Secure MQTT broker (TLS) and Docker Compose
Thank you for all the kind words about the MQTT broker with secure (TLS) communication on Ubuntu 18.04 LTS and an ESP32 MQTT-client article.
In this article, we are going to deploy Mosquitto using Docker-Compose.
This is the process that we are going to follow:
- Generate my self-signed keys
- Copy them to the certs folder
- Modify mosquitto.conf (if needed)
- Start the service using docker-compose
When we are done, our folder structure will look like this:
.
├── config
│ ├── certs
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ └── mosquitto.conf
└── docker-compose.yml
Generate my self-signed keys
I have generated my keys using the following script:
https://gist.github.com/suru-dissanaike/fbb01a23cf9a138973732e76999c0d48
Copy them to the certs folder
I copy the file to the folder that I store my setup.
.
├── config
│ ├── certs
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
Modify mosquitto.conf (if needed)
I am not going to do much with my mosquitto.conf file; it basically looks like this:
├── config
│ ├── certs
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ └── mosquitto.conf
Docker-compose and folded structure
My docker-compose file is also pretty minimalistic. It looks like this:
Now the structure is complete:
├── config
│ ├── certs
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ └── mosquitto.conf
└── docker-compose.yml
Please note the placement of the docker-compose-yml file, the certs, and the mosquitto.conf file.
Start the service using docker-compose
Running the service (in production use -d) it looks like this:
$ docker-compose up
Starting mosquitto_container … done
Attaching to mosquitto_container
mosquitto_container | 1592329610: mosquitto version 1.6.10 starting
mosquitto_container | 1592329610: Config loaded from /mosquitto/config/mosquitto.conf.
mosquitto_container | 1592329610: Opening ipv4 listen socket on port 8883.
mosquitto_container | 1592329610: Opening ipv6 listen socket on port 8883.If you like this article, maybe you will also enjoy the following article:
MQTT broker with Secure WebSocket using Traefik, Docker Compose and Let’s Encrypt
Thank you for reading! Take care, and I hope to see you soon. 🙏🏽
This article is a living document; please reach out to me if you want to contribute or see anything inaccurate here. This article is part of our “Boosting Innovation” project.
