mqtt - HackMD

# mqtt ## 命令格式一般預設的mqtt機制裡port為1883 mosquitto_sub -d -h **broker_ip** -p **port** -t **主題** mosquitto_pub -d -h **broker_ip** -p **port** -t **主題** -m **"message"** ## 建立mqtt linux broker環境 1. 安裝環境 ```bash= sudo apt-get install mosquitto mosquitto-clients ``` ## 使用c語言操作mqtt 1. 建立憑證資料夾 ```bash= mkdir certs cd certs ``` 2. 架設CA ```bash= mkdir ca cd ca openssl req -new -x509 -days 365 -extensions v3_ca -keyout ca.key -out ca.crt（一直按選擇default值)//ca.key為私鑰 ``` 之後會看到兩個檔案 * ca.crt * ca.key 2. 建立mqtt server(broker) ```bash= mkdir broker cd broker openssl genrsa -out broker.key 2048 //boker.key為私鑰 openssl req -out broker.csr -key broker.key -new(common name(CN)選擇IP或是localhost、但是和client要一樣) openssl x509 -req -in broker.csr -CA ../ca/ca.crt -CAkey ../ca/ca.key -CAcreateserial -out broker.crt -days 100(輸入建立CA時設定的密碼) ``` 3. 架設mqtt client(publisher or subscriber) ```bash= mkdir client cd client openssl genrsa -out client.key 2048 //client.key為私鑰 openssl req -out client.csr -key client.key -new(common name(CN)選擇IP或是localhost、但是和broker要一樣) openssl x509 -req -in client.csr -CA ../ca/ca.crt -CAkey ../ca/ca.key -CAcreateserial -out client.crt -days 100(輸入建立CA時設定的密碼) ``` 4. 建立/etc/mosquitto/mosquitto.conf(建立無憑證1883和需要憑證的8883) ```bash= # Place your local configuration in /home/liangyu/mqttgwconf.d/ # # A full description of the configuration file is at # /usr/share/doc/mosquitto/examples/mosquitto.conf.example listener 1883 protocol mqtt listener 8883 protocol mqtt cafile /home/ubuntu/mqtt_cert/ca/ca.crt #capath /home/liangyu/mqttgwcerts/ca # Path to the PEM encoded server certificate. certfile /home/ubuntu/mqtt_cert/broker/broker.crt # Path to the PEM encoded keyfile. keyfile /home/ubuntu/mqtt_cert/broker/broker.key require_certificate true ``` 5. 啟動設定檔(broker server) ```bash= sudo mosquitto -v -c /etc/mosquitto/mosquitto.conf ``` 6. 建立一個訂閱者 ```bash= mosquitto_sub -p 8883 --cafile /path to certs/ca/ca.crt --cert /path to certs/client/client.crt --key /path to certs/client/client.key -h localhost(或是broker的ip和broker和client的csr裡面的common name一樣) -t /world ``` 7. 建立一個推播者 ```bash= mosquitto_pub -p 8883 --cafile /path to certs/ca/ca.crt --cert /path to certs/client/client.crt --key /path to certs/client/client.key -h localhost(或是broker的ip和broker和client的csr裡面的common name一樣) -m "{\"cmd\":\"echo_hello\"}" -t /world ``` 8. 如果在6的訂閱者收到訊息即為成功。如果需要用mosquitto api當作client操作需要以下檔案 1. ca的憑證(.crt) 2. client的私鑰(.key) 3. client的憑證(.crt) 細節可以參考**資料6** ## 和需用ssl和broker建立連線如果需要在和要用ssl和broker建立通訊時，需使用以下兩個指令進行訂閱核發送: ```bash= //訂閱主題 mosquitto_sub -p PORT --cafile PATH_TO_CRTFILE -h HOST_NAME -t TITLE --insecure //發送主題 mosquitto_pub -p PORT --cafile PATH_TO_CRTFILE -h HOST_NAME -t /world -m MESSAGE --insecure ``` ## 嘗試在ssl for free申請一個免費的CA憑證 ## 參考資料 [1. MOSQUITTO_PUB](https://manpages.debian.org/testing/mosquitto-clients/mosquitto_pub.1.en.html) [2. mosquitto.h](https://mosquitto.org/api/files/mosquitto-h.html#mosquitto_publish) [3. MQTTS : How to use MQTT with TLS?](https://openest.io/en/2020/01/03/mqtts-how-to-use-mqtt-with-tls/) [4. Mosquitto MQTT Server with TLS Client Cert 雙向認証](https://moon-half.info/p/2421) [5. 基於MQTT協議的Mosquitto的使用及libmosquitto客戶端程式設計](https://www.itread01.com/content/1549920452.html) [6. MQTT sample code using libmosquitto](http://nano-chicken.blogspot.com/2017/11/mqtt-sample-code-using-libmosquitto.html) [7. Day25 - AWS EC2 安裝 Mosquitto](https://ithelp.ithome.com.tw/articles/10226629) [8. using mosquitto_sub with --insecure](https://stackoverflow.com/questions/59746952/using-mosquitto-sub-with-insecure) ###### tags: `mqtt` `network`