From c04fcc4714692212ffd6a325ff5b9af5f54e3edd Mon Sep 17 00:00:00 2001 From: Matt White Date: Thu, 14 Jun 2018 13:11:01 +0100 Subject: [PATCH 1/2] Add section on Mosquitto ACLs --- source/_addons/mosquitto.markdown | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/source/_addons/mosquitto.markdown b/source/_addons/mosquitto.markdown index d6c188355ce4..544cf2826ffb 100644 --- a/source/_addons/mosquitto.markdown +++ b/source/_addons/mosquitto.markdown @@ -18,7 +18,8 @@ Set up [Mosquitto](https://mosquitto.org/) as MQTT broker. "ssl": false, "anonymous": true, "logins": [ - {"username": "testuser", "password": "mypw"} + {"username": "testuser", "password": "mypw"}, + {"username": "testuser2", "password": "mypw2"} ], "customize": { "active": false, @@ -76,3 +77,21 @@ protocol mqtt

It's recommended that you only open your firewall to the SSL/TLS port (8883) and only use the insecure port (1883) for local devices. Also, disable `anonymous:` and set `logins:`.

+ +### {% linkable_title Access Control Lists (ACLs) %} + +It is possible to restrict access to topics based upon the user logged in to Mosquitto. In this scenario it is recommended to create individual users for each of your clients and create an appropriate ACL. + +See the following links for more information: +* [Mosquitto topic restrictions](http://www.steves-internet-guide.com/topic-restriction-mosquitto-configuration/) +* [Mosquitto.conf man page](https://mosquitto.org/man/mosquitto-conf-5.html) + +Add the following configuraiton to enable ACLs: + +1. Set `customize` flag to `true` in your configuration. +2. Create a file in `/share/mosquitto` named `acl.conf` with the following contents: + +```text +acl_file /share/mosquitto/accesscontrollist +``` +3. Create a file in `/share/mosquitto` named `accesscontrollist` and add contents according to your requirements. From 8491cae93e8abe74fd14ab0a80869397e40ddcee Mon Sep 17 00:00:00 2001 From: Fabian Affolter Date: Thu, 14 Jun 2018 18:17:55 +0200 Subject: [PATCH 2/2] Fix typo --- source/_addons/mosquitto.markdown | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source/_addons/mosquitto.markdown b/source/_addons/mosquitto.markdown index 544cf2826ffb..2150b1a3080f 100644 --- a/source/_addons/mosquitto.markdown +++ b/source/_addons/mosquitto.markdown @@ -83,10 +83,11 @@ It's recommended that you only open your firewall to the SSL/TLS port (8883) and It is possible to restrict access to topics based upon the user logged in to Mosquitto. In this scenario it is recommended to create individual users for each of your clients and create an appropriate ACL. See the following links for more information: + * [Mosquitto topic restrictions](http://www.steves-internet-guide.com/topic-restriction-mosquitto-configuration/) * [Mosquitto.conf man page](https://mosquitto.org/man/mosquitto-conf-5.html) -Add the following configuraiton to enable ACLs: +Add the following configuration to enable ACLs: 1. Set `customize` flag to `true` in your configuration. 2. Create a file in `/share/mosquitto` named `acl.conf` with the following contents: