git a/netmaker_server/files/opt/netmaker_server/mosquitto/config/mosquitto.conf b/netmaker_server/files/opt/netmaker_server/mosquitto/config/mosquitto.conf index 299f632..39ff237 100644 --- a/netmaker_server/files/opt/netmaker_server/mosquitto/config/mosquitto.conf +++ b/netmaker_server/files/opt/netmaker_server/mosquitto/config/mosquitto.conf @@ -1,6 +1,9 @@ per_listener_settings false + listener 8883 allow_anonymous false +certfile /certs/node.crt +keyfile /certs/node.key listener 1883 allow_anonymous false diff --git a/netmaker_server/tasks/certs.yml b/netmaker_server/tasks/certs.yml index c47454f..69eadc5 100644 --- a/netmaker_server/tasks/certs.yml +++ b/netmaker_server/tasks/certs.yml @@ -1,6 +1,7 @@ - name: Generate PrivateKey community.crypto.openssl_privatekey: path: /opt/netmaker_server/certs/node.key + owner: 1883 # Set owner to mosquitto-user (all other containers seem to run as root) - name: Generate Certificate-Signing-Request from privateKey community.crypto.openssl_csr: diff --git a/netmaker_server/templates/docker-compose.yml.template b/netmaker_server/templates/docker-compose.yml.template index d7fbfc9..5c00634 100644 --- a/netmaker_server/templates/docker-compose.yml.template +++ b/netmaker_server/templates/docker-compose.yml.template @@ -123,6 +123,7 @@ services: - ./mosquitto/config:/mosquitto/config - ./mosquitto/data:/mosquitto/data - ./mosquitto/logs:/mosquitto/log + - "./certs:/certs:ro" depends_on: - netmaker command: ["/mosquitto/config/wait.sh"]