Docker: Update packaging for 2.1

Add ubuntu based image

Makefile

@@ -8,7 +8,9 @@ DISTFILES= \
 	client/ \
 	cmake/ \
 	common/ \
+	dashboard/ \
 	deps/ \
+	docker/ \
 	examples/ \
 	include/ \
 	installer/ \

docker/2.1-alpine/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.18
+FROM alpine:3.22
 
 LABEL maintainer="Roger Light <roger@atchoo.org>" \
     description="Eclipse Mosquitto MQTT Broker"
@@ -14,6 +14,8 @@ RUN set -x && \
         cjson-dev \
         cmake \
         gnupg \
+        libedit-dev \
+        libmicrohttpd-dev \
         linux-headers \
         openssl-dev \
         sqlite-dev \
@@ -39,8 +41,7 @@ RUN set -x && \
     tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \
     rm /tmp/mosq.tar.gz && \
     make -C /build/mosq -j "$(nproc)" \
-        CFLAGS="-Wall -O2 -I/build/lws/include -I/build" \
-        LDFLAGS="-L/build/lws/lib" \
+        CFLAGS="-Wall -O2 -I/build -DHTTP_API_DIR=\\\"/usr/share/mosquitto/dashboard\\\"" \
         WITH_ADNS=no \
         WITH_DOCS=no \
         WITH_SHARED_LIBRARIES=yes \
@@ -58,11 +59,17 @@ RUN set -x && \
     install -s -m755 /build/mosq/client/mosquitto_sub /usr/bin/mosquitto_sub && \
     install -s -m644 /build/mosq/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1 && \
     install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \
-    install -s -m755 /build/mosq/apps/mosquitto_passwd/mosquitto_passwd /usr/bin/mosquitto_passwd && \
     install -s -m755 /build/mosq/apps/mosquitto_ctrl/mosquitto_ctrl /usr/bin/mosquitto_ctrl && \
+    install -s -m755 /build/mosq/apps/mosquitto_passwd/mosquitto_passwd /usr/bin/mosquitto_passwd && \
+    install -s -m755 /build/mosq/apps/mosquitto_signal/mosquitto_signal /usr/bin/mosquitto_signal && \
+    install -s -m755 /build/mosq/plugins/acl-file/mosquitto_acl_file.so /usr/lib/mosquitto_acl_file.so && \
     install -s -m755 /build/mosq/plugins/dynamic-security/mosquitto_dynamic_security.so /usr/lib/mosquitto_dynamic_security.so && \
+    install -s -m755 /build/mosq/plugins/password-file/mosquitto_password_file.so /usr/lib/mosquitto_password_file.so && \
     install -s -m755 /build/mosq/plugins/persist-sqlite/mosquitto_persist_sqlite.so /usr/lib/mosquitto_persist_sqlite.so && \
-    install -m644 /build/mosq/mosquitto.conf /mosquitto/config/mosquitto.conf && \
+    install -s -m755 /build/mosq/plugins/sparkplug-aware/mosquitto_sparkplug_aware.so /usr/lib/mosquitto_sparkplug_aware.so && \
+    install -m644 /build/mosq/docker/2.1-alpine/mosquitto.conf /mosquitto/config/mosquitto.conf && \
+    install -d /usr/share/mosquitto && \
+    cp -r /build/mosq/dashboard/src /usr/share/mosquitto/dashboard && \
     install -Dm644 /build/mosq/epl-v20 /usr/share/licenses/mosquitto/epl-v20 && \
     install -Dm644 /build/mosq/edl-v10 /usr/share/licenses/mosquitto/edl-v10 && \
     chown -R mosquitto:mosquitto /mosquitto && \
@@ -70,14 +77,16 @@ RUN set -x && \
         argon2-libs \
         ca-certificates \
         cjson \
-        sqlite-libs && \
+        libmicrohttpd \
+        sqlite-libs \
+        tzdata && \
     apk del build-deps && \
     rm -rf /build
 
 VOLUME ["/mosquitto/data", "/mosquitto/log"]
 
 # Set up the entry point script and default command
-COPY docker-entrypoint.sh mosquitto-no-auth.conf /
+COPY docker-entrypoint.sh /
 EXPOSE 1883
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"]

docker/2.1-alpine/README.md

@@ -19,23 +19,26 @@ The image runs mosquitto under the mosquitto user and group, which are created
 with a uid and gid of 1883.
 
 ## Running without a configuration file
-Mosquitto 2.0 requires you to configure listeners and authentication before it
-will allow connections from anything other than the loopback interface. In the
-context of a container, this means you would normally need to provide a
-configuration file with your settings.
+Mosquitto 2.0 and up requires you to configure listeners and authentication
+before it will allow connections from anything other than the loopback
+interface. In the context of a container, this means you would normally need to
+provide a configuration file with your settings.
 
+However, this container provides a default configuration which listens on port
+1883 for unauthenticated access, and port 9883 for the local http dashboard.
 If you wish to run mosquitto without any authentication, and without setting
-any other configuration options, you can do so by using a configuration
-provided in the container for this purpose:
+any other configuration options, you can run without a configuration by binding
+the appropriate network ports:
 ```
-docker run -it -p 1883:1883 eclipse-mosquitto:<version> mosquitto -c /mosquitto-no-auth.conf
+docker run -it -p 1883:1883 -p localhost:9883:9883 eclipse-mosquitto:<version>
 ```
 
 ## Configuration
-To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf`
+To use a custom configuration file, create a **local** config directory with a
+mosquitto.conf inside, then mount this directory to `/mosquitto/config`
 
 ```
-docker run -it -p 1883:1883 -v <absolute-path-to-configuration-file>:/mosquitto/config/mosquitto.conf eclipse-mosquitto:<version>
+docker run -it -p 1883:1883 -v <absolute-path-to-config-directory>:/mosquitto/config eclipse-mosquitto:<version>
 ```
 
 Your configuration file must include a `listener`, and you must configure some
@@ -46,8 +49,11 @@ clients will be unable to connect.
 File based authentication and authorisation:
 ```
 listener 1883
-password_file /mosquitto/data/mosquitto.password_file
-acl_file /mosquitto/data/mosquitto.aclfile
+plugin /usr/lib/mosquitto_password_file.so
+plugin_opt_password_file /mosquitto/data/mosquitto.password_file
+
+plugin /usr/lib/mosquitto_acl_file.so
+plugin_opt_acl_file /mosquitto/data/mosquitto.aclfile
 ```
 
 Plugin based authentication and authorisation:
@@ -68,7 +74,7 @@ to use non-default ports, the docker run command will need to be updated
 to expose the ports that have been configured, for example:
 
 ```
-docker run -it -p 1883:1883 -p 8080:8080 -v <absolute-path-to-configuration-file>:/mosquitto/config/mosquitto.conf eclipse-mosquitto:<version>
+docker run -it -p 1883:1883 -p 8080:8080 -v <absolute-path-to-config-directory>:/mosquitto/config eclipse-mosquitto:<version>
 ```
 
 Configuration can be changed to:
@@ -78,8 +84,8 @@ Configuration can be changed to:
 
 i.e. add the following to `mosquitto.conf`:
 ```
-persistence true
 persistence_location /mosquitto/data/
+plugin /usr/lib/mosquitto_persist_sqlite.so
 
 log_dest file /mosquitto/log/mosquitto.log
 ```

docker/2.1-alpine/mosquitto.conf

@@ -3,3 +3,7 @@
 
 listener 1883
 allow_anonymous true
+
+listener 9883
+protocol http_api
+http_dir /usr/share/mosquitto/dashboard

docker/2.1-ubuntu/Dockerfile

@@ -0,0 +1,92 @@
+FROM ubuntu:24.04
+
+LABEL maintainer="Roger Light <roger@atchoo.org>" \
+    description="Eclipse Mosquitto MQTT Broker"
+
+ENV VERSION=2.1.0 \
+    DOWNLOAD_SHA256=zzz \
+    GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7
+
+RUN set -x && \
+    apt-get update && \
+    apt-get install -y \
+        build-essential \
+        cmake \
+        gnupg \
+        libargon2-dev \
+        libcjson-dev \
+        libedit-dev \
+        libmicrohttpd-dev \
+        libssl-dev \
+        libsqlite3-dev && \
+    wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz -O /tmp/mosq.tar.gz && \
+    echo "$DOWNLOAD_SHA256  /tmp/mosq.tar.gz" | sha256sum -c - && \
+    wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz.asc -O /tmp/mosq.tar.gz.asc && \
+    export GNUPGHOME="$(mktemp -d)" && \
+    found=''; \
+    for server in \
+        hkps://keys.openpgp.org \
+        hkp://keyserver.ubuntu.com:80 \
+        pgp.mit.edu \
+    ; do \
+        echo "Fetching GPG key $GPG_KEYS from $server"; \
+        gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \
+    done; \
+    test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \
+    gpg --batch --verify /tmp/mosq.tar.gz.asc /tmp/mosq.tar.gz && \
+    gpgconf --kill all && \
+    rm -rf "$GNUPGHOME" /tmp/mosq.tar.gz.asc && \
+    mkdir -p /build/mosq && \
+    tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \
+    rm /tmp/mosq.tar.gz && \
+    make -C /build/mosq -j "$(nproc)" \
+        CFLAGS="-Wall -O2 -I/build -DHTTP_API_DIR=\\\"/usr/share/mosquitto/dashboard\\\"" \
+        WITH_ADNS=no \
+        WITH_DOCS=no \
+        WITH_SHARED_LIBRARIES=yes \
+        WITH_SRV=no \
+        WITH_STRIP=yes \
+        WITH_WEBSOCKETS=yes \
+        prefix=/usr \
+        binary && \
+    addgroup --system --quiet --gid 1883 mosquitto 2>/dev/null && \
+    adduser --system --quiet --no-create-home --ingroup mosquitto --uid 1883 --home /var/empty --shell /usr/sbin/nologin mosquitto 2>/dev/null && \
+    mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \
+    install -d /usr/sbin/ && \
+    install -s -m755 /build/mosq/client/mosquitto_pub /usr/bin/mosquitto_pub && \
+    install -s -m755 /build/mosq/client/mosquitto_rr /usr/bin/mosquitto_rr && \
+    install -s -m755 /build/mosq/client/mosquitto_sub /usr/bin/mosquitto_sub && \
+    install -s -m644 /build/mosq/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1 && \
+    install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \
+    install -s -m755 /build/mosq/apps/mosquitto_ctrl/mosquitto_ctrl /usr/bin/mosquitto_ctrl && \
+    install -s -m755 /build/mosq/apps/mosquitto_passwd/mosquitto_passwd /usr/bin/mosquitto_passwd && \
+    install -s -m755 /build/mosq/apps/mosquitto_signal/mosquitto_signal /usr/bin/mosquitto_signal && \
+    install -s -m755 /build/mosq/plugins/acl-file/mosquitto_acl_file.so /usr/lib/mosquitto_acl_file.so && \
+    install -s -m755 /build/mosq/plugins/dynamic-security/mosquitto_dynamic_security.so /usr/lib/mosquitto_dynamic_security.so && \
+    install -s -m755 /build/mosq/plugins/password-file/mosquitto_password_file.so /usr/lib/mosquitto_password_file.so && \
+    install -s -m755 /build/mosq/plugins/persist-sqlite/mosquitto_persist_sqlite.so /usr/lib/mosquitto_persist_sqlite.so && \
+    install -s -m755 /build/mosq/plugins/sparkplug-aware/mosquitto_sparkplug_aware.so /usr/lib/mosquitto_sparkplug_aware.so && \
+    install -m644 /build/mosq/docker/2.1-ubuntu/mosquitto.conf /mosquitto/config/mosquitto.conf && \
+    install -d /usr/share/mosquitto && \
+    cp -r /build/mosq/dashboard/src /usr/share/mosquitto/dashboard && \
+    install -Dm644 /build/mosq/epl-v20 /usr/share/licenses/mosquitto/epl-v20 && \
+    install -Dm644 /build/mosq/edl-v10 /usr/share/licenses/mosquitto/edl-v10 && \
+    chown -R mosquitto:mosquitto /mosquitto && \
+    apt-get install \
+        ca-certificates \
+        libargon2-1 \
+        libcjson1 \
+        libmicrohttpd12 \
+        libsqlite3-0 && \
+    apt-get clean && \
+    apt-get remove --purge --auto-remove -y build-essential cmake gnupg && \
+    rm -rf /var/lib/apt/lists/* && \
+    rm -rf /build
+
+VOLUME ["/mosquitto/data", "/mosquitto/log"]
+
+# Set up the entry point script and default command
+COPY docker-entrypoint.sh /
+EXPOSE 1883
+ENTRYPOINT ["/docker-entrypoint.sh"]
+CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"]

docker/2.1-ubuntu/README.md

@@ -0,0 +1,93 @@
+# Eclipse Mosquitto Docker Image
+Containers built with this Dockerfile build as source from published tarballs.
+
+## Mount Points
+A docker mount point has been created in the image to be used for configuration.
+```
+/mosquitto/config
+```
+
+Two docker volumes have been created in the image to be used for persistent storage and logs.
+```
+/mosquitto/data
+/mosquitto/log
+```
+
+## User/Group
+
+The image runs mosquitto under the mosquitto user and group, which are created
+with a uid and gid of 1883.
+
+## Running without a configuration file
+Mosquitto 2.0 and up requires you to configure listeners and authentication
+before it will allow connections from anything other than the loopback
+interface. In the context of a container, this means you would normally need to
+provide a configuration file with your settings.
+
+However, this container provides a default configuration which listens on port
+1883 for unauthenticated access, and port 9883 for the local http dashboard.
+If you wish to run mosquitto without any authentication, and without setting
+any other configuration options, you can run without a configuration by binding
+the appropriate network ports:
+```
+docker run -it -p 1883:1883 -p localhost:9883:9883 eclipse-mosquitto:<version>
+```
+
+## Configuration
+To use a custom configuration file, create a **local** config directory with a
+mosquitto.conf inside, then mount this directory to `/mosquitto/config`
+
+```
+docker run -it -p 1883:1883 -v <absolute-path-to-config-directory>:/mosquitto/config eclipse-mosquitto:<version>
+```
+
+Your configuration file must include a `listener`, and you must configure some
+form of authentication or allow unauthenticated access. If you do not do this,
+clients will be unable to connect.
+
+
+File based authentication and authorisation:
+```
+listener 1883
+plugin /usr/lib/mosquitto_password_file.so
+plugin_opt_password_file /mosquitto/data/mosquitto.password_file
+
+plugin /usr/lib/mosquitto_acl_file.so
+plugin_opt_acl_file /mosquitto/data/mosquitto.aclfile
+```
+
+Plugin based authentication and authorisation:
+```
+listener 1883
+plugin /usr/lib/mosquitto_dynamic_security.so
+plugin_opt_config_file /mosquitto/data/mosquitto-dynsec.json
+```
+
+Unauthenticated access:
+```
+listener 1883
+allow_anonymous true
+```
+
+:boom: if the mosquitto configuration (mosquitto.conf) was modified
+to use non-default ports, the docker run command will need to be updated
+to expose the ports that have been configured, for example:
+
+```
+docker run -it -p 1883:1883 -p 8080:8080 -v <absolute-path-to-config-directory>:/mosquitto/config eclipse-mosquitto:<version>
+```
+
+Configuration can be changed to:
+
+* persist data to `/mosquitto/data`
+* log to `/mosquitto/log/mosquitto.log`
+
+i.e. add the following to `mosquitto.conf`:
+```
+persistence_location /mosquitto/data/
+plugin /usr/lib/mosquitto_persist_sqlite.so
+
+log_dest file /mosquitto/log/mosquitto.log
+```
+
+**Note**: For any volume used, the data will be persistent between containers.

docker/2.1-ubuntu/docker-entrypoint.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+set -e
+
+# Set permissions
+user="$(id -u)"
+if [ "$PUID" = "" ]; then
+	PUID="mosquitto"
+fi
+if [ "$PGID" = "" ]; then
+	PGID="mosquitto"
+fi
+if [ "$user" = '0' ]; then
+	[ -d "/mosquitto/data" ] && chown -R ${PUID}:${PGID} /mosquitto/data || true
+fi
+
+exec "$@"

docker/2.1-ubuntu/mosquitto.conf

@@ -0,0 +1,9 @@
+# This is a Mosquitto configuration file that creates a listener on port 1883
+# that allows unauthenticated access.
+
+listener 1883
+allow_anonymous true
+
+listener 9883
+protocol http_api
+http_dir /usr/share/mosquitto/dashboard

docker/local/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.18
+FROM alpine:3.22
 
 LABEL maintainer="Roger Light <roger@atchoo.org>" \
     description="Eclipse Mosquitto MQTT Broker"
@@ -12,6 +12,8 @@ RUN set -x && \
         cjson-dev \
         cmake \
         gnupg \
+        libedit-dev \
+        libmicrohttpd-dev \
         linux-headers \
         openssl-dev \
         sqlite-dev \
@@ -20,7 +22,7 @@ RUN set -x && \
     tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \
     rm /tmp/mosq.tar.gz && \
     make -C /build/mosq -j "$(nproc)" \
-        CFLAGS="-Wall -O2 -I/build" \
+        CFLAGS="-Wall -O2 -I/build -DHTTP_API_DIR=\\\"/usr/share/mosquitto/dashboard\\\"" \
         WITH_ADNS=no \
         WITH_DOCS=no \
         WITH_SHARED_LIBRARIES=yes \
@@ -38,11 +40,17 @@ RUN set -x && \
     install -s -m755 /build/mosq/client/mosquitto_sub /usr/bin/mosquitto_sub && \
     install -s -m644 /build/mosq/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1 && \
     install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \
-    install -s -m755 /build/mosq/apps/mosquitto_passwd/mosquitto_passwd /usr/bin/mosquitto_passwd && \
     install -s -m755 /build/mosq/apps/mosquitto_ctrl/mosquitto_ctrl /usr/bin/mosquitto_ctrl && \
+    install -s -m755 /build/mosq/apps/mosquitto_passwd/mosquitto_passwd /usr/bin/mosquitto_passwd && \
+    install -s -m755 /build/mosq/apps/mosquitto_signal/mosquitto_signal /usr/bin/mosquitto_signal && \
+    install -s -m755 /build/mosq/plugins/acl-file/mosquitto_acl_file.so /usr/lib/mosquitto_acl_file.so && \
     install -s -m755 /build/mosq/plugins/dynamic-security/mosquitto_dynamic_security.so /usr/lib/mosquitto_dynamic_security.so && \
+    install -s -m755 /build/mosq/plugins/password-file/mosquitto_password_file.so /usr/lib/mosquitto_password_file.so && \
     install -s -m755 /build/mosq/plugins/persist-sqlite/mosquitto_persist_sqlite.so /usr/lib/mosquitto_persist_sqlite.so && \
-    install -m644 /build/mosq/mosquitto.conf /mosquitto/config/mosquitto.conf && \
+    install -s -m755 /build/mosq/plugins/sparkplug-aware/mosquitto_sparkplug_aware.so /usr/lib/mosquitto_sparkplug_aware.so && \
+    install -m644 /build/mosq/docker/local/mosquitto.conf /mosquitto/config/mosquitto.conf && \
+    install -d /usr/share/mosquitto && \
+    cp -r /build/mosq/dashboard/src /usr/share/mosquitto/dashboard && \
     install -Dm644 /build/mosq/epl-v20 /usr/share/licenses/mosquitto/epl-v20 && \
     install -Dm644 /build/mosq/edl-v10 /usr/share/licenses/mosquitto/edl-v10 && \
     chown -R mosquitto:mosquitto /mosquitto && \
@@ -50,6 +58,7 @@ RUN set -x && \
         argon2-libs \
         ca-certificates \
         cjson \
+        libmicrohttpd \
         sqlite-libs \
         tzdata && \
     apk del build-deps && \

docker/local/mosquitto.conf

@@ -0,0 +1,9 @@
+# This is a Mosquitto configuration file that creates a listener on port 1883
+# that allows unauthenticated access.
+
+listener 1883
+allow_anonymous true
+
+listener 9883
+protocol http_api
+http_dir /usr/share/mosquitto/dashboard