add mqtt ssl config

command/docker/mqtt/.gitignore

@@ -1 +1,2 @@
-/log
+log
+config/cert

command/docker/mqtt/config/rmqtt_ssl.toml

@@ -0,0 +1,162 @@
+##--------------------------------------------------------------------
+## General
+##--------------------------------------------------------------------
+
+##--------------------------------------------------------------------
+## Node
+##--------------------------------------------------------------------
+#Node id
+node.id = 1
+
+##--------------------------------------------------------------------
+## RPC
+##--------------------------------------------------------------------
+#rpc.server_addr = "0.0.0.0:5363"
+#rpc.server_workers = 4
+#Maximum number of messages sent in batch
+#rpc.batch_size = 128
+#Client concurrent request limit
+#rpc.client_concurrency_limit = 128
+#Connect and send to server timeout
+#rpc.client_timeout = "5s"
+
+
+##--------------------------------------------------------------------
+## Log
+##--------------------------------------------------------------------
+# Value: off | file | console | both
+log.to = "console"
+# Value: trace, debug, info, warn, error
+log.level = "debug"
+log.dir = "/var/log"
+log.file = "rmqtt.log"
+
+##--------------------------------------------------------------------
+## Plugins
+##--------------------------------------------------------------------
+#Plug in configuration file directory
+plugins.dir = "plugin/"
+#Plug in started by default, when the mqtt server is started
+plugins.default_startups = [
+        "rmqtt-auth-http",
+        "rmqtt-web-hook",
+    #    "rmqtt-cluster-broadcast",
+    #    "rmqtt-cluster-raft",
+        "rmqtt-http-api"
+]
+
+
+##--------------------------------------------------------------------
+## MQTT
+##--------------------------------------------------------------------
+
+
+##--------------------------------------------------------------------
+## Listeners
+##--------------------------------------------------------------------
+
+##--------------------------------------------------------------------
+## MQTT/TCP - External TCP Listener for MQTT Protocol
+listener.tcp.external.addr = "0.0.0.0:1883"
+#Number of worker threads
+listener.tcp.external.workers = 8
+#The maximum number of concurrent connections allowed by the listener.
+listener.tcp.external.max_connections = 1024000
+#Maximum concurrent handshake limit, Default: 500
+listener.tcp.external.max_handshaking_limit = 500
+#Handshake timeout.
+listener.tcp.external.handshake_timeout = "30s"
+#Maximum allowed mqtt message length. 0 means unlimited, default: 1m
+listener.tcp.external.max_packet_size = "1m"
+#The maximum length of the TCP connection queue.
+#It indicates the maximum number of TCP connection queues that are being handshaked three times in the system
+listener.tcp.external.backlog = 1024
+#The Daze time after the TCP connection is established. If no message is received during this period,
+#the connection will be closed. (temporarily not used)
+listener.tcp.external.idle_timeout = "20s"
+#Whether anonymous login is allowed. Default: true
+listener.tcp.external.allow_anonymous = true
+#Minimum allowable keepalive value for mqtt connection,
+#less than this value will reject the connection, default: 0, unit: seconds
+listener.tcp.external.min_keepalive = 0
+# > 0.5, Keepalive * backoff * 2
+listener.tcp.external.keepalive_backoff = 0.75
+#Flight window size. The flight window is used to store the unanswered QoS 1 and QoS 2 messages
+listener.tcp.external.max_inflight = 16
+#Maximum length of message queue
+listener.tcp.external.max_mqueue_len = 1000
+#The rate at which messages are ejected from the message queue,
+#default value: "u32::max_value(),1s"
+listener.tcp.external.mqueue_rate_limit = "1000,1s"
+#Maximum length of client ID allowed, Default: 65535
+listener.tcp.external.max_clientid_len = 65535
+#The maximum QoS level that clients are allowed to publish. default value: 2
+listener.tcp.external.max_qos_allowed = 2
+#The maximum level at which clients are allowed to subscribe to topics.
+#0 means unlimited. default value: 0
+listener.tcp.external.max_topic_levels = 0
+#Whether support retain message, true/false, default value: true
+listener.tcp.external.retain_available = true
+#Session timeout, default value: 2 hours
+listener.tcp.external.session_expiry_interval = "2h"
+#QoS 1/2 message retry interval, 0 means no resend
+listener.tcp.external.message_retry_interval = "20s"
+#Message expiration time, 0 means no expiration
+listener.tcp.external.message_expiry_interval = "5m"
+#QoS 2, Maximum flight window waiting for client to send pubrel message,
+#When the window is full, the oldest will be removed.
+#0 means unlimited
+listener.tcp.external.max_awaiting_rel = 100
+#QoS 2, The timeout of waiting for client to send pubrel message,
+#The pubrel message of this message will be ignored after timeout.
+#0 means unlimited
+listener.tcp.external.await_rel_timeout = "5m"
+#The maximum number of topics that a single client is allowed to subscribe to
+#0 means unlimited, default value: 0
+listener.tcp.external.max_subscriptions = 0
+#Shared subscription switch, default value: true
+listener.tcp.external.shared_subscription = true
+
+##--------------------------------------------------------------------
+## Internal TCP Listener for MQTT Protocol
+#listener.tcp.internal.addr = "0.0.0.0:11883"
+#listener.tcp.internal.workers = 4
+#listener.tcp.internal.max_connections = 102400
+#listener.tcp.internal.max_handshaking_limit = 500
+#listener.tcp.internal.handshake_timeout = "30s"
+#listener.tcp.internal.max_packet_size = "1M"
+#listener.tcp.internal.backlog = 512
+#listener.tcp.internal.idle_timeout = "15s"
+#listener.tcp.internal.allow_anonymous = true
+#listener.tcp.internal.min_keepalive = 0
+#listener.tcp.internal.keepalive_backoff = 0.75
+#listener.tcp.internal.max_inflight = 16
+#listener.tcp.internal.max_mqueue_len = 1000
+#listener.tcp.internal.mqueue_rate_limit = "1000,1s"
+#listener.tcp.internal.max_clientid_len = 65535
+#listener.tcp.internal.max_qos_allowed = 2
+#listener.tcp.internal.max_topic_levels = 0
+#listener.tcp.internal.retain_available = true
+#listener.tcp.internal.session_expiry_interval = "2h"
+#listener.tcp.internal.message_retry_interval = "30s"
+#listener.tcp.internal.message_expiry_interval = "5m"
+#listener.tcp.internal.max_awaiting_rel = 1000
+#listener.tcp.internal.await_rel_timeout = "600s"
+#listener.tcp.internal.max_subscriptions = 0
+#istener.tcp.internal.shared_subscription = true
+
+##--------------------------------------------------------------------
+## MQTT/TLS - External TLS Listener for MQTT Protocol
+listener.tls.external.addr = "0.0.0.0:8883"
+listener.tls.external.cert = "/cert/public.pem"
+listener.tls.external.key = "/cert/private.key"
+
+##--------------------------------------------------------------------
+## MQTT/WebSocket - External WebSocket Listener for MQTT Protocol
+#listener.ws.external.addr = "0.0.0.0:8080"
+
+##--------------------------------------------------------------------
+## MQTT/TLS-WebSocket - External TLS-WebSocket Listener for MQTT Protocol
+#listener.wss.external.addr = "0.0.0.0:8443"
+#listener.wss.external.cert = "./rmqtt-bin/rmqtt.pem"
+#listener.wss.external.key = "./rmqtt-bin/rmqtt.key"

command/docker/mqtt/run_cert.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+# 8883(mqtt) 6060(http) 5363(grpc)
+# docker rm -f mqtt-cert
+docker run -d --name mqtt-cert --network=host -v $(pwd)/log:/var/log/rmqtt -v $(pwd)/config/cert:/cert -v $(pwd)/config/rmqtt_ssl.toml:/app/rmqtt/rmqtt.toml -v $(pwd)/config/plugin:/app/rmqtt/plugin rmqtt/rmqtt:0.2.16
+# docker logs -f --tail 50 mqtt-cert