我正在使用 mosquitto-go-auth 插件在 mosquitto 代理中进行身份验证。
我已经通过以下链接设置了插件
https://github.com/iegomez/mosquitto-go-auth
https://www.chirpstack.io/project/guides/mqtt-authentication/#build-for-mosquitto-14x
这是我的 mosquitto.conf
per_listener_settings false
listener 1883
protocol mqtt
auth_plugin /home/user/mosquitto-go-auth/go-auth.so
allow_anonymous false
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
当我重新启动代理时,我会在日志文件中看到此信息。
1731240636: ├── TLS-PSK checking enabled.
1731240636: └── Extended authentication not enabled.
1731240636: mosquitto version 2.0.15 starting
1731240636: Config loaded from /etc/mosquitto/mosquitto.conf.
1731240636: Loading plugin: /home/user/mosquitto-go-auth/go-auth.so
1731240636: ├── Username/password checking enabled.
1731240636: ├── TLS-PSK checking enabled.
1731240636: └── Extended authentication not enabled.
1731240637: mosquitto version 2.0.15 starting
1731240637: Config loaded from /etc/mosquitto/mosquitto.conf.
1731240637: Loading plugin: /home/user/mosquitto-go-auth/go-auth.so
1731240637: ├── Username/password checking enabled.
1731240637: ├── TLS-PSK checking enabled.
1731240637: └── Extended authentication not enabled.
1731240637: mosquitto version 2.0.15 starting
1731240637: Config loaded from /etc/mosquitto/mosquitto.conf.
1731240637: Loading plugin: /home/user/mosquitto-go-auth/go-auth.so
1731240637: ├── Username/password checking enabled.
1731240637: ├── TLS-PSK checking enabled.
1731240637: └── Extended authentication not enabled.
如果我删除插件,那么代理工作正常,但如果我添加身份验证插件,它就会失败。
我已经更新了我的
mosquitto.confallow_anonymous false
per_listener_settings false
listener 1883
protocol mqtt
auth_plugin /home/user/mosquitto-go-auth/go-auth.so
auth_opt_backends postgres
auth_opt_pg_host 172.25.34.117
auth_opt_pg_port 5432
auth_opt_pg_dbname go_auth
auth_opt_pg_user postgres
auth_opt_pg_password postgres
auth_opt_pg_userquery SELECT password FROM users WHERE name = ? LIMIT 1
auth_opt_hasher bcrypt
auth_opt_hasher_cost 10
auth_opt_cache true
auth_opt_cache_reset true
#auth_opt_auth_cache_seconds 30
#auth_opt_acl_cache_seconds 90
#auth_opt_auth_jitter_second 3
#auth_opt_acl_jitter_seconds 5
#auth_opt_http_host auth.backend.com
#auth_opt_http_port 80
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
但是在日志中,我得到了相同的相同加密,但这次代理运行时没有任何问题。 但是当我检查 Mosquitto 状态时,我收到 Postgres 错误。 即使所有配置设置均正确输入。
user@DESKTOP-J9NGCNR:/etc/mosquitto$ sudo systemctl status mosquitto
● mosquitto.service - Mosquitto MQTT v3.1/v5 server
Loaded: loaded (/etc/systemd/system/mosquitto.service; enabled; preset: enabled)
Active: active (running) since Mon 2024-11-11 04:58:51 UTC; 1s ago
Docs: http://mosquitto.org/documentation/
Main PID: 10909 (mosquitto)
Tasks: 7 (limit: 9337)
Memory: 13.8M ()
CGroup: /system.slice/mosquitto.service
└─10909 /usr/local/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
Nov 11 04:58:51 DESKTOP-J9NGCNR systemd[1]: Started mosquitto.service - Mosquitto MQTT v3.1/v5 server.
Nov 11 04:58:51 DESKTOP-J9NGCNR Mosquitto[10909]: time="2024-11-11T04:58:51Z" level=error msg="ping database postgres error, will re
go-auth 插件需要配置,而不仅仅是加载。
在
mosquitto.confauth_pluing_opt_例如配置 http 身份验证支持如下所示:
per_listener_settings false
allow_anonymous false
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
listener 1883
protocol mqtt
auth_plugin /home/user/mosquitto-go-auth/go-auth.so
auth_opt_backends http
auth_opt_hasher bcrypt
auth_opt_cache true
auth_opt_auth_cache_seconds 30
auth_opt_acl_cache_seconds 90
auth_opt_auth_jitter_second 3
auth_opt_acl_jitter_seconds 5
auth_opt_http_host auth.backend.com
auth_opt_http_port 80
auth_opt_http_getuser_uri /api/comms/auth/client
auth_opt_http_aclcheck_uri /api/comms/auth/acl