From bce81bbe28e0468534994f3642a745a2de01e5cb Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Mon, 15 Sep 2025 23:45:05 +0100 Subject: [PATCH] Docker: Update packaging for 2.1 Add ubuntu based image --- Makefile | 2 + docker/{2.1 => 2.1-alpine}/Dockerfile | 23 +++-- docker/{2.1 => 2.1-alpine}/README.md | 32 ++++--- .../{2.1 => 2.1-alpine}/docker-entrypoint.sh | 0 .../mosquitto.conf} | 4 + docker/2.1-ubuntu/Dockerfile | 92 ++++++++++++++++++ docker/2.1-ubuntu/README.md | 93 +++++++++++++++++++ docker/2.1-ubuntu/docker-entrypoint.sh | 16 ++++ docker/2.1-ubuntu/mosquitto.conf | 9 ++ docker/local/Dockerfile | 17 +++- docker/local/mosquitto.conf | 9 ++ 11 files changed, 273 insertions(+), 24 deletions(-) rename docker/{2.1 => 2.1-alpine}/Dockerfile (78%) rename docker/{2.1 => 2.1-alpine}/README.md (60%) rename docker/{2.1 => 2.1-alpine}/docker-entrypoint.sh (100%) rename docker/{2.1/mosquitto-no-auth.conf => 2.1-alpine/mosquitto.conf} (67%) create mode 100644 docker/2.1-ubuntu/Dockerfile create mode 100644 docker/2.1-ubuntu/README.md create mode 100755 docker/2.1-ubuntu/docker-entrypoint.sh create mode 100644 docker/2.1-ubuntu/mosquitto.conf create mode 100644 docker/local/mosquitto.conf diff --git a/Makefile b/Makefile index cb73cdd5..7435048e 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,9 @@ DISTFILES= \ client/ \ cmake/ \ common/ \ + dashboard/ \ deps/ \ + docker/ \ examples/ \ include/ \ installer/ \ diff --git a/docker/2.1/Dockerfile b/docker/2.1-alpine/Dockerfile similarity index 78% rename from docker/2.1/Dockerfile rename to docker/2.1-alpine/Dockerfile index 181adc8e..0a7c9a29 100644 --- a/docker/2.1/Dockerfile +++ b/docker/2.1-alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.18 +FROM alpine:3.22 LABEL maintainer="Roger Light " \ description="Eclipse Mosquitto MQTT Broker" @@ -14,6 +14,8 @@ RUN set -x && \ cjson-dev \ cmake \ gnupg \ + libedit-dev \ + libmicrohttpd-dev \ linux-headers \ openssl-dev \ sqlite-dev \ @@ -39,8 +41,7 @@ RUN set -x && \ tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \ rm /tmp/mosq.tar.gz && \ make -C /build/mosq -j "$(nproc)" \ - CFLAGS="-Wall -O2 -I/build/lws/include -I/build" \ - LDFLAGS="-L/build/lws/lib" \ + CFLAGS="-Wall -O2 -I/build -DHTTP_API_DIR=\\\"/usr/share/mosquitto/dashboard\\\"" \ WITH_ADNS=no \ WITH_DOCS=no \ WITH_SHARED_LIBRARIES=yes \ @@ -58,11 +59,17 @@ RUN set -x && \ install -s -m755 /build/mosq/client/mosquitto_sub /usr/bin/mosquitto_sub && \ install -s -m644 /build/mosq/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1 && \ install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \ - install -s -m755 /build/mosq/apps/mosquitto_passwd/mosquitto_passwd /usr/bin/mosquitto_passwd && \ install -s -m755 /build/mosq/apps/mosquitto_ctrl/mosquitto_ctrl /usr/bin/mosquitto_ctrl && \ + install -s -m755 /build/mosq/apps/mosquitto_passwd/mosquitto_passwd /usr/bin/mosquitto_passwd && \ + install -s -m755 /build/mosq/apps/mosquitto_signal/mosquitto_signal /usr/bin/mosquitto_signal && \ + install -s -m755 /build/mosq/plugins/acl-file/mosquitto_acl_file.so /usr/lib/mosquitto_acl_file.so && \ install -s -m755 /build/mosq/plugins/dynamic-security/mosquitto_dynamic_security.so /usr/lib/mosquitto_dynamic_security.so && \ + install -s -m755 /build/mosq/plugins/password-file/mosquitto_password_file.so /usr/lib/mosquitto_password_file.so && \ install -s -m755 /build/mosq/plugins/persist-sqlite/mosquitto_persist_sqlite.so /usr/lib/mosquitto_persist_sqlite.so && \ - install -m644 /build/mosq/mosquitto.conf /mosquitto/config/mosquitto.conf && \ + install -s -m755 /build/mosq/plugins/sparkplug-aware/mosquitto_sparkplug_aware.so /usr/lib/mosquitto_sparkplug_aware.so && \ + install -m644 /build/mosq/docker/2.1-alpine/mosquitto.conf /mosquitto/config/mosquitto.conf && \ + install -d /usr/share/mosquitto && \ + cp -r /build/mosq/dashboard/src /usr/share/mosquitto/dashboard && \ install -Dm644 /build/mosq/epl-v20 /usr/share/licenses/mosquitto/epl-v20 && \ install -Dm644 /build/mosq/edl-v10 /usr/share/licenses/mosquitto/edl-v10 && \ chown -R mosquitto:mosquitto /mosquitto && \ @@ -70,14 +77,16 @@ RUN set -x && \ argon2-libs \ ca-certificates \ cjson \ - sqlite-libs && \ + libmicrohttpd \ + sqlite-libs \ + tzdata && \ apk del build-deps && \ rm -rf /build VOLUME ["/mosquitto/data", "/mosquitto/log"] # Set up the entry point script and default command -COPY docker-entrypoint.sh mosquitto-no-auth.conf / +COPY docker-entrypoint.sh / EXPOSE 1883 ENTRYPOINT ["/docker-entrypoint.sh"] CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/2.1/README.md b/docker/2.1-alpine/README.md similarity index 60% rename from docker/2.1/README.md rename to docker/2.1-alpine/README.md index 8ec812ed..a2e3f631 100644 --- a/docker/2.1/README.md +++ b/docker/2.1-alpine/README.md @@ -19,23 +19,26 @@ The image runs mosquitto under the mosquitto user and group, which are created with a uid and gid of 1883. ## Running without a configuration file -Mosquitto 2.0 requires you to configure listeners and authentication before it -will allow connections from anything other than the loopback interface. In the -context of a container, this means you would normally need to provide a -configuration file with your settings. +Mosquitto 2.0 and up requires you to configure listeners and authentication +before it will allow connections from anything other than the loopback +interface. In the context of a container, this means you would normally need to +provide a configuration file with your settings. +However, this container provides a default configuration which listens on port +1883 for unauthenticated access, and port 9883 for the local http dashboard. If you wish to run mosquitto without any authentication, and without setting -any other configuration options, you can do so by using a configuration -provided in the container for this purpose: +any other configuration options, you can run without a configuration by binding +the appropriate network ports: ``` -docker run -it -p 1883:1883 eclipse-mosquitto: mosquitto -c /mosquitto-no-auth.conf +docker run -it -p 1883:1883 -p localhost:9883:9883 eclipse-mosquitto: ``` ## Configuration -To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf` +To use a custom configuration file, create a **local** config directory with a +mosquitto.conf inside, then mount this directory to `/mosquitto/config` ``` -docker run -it -p 1883:1883 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: +docker run -it -p 1883:1883 -v :/mosquitto/config eclipse-mosquitto: ``` Your configuration file must include a `listener`, and you must configure some @@ -46,8 +49,11 @@ clients will be unable to connect. File based authentication and authorisation: ``` listener 1883 -password_file /mosquitto/data/mosquitto.password_file -acl_file /mosquitto/data/mosquitto.aclfile +plugin /usr/lib/mosquitto_password_file.so +plugin_opt_password_file /mosquitto/data/mosquitto.password_file + +plugin /usr/lib/mosquitto_acl_file.so +plugin_opt_acl_file /mosquitto/data/mosquitto.aclfile ``` Plugin based authentication and authorisation: @@ -68,7 +74,7 @@ to use non-default ports, the docker run command will need to be updated to expose the ports that have been configured, for example: ``` -docker run -it -p 1883:1883 -p 8080:8080 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: +docker run -it -p 1883:1883 -p 8080:8080 -v :/mosquitto/config eclipse-mosquitto: ``` Configuration can be changed to: @@ -78,8 +84,8 @@ Configuration can be changed to: i.e. add the following to `mosquitto.conf`: ``` -persistence true persistence_location /mosquitto/data/ +plugin /usr/lib/mosquitto_persist_sqlite.so log_dest file /mosquitto/log/mosquitto.log ``` diff --git a/docker/2.1/docker-entrypoint.sh b/docker/2.1-alpine/docker-entrypoint.sh similarity index 100% rename from docker/2.1/docker-entrypoint.sh rename to docker/2.1-alpine/docker-entrypoint.sh diff --git a/docker/2.1/mosquitto-no-auth.conf b/docker/2.1-alpine/mosquitto.conf similarity index 67% rename from docker/2.1/mosquitto-no-auth.conf rename to docker/2.1-alpine/mosquitto.conf index 40dd92b9..3bb2df57 100644 --- a/docker/2.1/mosquitto-no-auth.conf +++ b/docker/2.1-alpine/mosquitto.conf @@ -3,3 +3,7 @@ listener 1883 allow_anonymous true + +listener 9883 +protocol http_api +http_dir /usr/share/mosquitto/dashboard diff --git a/docker/2.1-ubuntu/Dockerfile b/docker/2.1-ubuntu/Dockerfile new file mode 100644 index 00000000..43307956 --- /dev/null +++ b/docker/2.1-ubuntu/Dockerfile @@ -0,0 +1,92 @@ +FROM ubuntu:24.04 + +LABEL maintainer="Roger Light " \ + description="Eclipse Mosquitto MQTT Broker" + +ENV VERSION=2.1.0 \ + DOWNLOAD_SHA256=zzz \ + GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 + +RUN set -x && \ + apt-get update && \ + apt-get install -y \ + build-essential \ + cmake \ + gnupg \ + libargon2-dev \ + libcjson-dev \ + libedit-dev \ + libmicrohttpd-dev \ + libssl-dev \ + libsqlite3-dev && \ + wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz -O /tmp/mosq.tar.gz && \ + echo "$DOWNLOAD_SHA256 /tmp/mosq.tar.gz" | sha256sum -c - && \ + wget https://mosquitto.org/files/source/mosquitto-${VERSION}.tar.gz.asc -O /tmp/mosq.tar.gz.asc && \ + export GNUPGHOME="$(mktemp -d)" && \ + found=''; \ + for server in \ + hkps://keys.openpgp.org \ + hkp://keyserver.ubuntu.com:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $GPG_KEYS from $server"; \ + gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ + gpg --batch --verify /tmp/mosq.tar.gz.asc /tmp/mosq.tar.gz && \ + gpgconf --kill all && \ + rm -rf "$GNUPGHOME" /tmp/mosq.tar.gz.asc && \ + mkdir -p /build/mosq && \ + tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \ + rm /tmp/mosq.tar.gz && \ + make -C /build/mosq -j "$(nproc)" \ + CFLAGS="-Wall -O2 -I/build -DHTTP_API_DIR=\\\"/usr/share/mosquitto/dashboard\\\"" \ + WITH_ADNS=no \ + WITH_DOCS=no \ + WITH_SHARED_LIBRARIES=yes \ + WITH_SRV=no \ + WITH_STRIP=yes \ + WITH_WEBSOCKETS=yes \ + prefix=/usr \ + binary && \ + addgroup --system --quiet --gid 1883 mosquitto 2>/dev/null && \ + adduser --system --quiet --no-create-home --ingroup mosquitto --uid 1883 --home /var/empty --shell /usr/sbin/nologin mosquitto 2>/dev/null && \ + mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ + install -d /usr/sbin/ && \ + install -s -m755 /build/mosq/client/mosquitto_pub /usr/bin/mosquitto_pub && \ + install -s -m755 /build/mosq/client/mosquitto_rr /usr/bin/mosquitto_rr && \ + install -s -m755 /build/mosq/client/mosquitto_sub /usr/bin/mosquitto_sub && \ + install -s -m644 /build/mosq/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1 && \ + install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \ + install -s -m755 /build/mosq/apps/mosquitto_ctrl/mosquitto_ctrl /usr/bin/mosquitto_ctrl && \ + install -s -m755 /build/mosq/apps/mosquitto_passwd/mosquitto_passwd /usr/bin/mosquitto_passwd && \ + install -s -m755 /build/mosq/apps/mosquitto_signal/mosquitto_signal /usr/bin/mosquitto_signal && \ + install -s -m755 /build/mosq/plugins/acl-file/mosquitto_acl_file.so /usr/lib/mosquitto_acl_file.so && \ + install -s -m755 /build/mosq/plugins/dynamic-security/mosquitto_dynamic_security.so /usr/lib/mosquitto_dynamic_security.so && \ + install -s -m755 /build/mosq/plugins/password-file/mosquitto_password_file.so /usr/lib/mosquitto_password_file.so && \ + install -s -m755 /build/mosq/plugins/persist-sqlite/mosquitto_persist_sqlite.so /usr/lib/mosquitto_persist_sqlite.so && \ + install -s -m755 /build/mosq/plugins/sparkplug-aware/mosquitto_sparkplug_aware.so /usr/lib/mosquitto_sparkplug_aware.so && \ + install -m644 /build/mosq/docker/2.1-ubuntu/mosquitto.conf /mosquitto/config/mosquitto.conf && \ + install -d /usr/share/mosquitto && \ + cp -r /build/mosq/dashboard/src /usr/share/mosquitto/dashboard && \ + install -Dm644 /build/mosq/epl-v20 /usr/share/licenses/mosquitto/epl-v20 && \ + install -Dm644 /build/mosq/edl-v10 /usr/share/licenses/mosquitto/edl-v10 && \ + chown -R mosquitto:mosquitto /mosquitto && \ + apt-get install \ + ca-certificates \ + libargon2-1 \ + libcjson1 \ + libmicrohttpd12 \ + libsqlite3-0 && \ + apt-get clean && \ + apt-get remove --purge --auto-remove -y build-essential cmake gnupg && \ + rm -rf /var/lib/apt/lists/* && \ + rm -rf /build + +VOLUME ["/mosquitto/data", "/mosquitto/log"] + +# Set up the entry point script and default command +COPY docker-entrypoint.sh / +EXPOSE 1883 +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/2.1-ubuntu/README.md b/docker/2.1-ubuntu/README.md new file mode 100644 index 00000000..a2e3f631 --- /dev/null +++ b/docker/2.1-ubuntu/README.md @@ -0,0 +1,93 @@ +# Eclipse Mosquitto Docker Image +Containers built with this Dockerfile build as source from published tarballs. + +## Mount Points +A docker mount point has been created in the image to be used for configuration. +``` +/mosquitto/config +``` + +Two docker volumes have been created in the image to be used for persistent storage and logs. +``` +/mosquitto/data +/mosquitto/log +``` + +## User/Group + +The image runs mosquitto under the mosquitto user and group, which are created +with a uid and gid of 1883. + +## Running without a configuration file +Mosquitto 2.0 and up requires you to configure listeners and authentication +before it will allow connections from anything other than the loopback +interface. In the context of a container, this means you would normally need to +provide a configuration file with your settings. + +However, this container provides a default configuration which listens on port +1883 for unauthenticated access, and port 9883 for the local http dashboard. +If you wish to run mosquitto without any authentication, and without setting +any other configuration options, you can run without a configuration by binding +the appropriate network ports: +``` +docker run -it -p 1883:1883 -p localhost:9883:9883 eclipse-mosquitto: +``` + +## Configuration +To use a custom configuration file, create a **local** config directory with a +mosquitto.conf inside, then mount this directory to `/mosquitto/config` + +``` +docker run -it -p 1883:1883 -v :/mosquitto/config eclipse-mosquitto: +``` + +Your configuration file must include a `listener`, and you must configure some +form of authentication or allow unauthenticated access. If you do not do this, +clients will be unable to connect. + + +File based authentication and authorisation: +``` +listener 1883 +plugin /usr/lib/mosquitto_password_file.so +plugin_opt_password_file /mosquitto/data/mosquitto.password_file + +plugin /usr/lib/mosquitto_acl_file.so +plugin_opt_acl_file /mosquitto/data/mosquitto.aclfile +``` + +Plugin based authentication and authorisation: +``` +listener 1883 +plugin /usr/lib/mosquitto_dynamic_security.so +plugin_opt_config_file /mosquitto/data/mosquitto-dynsec.json +``` + +Unauthenticated access: +``` +listener 1883 +allow_anonymous true +``` + +:boom: if the mosquitto configuration (mosquitto.conf) was modified +to use non-default ports, the docker run command will need to be updated +to expose the ports that have been configured, for example: + +``` +docker run -it -p 1883:1883 -p 8080:8080 -v :/mosquitto/config eclipse-mosquitto: +``` + +Configuration can be changed to: + +* persist data to `/mosquitto/data` +* log to `/mosquitto/log/mosquitto.log` + +i.e. add the following to `mosquitto.conf`: +``` +persistence_location /mosquitto/data/ +plugin /usr/lib/mosquitto_persist_sqlite.so + +log_dest file /mosquitto/log/mosquitto.log +``` + +**Note**: For any volume used, the data will be persistent between containers. diff --git a/docker/2.1-ubuntu/docker-entrypoint.sh b/docker/2.1-ubuntu/docker-entrypoint.sh new file mode 100755 index 00000000..cbab5aa8 --- /dev/null +++ b/docker/2.1-ubuntu/docker-entrypoint.sh @@ -0,0 +1,16 @@ +#!/bin/sh +set -e + +# Set permissions +user="$(id -u)" +if [ "$PUID" = "" ]; then + PUID="mosquitto" +fi +if [ "$PGID" = "" ]; then + PGID="mosquitto" +fi +if [ "$user" = '0' ]; then + [ -d "/mosquitto/data" ] && chown -R ${PUID}:${PGID} /mosquitto/data || true +fi + +exec "$@" diff --git a/docker/2.1-ubuntu/mosquitto.conf b/docker/2.1-ubuntu/mosquitto.conf new file mode 100644 index 00000000..3bb2df57 --- /dev/null +++ b/docker/2.1-ubuntu/mosquitto.conf @@ -0,0 +1,9 @@ +# This is a Mosquitto configuration file that creates a listener on port 1883 +# that allows unauthenticated access. + +listener 1883 +allow_anonymous true + +listener 9883 +protocol http_api +http_dir /usr/share/mosquitto/dashboard diff --git a/docker/local/Dockerfile b/docker/local/Dockerfile index 94725e98..3259f834 100644 --- a/docker/local/Dockerfile +++ b/docker/local/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.18 +FROM alpine:3.22 LABEL maintainer="Roger Light " \ description="Eclipse Mosquitto MQTT Broker" @@ -12,6 +12,8 @@ RUN set -x && \ cjson-dev \ cmake \ gnupg \ + libedit-dev \ + libmicrohttpd-dev \ linux-headers \ openssl-dev \ sqlite-dev \ @@ -20,7 +22,7 @@ RUN set -x && \ tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \ rm /tmp/mosq.tar.gz && \ make -C /build/mosq -j "$(nproc)" \ - CFLAGS="-Wall -O2 -I/build" \ + CFLAGS="-Wall -O2 -I/build -DHTTP_API_DIR=\\\"/usr/share/mosquitto/dashboard\\\"" \ WITH_ADNS=no \ WITH_DOCS=no \ WITH_SHARED_LIBRARIES=yes \ @@ -38,11 +40,17 @@ RUN set -x && \ install -s -m755 /build/mosq/client/mosquitto_sub /usr/bin/mosquitto_sub && \ install -s -m644 /build/mosq/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1 && \ install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \ - install -s -m755 /build/mosq/apps/mosquitto_passwd/mosquitto_passwd /usr/bin/mosquitto_passwd && \ install -s -m755 /build/mosq/apps/mosquitto_ctrl/mosquitto_ctrl /usr/bin/mosquitto_ctrl && \ + install -s -m755 /build/mosq/apps/mosquitto_passwd/mosquitto_passwd /usr/bin/mosquitto_passwd && \ + install -s -m755 /build/mosq/apps/mosquitto_signal/mosquitto_signal /usr/bin/mosquitto_signal && \ + install -s -m755 /build/mosq/plugins/acl-file/mosquitto_acl_file.so /usr/lib/mosquitto_acl_file.so && \ install -s -m755 /build/mosq/plugins/dynamic-security/mosquitto_dynamic_security.so /usr/lib/mosquitto_dynamic_security.so && \ + install -s -m755 /build/mosq/plugins/password-file/mosquitto_password_file.so /usr/lib/mosquitto_password_file.so && \ install -s -m755 /build/mosq/plugins/persist-sqlite/mosquitto_persist_sqlite.so /usr/lib/mosquitto_persist_sqlite.so && \ - install -m644 /build/mosq/mosquitto.conf /mosquitto/config/mosquitto.conf && \ + install -s -m755 /build/mosq/plugins/sparkplug-aware/mosquitto_sparkplug_aware.so /usr/lib/mosquitto_sparkplug_aware.so && \ + install -m644 /build/mosq/docker/local/mosquitto.conf /mosquitto/config/mosquitto.conf && \ + install -d /usr/share/mosquitto && \ + cp -r /build/mosq/dashboard/src /usr/share/mosquitto/dashboard && \ install -Dm644 /build/mosq/epl-v20 /usr/share/licenses/mosquitto/epl-v20 && \ install -Dm644 /build/mosq/edl-v10 /usr/share/licenses/mosquitto/edl-v10 && \ chown -R mosquitto:mosquitto /mosquitto && \ @@ -50,6 +58,7 @@ RUN set -x && \ argon2-libs \ ca-certificates \ cjson \ + libmicrohttpd \ sqlite-libs \ tzdata && \ apk del build-deps && \ diff --git a/docker/local/mosquitto.conf b/docker/local/mosquitto.conf new file mode 100644 index 00000000..3bb2df57 --- /dev/null +++ b/docker/local/mosquitto.conf @@ -0,0 +1,9 @@ +# This is a Mosquitto configuration file that creates a listener on port 1883 +# that allows unauthenticated access. + +listener 1883 +allow_anonymous true + +listener 9883 +protocol http_api +http_dir /usr/share/mosquitto/dashboard