MQTT_CA_IOTA - HackMD

# MQTT_CA_IOTA 如果有懶惰鬼可以嘗試輸入搜尋我很懶惰+主題 ex. 我很懶惰docker ## 更改bash ###### IP="ca_IP" 改為自己CA Server的IP ```bash= #!/bin/bash IP="ca_IP" SUBJECT_CA="/C=SE/ST=Stockholm/L=Stockholm/O=himinds/OU=CA/CN=$IP" function generate_CA{ echo "$SUBJECT_CA" openssl req -x509 -nodes -sha256 -newkey rsa:2048 -subj "$SUBJECT_CA" -days 365 -keyout ca.key -out ca.crt } generate_CA ``` ###### windows genkey ecdsa ###### 解壓縮後進入D:\kevin_space\project\MQTT_K\openssl-1.1\prerequisites ###### 執行VC_redist.x64.exe ```bash= set OPENSSL_CONF=D:\kevin_space\project\MQTT_K\openssl-1.1\ssl\openssl.cnf openssl ecparam -name secp384r1 -genkey -out kevin-hp1-ecc.key openssl req -new -key kevin-hp1-ecc.key -out kevin-hp1-ecc.csr -subj "/C=TW/ST=Taiwan/L=Taichung/O=NCHU/OU=2111/CN=kevin-hp1" scp kevin-hp1-ecc.csr kevin-pc8@140.120.55.86:/home/kevin-pc8/kevin-space/git-push/MQTT_CA_IOTA/democa_file/ scp kevin-pc8@140.120.55.86:/home/kevin-pc8/kevin-space/git-push/MQTT_CA_IOTA/democa_file/kevin-hp1-ecc.crt . ``` ## 其他晚點再寫先筆記 ### CA - camaker.sh - git clone 或是 copy ```bash= sudo nano camaker.sh # 更改成自己IP sh camaker.sh # 生成ca.crt ca.key ca.srl ``` ### Server - serverca.sh - git clone 或是 copy - ca.crt - 透過scp - ca.key - 透過scp ```bash= openssl OpenSSL> version #確認版本1.1.1 scp User@IP:/home/某資料夾/ca.* ./ sudo apt-add-repository ppa:mosquitto-dev/mosquitto-ppa sudo apt-get update sudo apt install mosquitto sudo apt install mosquitto-clients sudo nano serverca.sh #改成ServerIP sh serverca.sh # 有錯誤沒差 , 確認生成 server.crt server.csr server.key cp server.* /etc/mosquitto/certs/ sudo nano /etc/mosquitto/mosquitto.conf # 貼上下面的setting #require_certificate true #use_identity_as_username true #以上2個參數為開啟雙向認證 """ # Place your local configuration in /etc/mosquitto/conf.d/ # # A full description of the configuration file is at # /usr/share/doc/mosquitto/examples/mosquitto.conf.example persistence true persistence_location /var/lib/mosquitto/ listener 8883 protocol mqtt log_type all connection_messages true log_timestamp true cafile /etc/mosquitto/certs/ca.crt certfile /etc/mosquitto/certs/server.crt keyfile /etc/mosquitto/certs/server.key require_certificate true use_identity_as_username true """ sudo chmod 644 *.key sudo chmod 644 *.crt #待Client開啟sub cd 到剛剛跑sh的目錄(不可以是/etc/mosquitto/certs/裡面的) mosquitto -c mosquitto.conf mosquitto_pub -h 192.168.0.119 -p 8883 -t "kk/123" --cafile ca.crt --cert server.crt --key server.key -m '2134' --insecure ``` ### Client - clientca.sh - git clone 或是 copy - ca.crt - 透過scp - ca.key - 透過scp ```bash= openssl OpenSSL> version #確認版本1.1.1 scp User@IP:/home/某資料夾/ca.* ./ or scp client.* User@IP:/home/某資料夾/ sudo apt install mosquitto-clients sudo nano clientca.sh #改ClientIP sh clientca.sh # 有錯誤沒差 , 確認生成 client.crt client.csr client.key mosquitto_sub -h 192.168.0.119 -p 8883 -t "kk/123" --cafile ca.crt --cert client.crt --key client.key ``` ## ubuntu16.04 ### openssl1.1.1 - openssl-1.1.1.tar.gz # git clone ```bash= tar -zxf openssl-1.1.1.tar.gz cd openssl-1.1.1.tar.gz ./config make install mv 'which openssl' /tmp ln -s /usr/local/bin/openssl /usr/bin/openssl cd /usr/local/src cp libssl.so.1.1 /lib/x86_64-linux-gnu cp libcrypto.so.1.1 /lib/x86_64-linux-gnu openssl version export LD_LIBRARY_PATH=/usr/local/lib/ #寫在.bashrc ``` ### mosquitto2.0 make ```bash= wget http://mosquitto.org/files/source/mosquitto-1.0.10.tar.gz tar -zxvf mosquitto-1.0.10.tar.gz cd mosquitto-1.0.10/ make sudo ln -s /usr/local/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1 """ or """ sudo add-apt-repository ppa:mosquitto-dev/mosquitto-ppa sudo apt-get update ``` ### setting mosquitto2.0 up config ```bash= sudo nano /etc/mosquitto/mosquitto.conf """ # Place your local configuration in /etc/mosquitto/conf.d/ # # A full description of the configuration file is at # /usr/share/doc/mosquitto/examples/mosquitto.conf.example #pid_file /var/run/mosquitto.pid persistence true persistence_location /var/lib/mosquitto/ log_dest file /var/log/mosquitto/mosquitto.log include_dir /etc/mosquitto/conf.d listener 1883 allow_anonymous true """ ``` ### mosquitto 指令 ```bash= sudo service mosquitto status sudo service mosquitto restart sudo service mosquitto start systemctl status mosquitto.service systemctl start mosquitto.service sudo systemctl enable mosquitto.service sudo /etc/init.d/mosquitto start mosquitto -d mosquitto_pub -d -h 192.168.0.119 -p 8883 -t kk/123 --cafile ca.crt --cert server.crt --key server.key mosquitto_sub -h 192.168.0.119 -p 8883 -t "kk/123" --cafile ca.crt --cert client.crt --key client.key ``` ### easy code tlsmq1.3 pub_cmd_MQTTS.py ```python= import os import time while True: os.system('mosquitto_pub -h 192.168.0.119 -p 8883 -t "kk/123" \ --cafile D:\\kevin_space\\project\\MQTT_K\\openssl-1.1\\x64\\bin\\ca_k.crt \ --cert D:\\kevin_space\\project\\MQTT_K\\openssl-1.1\\x64\\bin\\kevin-hp1-ecc.crt \ --key D:\\kevin_space\\project\\MQTT_K\\openssl-1.1\\x64\\bin\\kevin-hp1-ecc.key \ -m "123" --tls-version tlsv1.3 -d --insecure') time.sleep(5) ``` pub_MQTTS.py ```python= import paho.mqtt.client as mqtt import ssl import time pathk = 'D:\\kevin_space\\project\\MQTT_K\\openssl-1.1\\x64\\bin' cafile = pathk+"\\ca_k.crt" certfile = pathk+"\\kevin-hp1-ecc.crt" keyfile = pathk+"\\kevin-hp1-ecc.key" host = 'kevin-raspi41' port = 8883 def on_connect(client, userdata, flags, rc): print("Connected with result code "+str(rc)) # while True: # # client.subscribe("kk/123") def on_message(client, userdata, msg): print(msg.topic+" "+str(msg.payload)) def data_tran(client): client.publish("kk/123", payload='qweqweqweqweq', qos=0) client = mqtt.Client() client.tls_set(ca_certs=cafile, certfile=certfile, keyfile=keyfile,tls_version=ssl.PROTOCOL_TLSv1_3) client.tls_insecure_set(True) client.on_connect = on_connect client.on_message = on_message client.connect(host, port) while True: status = data_tran(client) time.sleep(1) client.loop_forever() ``` sub_cmd_MQTTS.py ```python= import os import time import subprocess cmd = 'mosquitto_sub -h 192.168.0.119 -p 8883 -t "kk/123" \ --cafile D:\\kevin_space\\project\\MQTT_K\\openssl-1.1\\x64\\bin\\ca_k.crt \ --cert D:\\kevin_space\\project\\MQTT_K\\openssl-1.1\\x64\\bin\\kevin-hp1-ecc.crt \ --key D:\\kevin_space\\project\\MQTT_K\\openssl-1.1\\x64\\bin\\kevin-hp1-ecc.key \ --tls-version tlsv1.3 -d --insecure' # os.system(cmd) p = subprocess.Popen(cmd,shell=True,stdout=subprocess.PIPE) for i in iter(p.stdout.readline,'b'): print(i) ``` sub_MQTTS.py ```python= import paho.mqtt.client as mqtt import ssl pathk = 'D:\\kevin_space\\project\\MQTT_K\\openssl-1.1\\x64\\bin' cafile = pathk+"\\ca_k.crt" certfile = pathk+"\\kevin-hp1-ecc.crt" keyfile = pathk+"\\kevin-hp1-ecc.key" host = 'kevin-raspi41' port = 8883 def on_connect(client, userdata, flags, rc): print("Connected with result code "+str(rc)) client.subscribe("kk/123") # client.publish("kk/123", payload=None, qos=0, retain=False) def on_message(client, userdata, msg): print(msg.topic+" "+str(msg.payload)) client = mqtt.Client() client.tls_set(ca_certs=cafile, certfile=certfile, keyfile=keyfile,tls_version=2) client.tls_insecure_set(True) client.on_connect = on_connect client.on_message = on_message client.connect(host, port) client.loop_forever() ``` ### easy code iota_message ```javascript= async function run() { const { ClientBuilder } = require('@iota/client') // https:/kevintw.nchu.edu.tw const client = new ClientBuilder() .node('http:/127.0.0.1:14265') .build() // .node('https://api.lb-0.h.chrysalis-devnet.iota.cafe') // .build() // client.getInfo().then(console.log).catch(console.error) const message = await client.message() .index('kevingood') .data('{"kk":123,"date":20220322}') .submit(); console.log(message); } run() ``` ### sct60A20mA ```c++= #include "EmonLib.h" EnergyMonitor emon1; void setup() { Serial.begin(9600); emon1.current(0, 30); //Current: input pin, calibration. } void loop() { double Irms1 = emon1.calcIrms(1480); // Calculate Irms1 only String Device = "Warehousing_office2"; if(Irms1>=0){ Serial.print("{\"device\":\""); Serial.print(Device); Serial.print("\",\"current\":"); Serial.print(Irms1); Serial.print(",\"Power\":"); Serial.print(Irms1*110.0); Serial.println("}");// Irms } delay(1000); } ``` ### serial_nodejs ###### cd /dev chown kevin-pc8 ttyUSB0 ```javascript= const { SerialPort } = require('serialport') const { ReadlineParser } = require('@serialport/parser-readline') const port = new SerialPort({ path: '/dev/ttyUSB0', baudRate: 9600 }) const parser = port.pipe(new ReadlineParser({ delimiter: '\r\n' })) parser.on('data', console.log) ``` ### docker #### build iota ```shell= mkdir kevin_space cd kevin_space/ apt-get update apt-get install curl curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh apt-get install build-essential libssl-dev curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.35.2/install.sh |bash source ~/.profile nvm install 16.14.2 apt-get install python2 apt-get install python3 apt-get install libatomic1 mkdir git_pull cd git_pull/ apt install git git clone https://github.com/Kevin8701111/MQTT_CA_IOTA.git cd MQTT_CA_IOTA/MQTTS_iota/ npm install npm rebuild bcrypt npm install npm install serialport apt install nano npm install pm2 -g /kevin_space/git_pull/MQTT_CA_IOTA/MQTTS_iota/node_modules/@iota/client/lib require('../build/Release/index.node') ``` ###### nvm is not compatible with the npm config "prefix" option: currently set to ""Run `nvm use --delete-prefix v16.14.2` to unset it ```shell= apt-get install libatomic1 nvm use --delete-prefix v16.14.2 --silent nvm --version ``` #### build docker https://docs.docker.com/engine/install/debian/ ```shell= sudo chmod 777 /var/run/docker.sock docker run -itd --name iota_u20_green -v /dev/bus/usb:/dev/bus/usb --privileged --security-opt seccomp:unconfined ubuntu:20.04 sudo docker ps -a sudo docker exec -it 24 bash ``` ```shell= sudo apt-get update sudo apt-get install \ ca-certificates \ curl \ gnupg \ lsb-release curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin ``` ###### npm ERR! ```shell= apt-get install python2 apt-get install python3 npm install npm rebuild bcrypt npm install ``` ###### reboot start service sudo nano /etc/rc.local ```shell= #!/bin/sh service docker restart docker restart 8e exit 0 ``` 1. docker 圖 ![](https://i.imgur.com/6Y6kPKH.png) ###### 我很懶惰docker(docker image) ```bash= docker pull kevin8701111/iota_client:latest docker run -itd --name iota_u20_green -v /dev/bus/usb:/dev/bus/usb --privileged --security-opt seccomp:unconfined kevin8701111/iota_client sudo docker ps -a ex. ps -a 列出的 container ID container ID 9dw566jmhgkm 9d4454frgbvg #那就打到可辨識ID的長度即可、如果只有一個container 就只要打9就好 ex. sudo docker exec -it 9d4 bash sudo docker exec -it container ID bash ``` ```pseducode= \documentclass[11pt]{article} \usepackage{CJK} \usepackage[top=2cm, bottom=2cm, left=2cm, right=2cm]{geometry} \usepackage{algorithm} \usepackage{algorithmicx} \usepackage{algpseudocode} \usepackage{amsmath} \usepackage{amssymb} \floatname{algorithm}{Algorithm} \renewcommand{\algorithmicrequire}{\textbf{Input: model paths } } \renewcommand{\algorithmicensure}{\textbf{Output:}} \begin{document} \begin{CJK*}{UTF8}{gkai} %SetUp函数 \begin{algorithm} \caption{IOTA Gateway Data Processing} \begin{algorithmic}[1] %每行显示行号 %\Require Input %\Ensure Output 想添加 input output % \State $种群 \gets 0$ %第一行是在这里写 \For{ SetInterval is 1000ms } \If{ SerialData is NULL } Reconnect SerialPort \Else{ Reset SerialData Frame to Json Format } \If{ ISOtime not in Json Format } Join ISOtime to json format \Else{ Define Topic by Developer } \If{ Topic is local.DataType } publish to subscribe \Else{ Define Index by Developer } \EndIf{ submit to IOTA } \EndIf \EndIf \EndFor \end{algorithmic} \end{algorithm} \end{CJK*} \end{document} ``` ![](https://i.imgur.com/khitUek.png) ### ```python= import iota_client nodek = "http:/140.120.55.86:14265" client = iota_client.Client( nodes_name_password=[[nodek]]) some_utf_data = "some utf based data".encode("utf8") #message = client.message( # index="3756935", data=some_utf_data #) message_id_indexation = client.message( index="Hello", data=[84, 97, 110, 103, 108, 101]) print(f'Indexation sent with message_id: {message_id_indexation}') ``` {"testk": "testvk"} DEMO12-kevin-Green-energy