Add labs

04-mosquitto/lab01/lab.txt

@@ -0,0 +1,72 @@
+= Mosquitto Listener
+
+
+Konfigurieren Sie Mosquitto für zwei Listener:
+- Port 1883 mit Client-ID Prefix "def" und anonymen Zugriff
+- Port 1884 mit Client-ID Prefix "local", anonymen Zugriff nur mit MQTT 5, maximal 5 Verbindungen nur auf dem loopback Interface (127.0.0.1)
+
+
+
+
+listener 1883 # defaults, max_conn: -1
+listener_auto_id_prefix def
+listener_allow_anonymous true
+
+listener 1884 127.0.0.1
+listener_auto_id_prefix local
+listener_allow_anonymous true
+protocol mqtt
+accept_protocol_versions 5 # ab mosquitto v2.1
+max_connections 5
+
+
+$ docker run --rm -it --net host \
+ -v $PWD/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro eclipse-mosquitto
+
+
+
+Testen Sie den Zugriff über das Loopback Interface und eine andere IP der Maschine.
+
+$ nc 10.23.15.2 1883
+$ nc 10.23.15.2 1884
+
+
+
+Verwenden Sie MQTT 3.1.1 und MQTT 5
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub --topic demo/retained --qos 1 --port 1883 -V 5 --debug 
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub --topic demo/retained --qos 1 --port 1884 -V 5 --debug
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub --topic demo/retained --qos 1 --port 1883  --debug
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub --topic demo/retained --qos 1 --port 1884  --debug
+
+
+Beobachten Sie, welche Client ID Sie erhalten, wenn Sie im Client
+keine vs. eine selbst gewählte angeben
+
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub --topic demo/retained --qos 1 --port 1883 -V 5 --id myid --debug
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub --topic demo/retained --qos 1 --port 1884 -V 5 --id myid --debug
+
+
+Versuchen Sie mehr als 5 Verbindungen auf den limitierten Listener zu öffnen
+
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub --topic demo/retained --qos 1 --port 1884 -V 5 --id conn1 --debug
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub --topic demo/retained --qos 1 --port 1884 -V 5 --id conn2 --debug
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub --topic demo/retained --qos 1 --port 1884 -V 5 --id conn3 --debug
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub --topic demo/retained --qos 1 --port 1884 -V 5 --id conn4 --debug
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub --topic demo/retained --qos 1 --port 1884 -V 5 --id conn5 --debug
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub --topic demo/retained --qos 1 --port 1884 -V 5 --id conn6 --debug

04-mosquitto/lab01/mosquitto.conf

@@ -0,0 +1,10 @@
+listener 1883 # defaults, max_conn: -1
+listener_auto_id_prefix def
+listener_allow_anonymous true
+
+listener 1884 127.0.0.1
+listener_auto_id_prefix local
+listener_allow_anonymous true
+protocol mqtt
+accept_protocol_versions 5 # ab mosquitto v2.1
+max_connections 5

04-mosquitto/lab02/.gitignore

@@ -0,0 +1 @@
+/data/mosquitto.db

04-mosquitto/lab02/docker-compose.yml

@@ -0,0 +1,9 @@
+services:
+  mosquitto:
+    image: eclipse-mosquitto
+    ports:
+      - "1883:1883"
+    volumes:
+      - ./mosquitto.conf:/mosquitto/config/mosquitto.conf:ro
+      # - ./mosquitto-persistenz.conf:/mosquitto/config/mosquitto.conf:ro
+      - ./data:/data

04-mosquitto/lab02/lab.txt

@@ -0,0 +1,40 @@
+= Mosquitto Persistenz
+
+Senden Sie zunächst eine retained message 
+
+$ docker run --rm -it --net host eclipse-mosquitto \
+  mosquitto_pub -t "test/status" -r -m "Online"
+
+Rufen Sie die Nachricht ab +
+
+$ docker run --rm -it --net host eclipse-mosquitto \
+  mosquitto_sub -t "test/status" --debug
+
+
+Starten Sie den Broker neu und wiederholen den Vorgang.
+Bei Verwendung von docker-compose kann CTRL-C verwendet werden,
+alternativ kann der Prozess beendet werden.
+
+$ sudo killall mosquitto
+(Neustart des Brokers, z.B. mittels `docker compose up`)
+
+$ docker run --rm -it --net host eclipse-mosquitto \
+  mosquitto_sub -t "test/status" --debug
+
+Konfigurieren Sie Persistenz und wiederholen den Vorgang.
+Beispiel:
+
+persistence true 
+persistence_location /data
+autosave_interval 1 # sekunden oder events
+autosave_on_changes 1 # bei jeder einzelnen aenderung
+
+
+$ docker run --rm -it --net host eclipse-mosquitto \
+  mosquitto_pub -t "test/status" -r -m "Online"
+
+(Neustart des Brokers)
+
+
+$ docker run --rm -it --net host eclipse-mosquitto \
+  mosquitto_sub -t "test/status" --debug

04-mosquitto/lab02/mosquitto-persistenz.conf

@@ -0,0 +1,10 @@
+listener 1883
+allow_anonymous true
+
+# sys_interval 3
+
+persistence true 
+persistence_location /data
+autosave_interval 1 # sekunden oder events
+autosave_on_changes 1 # bei jeder einzelnen aenderung
+

04-mosquitto/lab02/mosquitto.conf

@@ -0,0 +1,4 @@
+listener 1883
+allow_anonymous true
+
+# sys_interval 3

04-mosquitto/lab03/config/mosquitto.conf

@@ -0,0 +1,5 @@
+listener 1883
+
+allow_anonymous false
+password_file /mosquitto/config/users.txt
+sys_interval 10

04-mosquitto/lab03/config/users.txt

@@ -0,0 +1,2 @@
+thomas:$7$101$+0sf4wma3qzDFw6R$H+lLmGLzo1Ex5rXxZqWxuEFCV7bSsAehEwTJ6XULFberEhwug/EC8aSWtiI4xScYQ2u/0sZ3xCg0rTRaMb5ITg==
+admin:$7$101$S9wXlrBPl3PFz+9y$l3/GP/FjklfQ2inTxBf4FfLvFR3r5yF6G6ZSRDFRwAklzltZ+xhUWM83PKQjxy2ZFYYmHxMoKs4q1+IMrXL6NA==

04-mosquitto/lab03/cyberchef/chef.txt

@@ -0,0 +1,14 @@
+Fork('\\n','\\n',false)
+Register('^([^:]+)',true,false,false)
+Find_/_Replace({'option':'Regex','string':'^[^:]+:'},'',false,false,false,false)
+Register('(.*)',true,false,false)
+Pseudo-Random_Number_Generator(12,'Hex')
+Register('(.*)',true,false,false)
+From_Hex('Auto')
+To_Base64('A-Za-z0-9+/=')
+Register('([\\s\\S]*)',true,false,false)
+Find_/_Replace({'option':'Regex','string':'.*'},'$R1',false,false,false,false)
+Derive_PBKDF2_key({'option':'Latin1','string':'$R1'},512,101,'SHA512',{'option':'Hex','string':'$R2'})
+From_Hex('Auto')
+To_Base64('A-Za-z0-9+/=')
+Find_/_Replace({'option':'Regex','string':'.*'},'$R0:$$7$$101$$$R3$$$&',false,false,false,false)

04-mosquitto/lab03/cyberchef/receipt.json

@@ -0,0 +1,30 @@
+[
+  { "op": "Fork",
+    "args": ["\\n", "\\n", false] },
+  { "op": "Register",
+    "args": ["^([^:]+)", true, false, false] },
+  { "op": "Find / Replace",
+    "args": [{ "option": "Regex", "string": "^[^:]+:" }, "", false, false, false, false] },
+  { "op": "Register",
+    "args": ["(.*)", true, false, false] },
+  { "op": "Pseudo-Random Number Generator",
+    "args": [12, "Hex"] },
+  { "op": "Register",
+    "args": ["(.*)", true, false, false] },
+  { "op": "From Hex",
+    "args": ["Auto"] },
+  { "op": "To Base64",
+    "args": ["A-Za-z0-9+/="] },
+  { "op": "Register",
+    "args": ["([\\s\\S]*)", true, false, false] },
+  { "op": "Find / Replace",
+    "args": [{ "option": "Regex", "string": ".*" }, "$R1", false, false, false, false] },
+  { "op": "Derive PBKDF2 key",
+    "args": [{ "option": "Latin1", "string": "$R1" }, 512, 101, "SHA512", { "option": "Hex", "string": "$R2" }] },
+  { "op": "From Hex",
+    "args": ["Auto"] },
+  { "op": "To Base64",
+    "args": ["A-Za-z0-9+/="] },
+  { "op": "Find / Replace",
+    "args": [{ "option": "Regex", "string": ".*" }, "$R0:$$7$$101$$$R3$$$&", false, false, false, false] }
+]

04-mosquitto/lab03/lab.txt

@@ -0,0 +1,39 @@
+= Mosquitto Authentifizierung
+
+Konfigurieren Sie Mosquitto, so dass nur authentifizierte Clients zugreifen dürfen.
+
+
+listener 1883
+
+allow_anonymous false
+password_file /mosquitto/config/users.txt
+
+
+
+
+Erzeugen Sie eine Passwortdatei mit mehreren Nutzern.
+Sie können `mosquitto_passwd` benutzen:
+
+$ docker run --rm -it --net host eclipse-mosquitto sh
+# mosquitto_passwd -b -c users.txt thomas geheim
+# mosquitto_passwd -b users.txt admin secret
+# cat users.txt 
+
+
+Für CyberChef befindet sich ein Rezept im Unterordner `CyberChef` oder
+der folgende Link kann genutzt werden:
+"https://gchq.github.io/CyberChef/#recipe=Fork('%5C%5Cn','%5C%5Cn',false)Register('%5E(%5B%5E:%5D%2B)',true,false,false)Find_/_Replace(%7B'option':'Regex','string':'%5E%5B%5E:%5D%2B:'%7D,'',false,false,false,false)Register('(.*)',true,false,false)Pseudo-Random_Number_Generator(12,'Hex')Register('(.*)',true,false,false)From_Hex('Auto')To_Base64('A-Za-z0-9%2B/%3D')Register('(%5B%5C%5Cs%5C%5CS%5D*)',true,false,false)Find_/_Replace(%7B'option':'Regex','string':'.*'%7D,'$R1',false,false,false,false)Derive_PBKDF2_key(%7B'option':'Latin1','string':'$R1'%7D,512,101,'SHA512',%7B'option':'Hex','string':'$R2'%7D)From_Hex('Auto')To_Base64('A-Za-z0-9%2B/%3D')Find_/_Replace(%7B'option':'Regex','string':'.*'%7D,'$R0:$$7$$101$$$R3$$$%26',false,false,false,false)"
+
+Das Inputformat ist dabei: "user:klartextpasswort"
+
+
+
+Testen Sie, ob der Zugriff funktioniert
+
+
+$ docker run --rm -it --init --net host -v $PWD/config:/mosquitto/config eclipse-mosquitto
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub  -V 5 --topic "demotopic" \
+  --username admin -P secret -W 2 --debug
+

04-mosquitto/lab04/config/acl.txt

@@ -0,0 +1,8 @@
+topic readwrite freeforall
+
+pattern readwrite users/%u/#
+
+topic read announcements
+
+user thomas
+topic readwrite announcements

04-mosquitto/lab04/config/docker-compose.yml

@@ -0,0 +1,9 @@
+services:
+  mosquitto:
+    image: eclipse-mosquitto
+    ports:
+      - "1883:1883"
+    volumes:
+      - ./mosquitto.conf:/mosquitto/config/mosquitto.conf:ro
+      - ./users.txt:/mosquitto/config/users.txt:ro
+      - ./acl.txt:/mosquitto/config/acl.txt:ro

04-mosquitto/lab04/config/mosquitto.conf

@@ -0,0 +1,5 @@
+listener 1883
+
+allow_anonymous true
+password_file /mosquitto/config/users.txt
+acl_file /mosquitto/config/acl.txt

04-mosquitto/lab04/config/users.txt

@@ -0,0 +1,2 @@
+thomas:$7$101$+0sf4wma3qzDFw6R$H+lLmGLzo1Ex5rXxZqWxuEFCV7bSsAehEwTJ6XULFberEhwug/EC8aSWtiI4xScYQ2u/0sZ3xCg0rTRaMb5ITg==
+admin:$7$101$S9wXlrBPl3PFz+9y$l3/GP/FjklfQ2inTxBf4FfLvFR3r5yF6G6ZSRDFRwAklzltZ+xhUWM83PKQjxy2ZFYYmHxMoKs4q1+IMrXL6NA==

04-mosquitto/lab04/cyberchef/chef.txt

@@ -0,0 +1,14 @@
+Fork('\\n','\\n',false)
+Register('^([^:]+)',true,false,false)
+Find_/_Replace({'option':'Regex','string':'^[^:]+:'},'',false,false,false,false)
+Register('(.*)',true,false,false)
+Pseudo-Random_Number_Generator(12,'Hex')
+Register('(.*)',true,false,false)
+From_Hex('Auto')
+To_Base64('A-Za-z0-9+/=')
+Register('([\\s\\S]*)',true,false,false)
+Find_/_Replace({'option':'Regex','string':'.*'},'$R1',false,false,false,false)
+Derive_PBKDF2_key({'option':'Latin1','string':'$R1'},512,101,'SHA512',{'option':'Hex','string':'$R2'})
+From_Hex('Auto')
+To_Base64('A-Za-z0-9+/=')
+Find_/_Replace({'option':'Regex','string':'.*'},'$R0:$$7$$101$$$R3$$$&',false,false,false,false)

04-mosquitto/lab04/cyberchef/receipt.json

@@ -0,0 +1,30 @@
+[
+  { "op": "Fork",
+    "args": ["\\n", "\\n", false] },
+  { "op": "Register",
+    "args": ["^([^:]+)", true, false, false] },
+  { "op": "Find / Replace",
+    "args": [{ "option": "Regex", "string": "^[^:]+:" }, "", false, false, false, false] },
+  { "op": "Register",
+    "args": ["(.*)", true, false, false] },
+  { "op": "Pseudo-Random Number Generator",
+    "args": [12, "Hex"] },
+  { "op": "Register",
+    "args": ["(.*)", true, false, false] },
+  { "op": "From Hex",
+    "args": ["Auto"] },
+  { "op": "To Base64",
+    "args": ["A-Za-z0-9+/="] },
+  { "op": "Register",
+    "args": ["([\\s\\S]*)", true, false, false] },
+  { "op": "Find / Replace",
+    "args": [{ "option": "Regex", "string": ".*" }, "$R1", false, false, false, false] },
+  { "op": "Derive PBKDF2 key",
+    "args": [{ "option": "Latin1", "string": "$R1" }, 512, 101, "SHA512", { "option": "Hex", "string": "$R2" }] },
+  { "op": "From Hex",
+    "args": ["Auto"] },
+  { "op": "To Base64",
+    "args": ["A-Za-z0-9+/="] },
+  { "op": "Find / Replace",
+    "args": [{ "option": "Regex", "string": ".*" }, "$R0:$$7$$101$$$R3$$$&", false, false, false, false] }
+]

04-mosquitto/lab04/lab.txt

@@ -0,0 +1,77 @@
+= Mosquitto Autorisierung
+
+
+Konfigurieren Sie Mosquitto, aktivieren Sie die Nutzung der ACL Datei.
+
+
+listener 1883
+
+allow_anonymous true
+password_file /mosquitto/config/users.txt
+acl_file /mosquitto/config/acl.txt
+
+
+Nicht authentifizierte Clients dürfen `freeforall` und alles unterhalb nutzen.
+
+
+topic readwrite freeforall
+
+
+
+Authentifizierte User dürfen unterhalb von `users/` ihren Usernamen und alles darunter nutzen.
+
+
+pattern readwrite users/%u/#
+
+
+
+Das Topic `announcements` darf jeder lesen, der User `thomas` auch schreiben
+
+topic read announcements
+user thomas
+topic readwrite announcements
+
+
+
+Testen Sie das Verhalten mit verschiedenen Varianten zu publizieren, variieren Sie auch QoS und MQTT Version.
+
+
+$ docker run --rm -it --init --net host -v $PWD/config:/mosquitto/config eclipse-mosquitto
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub -V 5 --topic "freeforall" \
+  --debug
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub -V 5 --topic "announcements" \
+  --debug
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_sub -V 5 --topic "users/thomas/inbox" \
+  --username thomas -P geheim --debug
+
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+  mosquitto_pub -V 5 --qos 1 --topic "freeforall" --message "hello all" --debug
+
+
+$ docker run --rm -it --net host eclipse-mosquitto \
+  mosquitto_pub -V 5 --topic announcements --message "not allowed" \
+  --debug
+
+$ docker run --rm -it --net host eclipse-mosquitto \
+  mosquitto_pub --qos 1 --topic announcements --message "not allowed" \
+  --debug
+
+$ docker run --rm -it --net host eclipse-mosquitto \
+  mosquitto_pub -V 5 --qos 1 --topic announcements --message "not allowed" \
+  --debug
+
+
+$ docker run --rm -it --net host eclipse-mosquitto \
+  mosquitto_pub -V 5 --qos 1 --topic users/thomas/inbox --message "email for you" \
+  --username thomas -P geheim --debug
+
+$ docker run --rm -it --net host eclipse-mosquitto \
+  mosquitto_pub -V 5 --qos 1 --topic announcements --message "system information" \
+  --username thomas -P geheim --debug

04-mosquitto/lab05/.gitignore

@@ -0,0 +1 @@
+*.pem

04-mosquitto/lab05/config/acl.txt

@@ -0,0 +1,8 @@
+topic readwrite freeforall
+
+pattern readwrite users/%u/#
+
+topic read announcements
+
+user thomas
+topic readwrite announcements

04-mosquitto/lab05/config/docker-compose.yml

@@ -0,0 +1,7 @@
+services:
+  mosquitto:
+    image: eclipse-mosquitto
+    ports:
+      - "1883:1883"
+    volumes:
+      - ./:/mosquitto/config

04-mosquitto/lab05/config/mosquitto.conf

@@ -0,0 +1,10 @@
+listener 1883
+
+listener_allow_anonymous true
+password_file /mosquitto/config/users.txt
+acl_file /mosquitto/config/acl.txt
+
+listener 8883
+listener_allow_anonymous true
+certfile /mosquitto/config/cert.pem
+keyfile /mosquitto/config/key.pem

04-mosquitto/lab05/config/users.txt

@@ -0,0 +1,2 @@
+thomas:$7$101$+0sf4wma3qzDFw6R$H+lLmGLzo1Ex5rXxZqWxuEFCV7bSsAehEwTJ6XULFberEhwug/EC8aSWtiI4xScYQ2u/0sZ3xCg0rTRaMb5ITg==
+admin:$7$101$S9wXlrBPl3PFz+9y$l3/GP/FjklfQ2inTxBf4FfLvFR3r5yF6G6ZSRDFRwAklzltZ+xhUWM83PKQjxy2ZFYYmHxMoKs4q1+IMrXL6NA==

04-mosquitto/lab05/lab.txt

@@ -0,0 +1,55 @@
+= Mosquitto mit custom TLS Zertifikat
+
+
+Erstellen Sie ein self-signed (CA) Zertifikat.
+
+
+$ openssl req -new -x509 -newkey rsa:4096 -nodes -keyout ca-key.pem -out ca-cert.pem \
+ -days 365 -subj "/CN=My-CA" -addext "basicConstraints=critical,CA:TRUE" \
+ -addext "keyUsage=critical,keyCertSign,cRLSign" 
+
+
+Signieren Sie damit ein selbst erstelltes Zertifikat für Mosquitto.
+
+$ openssl genrsa -out key.pem 2048
+$ openssl req -new -key key.pem -out request.pem -subj "/CN=localhost" \
+  -addext 'subjectAltName=DNS:localhost,IP:127.0.0.1' \
+  -addext "keyUsage=digitalSignature,keyEncipherment" \
+  -addext "extendedKeyUsage=serverAuth"
+
+$ openssl x509 -req -days 365 -in request.pem -CA ca-cert.pem -CAkey ca-key.pem \
+ -set_serial 01 -out cert.pem -copy_extensions copyall
+
+Konfigurieren Sie damit einen zusätzlichen Listener in Mosquitto (`certfile`, `keyfile`) Port 8883
+
+
+listener 1883
+listener_allow_anonymous true
+password_file /mosquitto/config/users.txt
+acl_file /mosquitto/config/acl.txt
+
+listener 8883
+listener_allow_anonymous true
+certfile /mosquitto/config/cert.pem
+keyfile /mosquitto/config/key.pem
+
+
+Konfigurieren Sie das CA Zertifikat im Client und greifen per TLS auf Mosquitto zu.
+
+$ docker run --rm -it --init --net host -v $PWD:/data eclipse-mosquitto \
+ mosquitto_pub --port 8883 -V 5 --qos 1 --topic freeforall --message "this is secure"  \
+ --cafile /data/ca-cert.pem --debug
+
+
+Was passiert, wenn das CA Zertifikat nicht angegeben wird?
+
+$ docker run --rm -it --init --net host -v $PWD:/data eclipse-mosquitto \
+ mosquitto_pub --port 8883 -V 5 --qos 1 --topic freeforall --message "this is secure"  \
+ --debug                      
+
+
+Optional können Sie auch Username/Passwort Credentials ergänzen
+
+$ docker run --rm -it --init --net host -v $PWD:/data eclipse-mosquitto \
+ mosquitto_pub --port 8883 -V 5 --qos 1 --topic announcements --message "all secure"  \
+ --cafile /data/ca-cert.pem --username thomas -P geheim --debug

04-mosquitto/lab06/.gitignore

@@ -0,0 +1,7 @@
+*.pem
+*.key
+*.cer
+*.fullchain
+!sample/*key
+!sample/*fullchain
+!sample/*cer

04-mosquitto/lab06/config/acl.txt

@@ -0,0 +1,8 @@
+topic readwrite freeforall
+
+pattern readwrite users/%u/#
+
+topic read announcements
+
+user thomas
+topic readwrite announcements

04-mosquitto/lab06/config/docker-compose.yml

@@ -0,0 +1,7 @@
+services:
+  mosquitto:
+    image: eclipse-mosquitto
+    ports:
+      - "1883:1883"
+    volumes:
+      - ./:/mosquitto/config

04-mosquitto/lab06/config/mosquitto.conf

@@ -0,0 +1,15 @@
+listener 1883
+
+listener_allow_anonymous true
+password_file /mosquitto/config/users.txt
+acl_file /mosquitto/config/acl.txt
+
+listener 8883
+listener_allow_anonymous true
+
+# Nur Leaf-Zertifikat, in Kette fehlt Intermediate
+# certfile /mosquitto/config/mqtt.trion.dev.cer
+
+certfile /mosquitto/config/mqtt.trion.dev.fullchain
+keyfile /mosquitto/config/mqtt.trion.dev.key
+

04-mosquitto/lab06/config/users.txt

@@ -0,0 +1,2 @@
+thomas:$7$101$+0sf4wma3qzDFw6R$H+lLmGLzo1Ex5rXxZqWxuEFCV7bSsAehEwTJ6XULFberEhwug/EC8aSWtiI4xScYQ2u/0sZ3xCg0rTRaMb5ITg==
+admin:$7$101$S9wXlrBPl3PFz+9y$l3/GP/FjklfQ2inTxBf4FfLvFR3r5yF6G6ZSRDFRwAklzltZ+xhUWM83PKQjxy2ZFYYmHxMoKs4q1+IMrXL6NA==

04-mosquitto/lab06/lab.txt

@@ -0,0 +1,40 @@
+= Verwendung ACME TLS Zertifikat
+
+
+Nutzen Sie z.B. acme.sh um ein Zertifikat für den öffentlichen Hostnamen / IP Adresse
+Ihrer Maschine ein Zertifikat zu erstellen.
+Dies Lab ist nur möglich auf öffentlich erreichbaren Maschinen.
+
+
+
+Für DNS Namen (Hostnamen passend wählen)
+
+$ mkdir out
+$ docker run --rm -it -v "$(pwd)/out":/acme.sh -p 80:80 -p 443:443 neilpang/acme.sh \
+  --register-account -m  zerossl@example.com
+$ docker run --rm -it -v "$(pwd)/out":/acme.sh -p 80:80 -p 443:443 neilpang/acme.sh \
+  --issue -d mqtt.trion.dev --server zerossl --standalone
+
+Oder für die IP
+
+$ mkdir out
+$ docker run --rm -it -v "$(pwd)/out":/acme.sh -p 80:80 -p 443:443 neilpang/acme.sh \
+ --issue --alpn -d 217.231.222.7 --server letsencrypt --certificate-profile shortlived --days 5
+
+
+Konfigurieren Sie das erhaltene Zertifikat.
+
+
+certfile /mosquitto/config/mqtt.trion.dev.fullchain
+keyfile /mosquitto/config/mqtt.trion.dev.key
+
+
+$ docker run --rm -it --init --net host -v $PWD:/mosquitto/config eclipse-mosquitto
+
+
+Verbinden Sie sich über den passenden Weg (Hostnamen / IP) unter Verwendung von TLS
+auf den Broker
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+ mosquitto_pub --host mqtt.trion.dev --port 8883 -V 5 --qos 1 \
+ --topic freeforall --message "this is secure" --debug

04-mosquitto/lab06/sample/mqtt.trion.dev.cer

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID9DCCA3qgAwIBAgIRAMkUcDI/Bsia55JeVesEvuMwCgYIKoZIzj0EAwMwSzEL
+MAkGA1UEBhMCQVQxEDAOBgNVBAoTB1plcm9TU0wxKjAoBgNVBAMTIVplcm9TU0wg
+RUNDIERvbWFpbiBTZWN1cmUgU2l0ZSBDQTAeFw0yNjAyMDEwMDAwMDBaFw0yNjA1
+MDIyMzU5NTlaMBkxFzAVBgNVBAMTDm1xdHQudHJpb24uZGV2MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAE4e+SWARnLByaXMXJdfbPXMegYT1rFXwsVwBnEaKwcJbI
+F60x6Jc08V1MmFIHUIPdMP5ezqbt0VS7TUsaca66MKOCAm8wggJrMB8GA1UdIwQY
+MBaAFA9r5kvOOUeu9n6QHnnwMJGSyF+jMB0GA1UdDgQWBBQsP/sy/wqn4wsONH/p
+9guCOI0tRjAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAK
+BggrBgEFBQcDATBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgJOMCUwIwYIKwYBBQUH
+AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBiAYIKwYBBQUH
+AQEEfDB6MEsGCCsGAQUFBzAChj9odHRwOi8vemVyb3NzbC5jcnQuc2VjdGlnby5j
+b20vWmVyb1NTTEVDQ0RvbWFpblNlY3VyZVNpdGVDQS5jcnQwKwYIKwYBBQUHMAGG
+H2h0dHA6Ly96ZXJvc3NsLm9jc3Auc2VjdGlnby5jb20wggEDBgorBgEEAdZ5AgQC
+BIH0BIHxAO8AdgAOV5S8866pPjMbLJkHs/eQ35vCPXEyJd0hqSWsYcVOIQAAAZwY
+f1wTAAAEAwBHMEUCIQCKKPMWPfgpfaSY9410Ck9XJgf7z2M/9wHFctS63EB/iQIg
+RQo+eGFZht4U1l951MthGodOFf/kPJR8+6ISkLYDMvMAdQAWgy2r8KklDw/wOqVF
+/8i/yCPQh0v2BCkn+OcfMxP1+gAAAZwYf1wOAAAEAwBGMEQCIArz8jZ2ZMiY5/8P
+0Nqtmj/XWEncfHQXi1AI95jMR6q/AiBzxNv5SQUI3i+ah3YUFxRcskFgRmAqiEDZ
+QWX08LcEjTAZBgNVHREEEjAQgg5tcXR0LnRyaW9uLmRldjAKBggqhkjOPQQDAwNo
+ADBlAjEA8o6CjH/m/6gmbxBV7InPYiRKtxoo+7fyRtMbLG5H7tJyNVbqzl1Vr3sS
+5CkBEcseAjB9pRbWF32qzEWXxTX3Iojo0Ii9DJa/PcNUMKSbzwEDOlPZCyK+GMuF
+yYQoZOXOeuw=
+-----END CERTIFICATE-----

04-mosquitto/lab06/sample/mqtt.trion.dev.fullchain

@@ -0,0 +1,68 @@
+-----BEGIN CERTIFICATE-----
+MIID9DCCA3qgAwIBAgIRAMkUcDI/Bsia55JeVesEvuMwCgYIKoZIzj0EAwMwSzEL
+MAkGA1UEBhMCQVQxEDAOBgNVBAoTB1plcm9TU0wxKjAoBgNVBAMTIVplcm9TU0wg
+RUNDIERvbWFpbiBTZWN1cmUgU2l0ZSBDQTAeFw0yNjAyMDEwMDAwMDBaFw0yNjA1
+MDIyMzU5NTlaMBkxFzAVBgNVBAMTDm1xdHQudHJpb24uZGV2MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAE4e+SWARnLByaXMXJdfbPXMegYT1rFXwsVwBnEaKwcJbI
+F60x6Jc08V1MmFIHUIPdMP5ezqbt0VS7TUsaca66MKOCAm8wggJrMB8GA1UdIwQY
+MBaAFA9r5kvOOUeu9n6QHnnwMJGSyF+jMB0GA1UdDgQWBBQsP/sy/wqn4wsONH/p
+9guCOI0tRjAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAK
+BggrBgEFBQcDATBJBgNVHSAEQjBAMDQGCysGAQQBsjEBAgJOMCUwIwYIKwYBBQUH
+AgEWF2h0dHBzOi8vc2VjdGlnby5jb20vQ1BTMAgGBmeBDAECATCBiAYIKwYBBQUH
+AQEEfDB6MEsGCCsGAQUFBzAChj9odHRwOi8vemVyb3NzbC5jcnQuc2VjdGlnby5j
+b20vWmVyb1NTTEVDQ0RvbWFpblNlY3VyZVNpdGVDQS5jcnQwKwYIKwYBBQUHMAGG
+H2h0dHA6Ly96ZXJvc3NsLm9jc3Auc2VjdGlnby5jb20wggEDBgorBgEEAdZ5AgQC
+BIH0BIHxAO8AdgAOV5S8866pPjMbLJkHs/eQ35vCPXEyJd0hqSWsYcVOIQAAAZwY
+f1wTAAAEAwBHMEUCIQCKKPMWPfgpfaSY9410Ck9XJgf7z2M/9wHFctS63EB/iQIg
+RQo+eGFZht4U1l951MthGodOFf/kPJR8+6ISkLYDMvMAdQAWgy2r8KklDw/wOqVF
+/8i/yCPQh0v2BCkn+OcfMxP1+gAAAZwYf1wOAAAEAwBGMEQCIArz8jZ2ZMiY5/8P
+0Nqtmj/XWEncfHQXi1AI95jMR6q/AiBzxNv5SQUI3i+ah3YUFxRcskFgRmAqiEDZ
+QWX08LcEjTAZBgNVHREEEjAQgg5tcXR0LnRyaW9uLmRldjAKBggqhkjOPQQDAwNo
+ADBlAjEA8o6CjH/m/6gmbxBV7InPYiRKtxoo+7fyRtMbLG5H7tJyNVbqzl1Vr3sS
+5CkBEcseAjB9pRbWF32qzEWXxTX3Iojo0Ii9DJa/PcNUMKSbzwEDOlPZCyK+GMuF
+yYQoZOXOeuw=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAwygAwIBAgIQI7dt48G7KxpRlh4I6rdk6DAKBggqhkjOPQQDAzCBiDEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl
+eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT
+JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMjAwMTMw
+MDAwMDAwWhcNMzAwMTI5MjM1OTU5WjBLMQswCQYDVQQGEwJBVDEQMA4GA1UEChMH
+WmVyb1NTTDEqMCgGA1UEAxMhWmVyb1NTTCBFQ0MgRG9tYWluIFNlY3VyZSBTaXRl
+IENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENkFhFytTJe2qypTk1tpIV+9QuoRk
+gte7BRvWHwYk9qUznYzn8QtVaGOCMBBfjWXsqqivl8q1hs4wAYl03uNOXgFu7iZ7
+zFP6I6T3RB0+TR5fZqathfby47yOCZiAJI4go4IBdTCCAXEwHwYDVR0jBBgwFoAU
+OuEJhtTPGcKWdnRJdtzgNcZjY5owHQYDVR0OBBYEFA9r5kvOOUeu9n6QHnnwMJGS
+yF+jMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdJQQW
+MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAiBgNVHSAEGzAZMA0GCysGAQQBsjEBAgJO
+MAgGBmeBDAECATBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwOi8vY3JsLnVzZXJ0cnVz
+dC5jb20vVVNFUlRydXN0RUNDQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdgYI
+KwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNodHRwOi8vY3J0LnVzZXJ0cnVzdC5j
+b20vVVNFUlRydXN0RUNDQWRkVHJ1c3RDQS5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6
+Ly9vY3NwLnVzZXJ0cnVzdC5jb20wCgYIKoZIzj0EAwMDZwAwZAIwJHBUDwHJQN3I
+VNltVMrICMqYQ3TYP/TXqV9t8mG5cAomG2MwqIsxnL937Gewf6WIAjAlrauksO6N
+UuDdDXyd330druJcZJx0+H5j5cFOYBaGsKdeGW7sCMaR2PsDFKGllas=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7
+MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
+VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
+AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
+MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
+MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
+ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthL
+q8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8Znc
+JZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaA
+FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
+xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAI
+MAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
+b20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQG
+CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM
+BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy
+ij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+
+FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JV
+bJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmY
+CV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf
+8qn0dNW44bOwgeThpWOjzOoEeJBuv/c=
+-----END CERTIFICATE-----

04-mosquitto/lab06/sample/mqtt.trion.dev.key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIO/7jTTv3NKaDrAvRLrHgsRIlJ55EwQM1FlfdWaJcfT7oAoGCCqGSM49
+AwEHoUQDQgAE4e+SWARnLByaXMXJdfbPXMegYT1rFXwsVwBnEaKwcJbIF60x6Jc0
+8V1MmFIHUIPdMP5ezqbt0VS7TUsaca66MA==
+-----END EC PRIVATE KEY-----

04-mosquitto/lab07/config/docker-compose.yml

@@ -0,0 +1,7 @@
+services:
+  mosquitto:
+    image: eclipse-mosquitto
+    ports:
+      - "1883:1883"
+    volumes:
+      - ./:/mosquitto/config

04-mosquitto/lab07/config/mosquitto.conf

@@ -0,0 +1,14 @@
+listener 1883
+
+listener_allow_anonymous true
+
+
+listener 8883
+
+# use_identity_as_username true
+# listener_allow_anonymous false
+listener_allow_anonymous true
+
+
+psk_file /mosquitto/config/tls-psk.txt
+psk_hint mosquitto-psk

04-mosquitto/lab07/config/tls-psk.txt

@@ -0,0 +1,2 @@
+Client_123:d91bc336c989761cf44d703e694acf59
+thomas:cc53e7fda42c3f7ddc4a9cea6e9b33de

04-mosquitto/lab07/lab.txt

@@ -0,0 +1,39 @@
+= Verwendung TLS PSK
+
+
+Erstellen Sie eine Datei für `psk_file`.
+Zufallsschlüssel können mit `openssl rand -hex 16` generiert werden.
+
+Client_123:d91bc336c989761cf44d703e694acf59
+thomas:cc53e7fda42c3f7ddc4a9cea6e9b33de
+
+Konfigurieren Sie einen zusätzlichen Listener auf Port `8883` für TLS-PSK
+
+
+listener 8883
+listener_allow_anonymous true  # Anonym trotz PSK!
+
+psk_file /mosquitto/config/tls-psk.txt
+psk_hint mosquitto-psk
+
+
+$ docker run --rm -it --init --net host -v $PWD/config:/mosquitto/config eclipse-mosquitto
+
+
+Greifen Sie mittels `mosquitto_sub` per TLS-PSK zu
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+ mosquitto_sub --psk-identity thomas --psk cc53e7fda42c3f7ddc4a9cea6e9b33de \
+ --qos 1 --topic user/thomas/inbox --debug
+
+
+
+Erweitern Sie die Konfiguration mit `use_identity_as_username true`
+
+
+listener 8883
+use_identity_as_username true
+listener_allow_anonymous false # Jetzt ist User gemappt
+
+psk_file /mosquitto/config/tls-psk.txt
+psk_hint mosquitto-psk

04-mosquitto/lab08/.gitignore

@@ -0,0 +1 @@
+*.pem

04-mosquitto/lab08/config/docker-compose.yml

@@ -0,0 +1,7 @@
+services:
+  mosquitto:
+    image: eclipse-mosquitto
+    ports:
+      - "1883:1883"
+    volumes:
+      - ./:/mosquitto/config:ro

04-mosquitto/lab08/config/mosquitto.conf

@@ -0,0 +1,14 @@
+listener 1883
+listener_allow_anonymous true
+
+
+listener 8883
+
+#listener_allow_anonymous true
+listener_allow_anonymous false
+use_identity_as_username true
+
+certfile /mosquitto/config/server-cert.pem
+keyfile /mosquitto/config/server-key.pem
+require_certificate true
+cafile /mosquitto/config/ca-cert.pem

04-mosquitto/lab08/config/users.txt

@@ -0,0 +1,2 @@
+thomas:$7$101$+0sf4wma3qzDFw6R$H+lLmGLzo1Ex5rXxZqWxuEFCV7bSsAehEwTJ6XULFberEhwug/EC8aSWtiI4xScYQ2u/0sZ3xCg0rTRaMb5ITg==
+admin:$7$101$S9wXlrBPl3PFz+9y$l3/GP/FjklfQ2inTxBf4FfLvFR3r5yF6G6ZSRDFRwAklzltZ+xhUWM83PKQjxy2ZFYYmHxMoKs4q1+IMrXL6NA==

04-mosquitto/lab08/lab.txt

@@ -0,0 +1,76 @@
+= Verwendung mTLS in Mosquitto
+
+
+Erstellen Sie ein self-signed (CA) Zertifikat.
+
+
+$ openssl req -new -x509 -newkey rsa:4096 -nodes -keyout ca-key.pem -out ca-cert.pem \
+ -days 365 -subj "/CN=My-CA" -addext "basicConstraints=critical,CA:TRUE" \
+ -addext "keyUsage=critical,keyCertSign,cRLSign" 
+
+
+Signieren Sie damit ein selbst erstelltes Zertifikat für den Broker.
+
+$ openssl genrsa -out server-key.pem 2048
+$ openssl req -new -key server-key.pem -out request.pem -subj "/CN=localhost" \
+  -addext 'subjectAltName=DNS:localhost,IP:127.0.0.1' \
+  -addext "keyUsage=digitalSignature,keyEncipherment" \
+  -addext "extendedKeyUsage=serverAuth"
+
+$ openssl x509 -req -days 365 -in request.pem -CA ca-cert.pem -CAkey ca-key.pem \
+ -set_serial 01 -out server-cert.pem -copy_extensions copyall
+$ rm request.pem
+
+
+Signieren Sie damit ein selbst erstelltes Zertifikat für den Client.
+
+$ openssl genrsa -out client-key.pem 2048
+$ openssl req -new -key client-key.pem -out request.pem -subj "/CN=thomas" \
+  -addext "keyUsage=digitalSignature" \
+  -addext "extendedKeyUsage=clientAuth"
+$ openssl x509 -req -days 365 -in request.pem -CA ca-cert.pem -CAkey ca-key.pem \
+ -set_serial 01 -out client-cert.pem -copy_extensions copyall
+$ rm request.pem
+
+
+Konfigurieren Sie damit einen zusätzlichen Listener in Mosquitto (`certfile`, `keyfile`) Port 8883
+
+
+listener 1883
+listener_allow_anonymous true
+password_file /mosquitto/config/users.txt
+acl_file /mosquitto/config/acl.txt
+
+listener 8883
+listener_allow_anonymous true
+certfile /mosquitto/config/server-cert.pem
+keyfile /mosquitto/config/server-key.pem
+require_certificate true
+cafile /mosquitto/config/ca-cert.pem
+
+
+$ docker run --rm -it --init --net host -v $PWD/config:/mosquitto/config eclipse-mosquitto
+
+
+Konfigurieren Sie das CA und Client Zertifikat im Client und greifen per mTLS auf Mosquitto zu.
+
+$ docker run --rm -it --init --net host -v $PWD/config:/data eclipse-mosquitto \
+ mosquitto_pub --port 8883 -V 5 --qos 1 --topic freeforall --message "this is secure"  \
+ --cafile /data/ca-cert.pem --cert /data/client-cert.pem \
+ --key /data/client-key.pem --debug
+
+
+Erweitern Sie die Konfiguration mit `use_identity_as_username true`
+
+listener 1883
+listener_allow_anonymous true
+password_file /mosquitto/config/users.txt
+acl_file /mosquitto/config/acl.txt
+
+listener 8883
+listener_allow_anonymous false
+use_identity_as_username true
+certfile /mosquitto/config/server-cert.pem
+keyfile /mosquitto/config/server-key.pem
+require_certificate true
+cafile /mosquitto/config/ca-cert.pem

04-mosquitto/lab09/docker-compose.yml

@@ -0,0 +1,7 @@
+services:
+  mosquitto:
+    image: eclipse-mosquitto
+    ports:
+      - "1883:1883"
+    volumes:
+      - ./mosquitto.conf:/mosquitto/config/mosquitto.conf:ro

04-mosquitto/lab09/lab.txt

@@ -0,0 +1,37 @@
+= Unidirektionale Mosquitto Bridge (lab09)
+
+
+Konfigurieren Sie eine Bridge zu `test.mosquitto.org` für eingehende Nachrichten.
+Verwenden Sie eine feste `remote_clientid`, z.B. training-studentXX.
+
+listener 1883
+listener_allow_anonymous true
+
+connection mosquitto-bridge
+address test.mosquitto.org:1883
+remote_clientid training-demo
+
+
+Das Remote-Topic `$SYS/broker/clients/total` soll auf `remote/clients/total` gemappt werden.
+Die Hierarchie `$SYS/broker` soll auf `remote/broker` gemappt werden
+
+
+topic clients/total in 1 remote/ $SYS/broker/
+topic # in 1 remote/broker/ $SYS/broker/
+
+
+$ docker run --rm -it --init --net host -v $PWD:/mosquitto/config eclipse-mosquitto
+
+
+Validieren Sie den Status der Bridge und dass Nachrichten ankommen
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+mosquitto_sub --topic '$SYS/broker/connection/#' --topic '#' --debug
+
+Testen Sie per Bridge alle Topics zu subscriben, nehmen Sie die Konfiguration wieder heraus und starten Mosquitto neu
+
+
+topic # in 1 full/ ""
+
+
+Beheben Sie ein mögliches Problem

04-mosquitto/lab09/mosquitto.conf

@@ -0,0 +1,12 @@
+listener 1883
+listener_allow_anonymous true
+
+connection mosquitto-bridge
+address test.mosquitto.org:1883
+remote_clientid training-demo
+
+topic clients/total in 1 remote/ $SYS/broker/
+topic # in 1 remote/broker/ $SYS/broker/
+
+#topic # in 1 full/ ""
+#cleansession true

04-mosquitto/lab10/docker-compose.yml

@@ -0,0 +1,7 @@
+services:
+  mosquitto:
+    image: eclipse-mosquitto
+    ports:
+      - "1883:1883"
+    volumes:
+      - ./mosquitto.conf:/mosquitto/config/mosquitto.conf:ro

04-mosquitto/lab10/lab.txt

@@ -0,0 +1,37 @@
+= Bidirektionale Mosquitto Bridge (lab10)
+
+
+Konfigurieren Sie eine Bridge zu `test.mosquitto.org`, verwenden Sie eine feste 
+`remote_clientid`, z.B. training-studentXX.
+
+
+listener 1883
+listener_allow_anonymous true
+
+connection mosquitto-bridge
+address test.mosquitto.org:1883
+remote_clientid training-demo
+
+
+Das Remote-Topic `$SYS/broker/clients/total` soll auf `remote/clients/total` gemappt werden.
+Die lokale Topichierarchie `sensors/#` soll ausgehend auf `mqtt-training/sensors/#` gemappt werden.
+
+
+topic broker/clients/total in 1 remote/ $SYS/
+topic # out 1 sensors/ mqtt-training/sensors/
+
+ 
+
+$ docker run --rm -it --init --net host -v $PWD:/mosquitto/config eclipse-mosquitto
+
+
+Validieren Sie den Status der Bridge und dass Nachrichten ankommen - sowohl lokal als auch remote
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+mosquitto_sub --qos 1 --topic '$SYS/broker/connection/#' --topic '#' --debug
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+mosquitto_sub --host test.mosquitto.org --qos 1 --topic 'mqtt-training/#' --debug
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+mosquitto_pub --qos 1 --topic sensors/trainer --message "to bridge" --debug

04-mosquitto/lab10/mosquitto.conf

@@ -0,0 +1,10 @@
+listener 1883
+listener_allow_anonymous true
+
+connection mosquitto-bridge
+address test.mosquitto.org:1883
+remote_clientid training-demo
+
+topic broker/clients/total in 1 remote/ $SYS/
+topic # out 1 sensors/ mqtt-training/sensors/
+

04-mosquitto/lab11/0-duplicate/alpha/mosquitto.conf

@@ -0,0 +1,9 @@
+listener 1883
+listener_allow_anonymous true
+
+connection beta
+try_private false
+address localhost:1884
+
+topic # out 1 local/ local/
+topic # in 1 local/ local/

04-mosquitto/lab11/0-duplicate/beta/mosquitto.conf

@@ -0,0 +1,2 @@
+listener 1884
+listener_allow_anonymous true

04-mosquitto/lab11/0-duplicate/docker-compose.yml

@@ -0,0 +1,11 @@
+services:
+  alpha:
+    image: eclipse-mosquitto
+    network_mode: host
+    volumes:
+      - ./alpha/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro
+  beta:
+    image: eclipse-mosquitto
+    network_mode: host
+    volumes:
+      - ./beta/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro

04-mosquitto/lab11/1-unique/alpha/mosquitto.conf

@@ -0,0 +1,9 @@
+listener 1883
+listener_allow_anonymous true
+
+connection beta
+# try_private true
+address localhost:1884
+
+topic # out 1 local/ local/
+topic # in 1 local/ local/

04-mosquitto/lab11/1-unique/beta/mosquitto.conf

@@ -0,0 +1,2 @@
+listener 1884
+listener_allow_anonymous true

04-mosquitto/lab11/1-unique/docker-compose.yml

@@ -0,0 +1,11 @@
+services:
+  alpha:
+    image: eclipse-mosquitto
+    network_mode: host
+    volumes:
+      - ./alpha/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro
+  beta:
+    image: eclipse-mosquitto
+    network_mode: host
+    volumes:
+      - ./beta/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro

04-mosquitto/lab11/2-bidi-unique/alpha/mosquitto.conf

@@ -0,0 +1,9 @@
+listener 1883
+listener_allow_anonymous true
+
+connection beta
+try_private false
+address localhost:1884
+
+topic # out 1 local/ local/
+topic # in 1 local/ local/

04-mosquitto/lab11/2-bidi-unique/beta/mosquitto.conf

@@ -0,0 +1,11 @@
+listener 1884
+listener_allow_anonymous true
+
+connection alpha
+try_private true
+address localhost:1883
+
+topic # out 1 local/ local/
+topic # in 1 local/ local/
+
+

04-mosquitto/lab11/2-bidi-unique/docker-compose.yml

@@ -0,0 +1,11 @@
+services:
+  alpha:
+    image: eclipse-mosquitto
+    network_mode: host
+    volumes:
+      - ./alpha/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro
+  beta:
+    image: eclipse-mosquitto
+    network_mode: host
+    volumes:
+      - ./beta/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro

04-mosquitto/lab11/3-bidi-loop/alpha/mosquitto.conf

@@ -0,0 +1,9 @@
+listener 1883
+listener_allow_anonymous true
+
+connection beta
+try_private true
+address localhost:1884
+
+topic # out 1 local/ local/
+topic # in 1 local/ local/

04-mosquitto/lab11/3-bidi-loop/beta/mosquitto.conf

@@ -0,0 +1,10 @@
+listener 1884
+listener_allow_anonymous true
+
+connection alpha
+try_private false
+address localhost:1883
+
+topic # out 1 local/ local/
+topic # in 1 local/ local/
+

04-mosquitto/lab11/3-bidi-loop/docker-compose.yml

@@ -0,0 +1,11 @@
+services:
+  alpha:
+    image: eclipse-mosquitto
+    network_mode: host
+    volumes:
+      - ./alpha/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro
+  beta:
+    image: eclipse-mosquitto
+    network_mode: host
+    volumes:
+      - ./beta/mosquitto.conf:/mosquitto/config/mosquitto.conf:ro

04-mosquitto/lab11/lab.txt

@@ -0,0 +1,42 @@
+= Loops (lab11)
+
+Konfigurieren Sie zwei Bridges "alpha" und "beta", die miteinander über verschiedene
+Ports verbunden sind.
+Starten Sie mit einer unidirektionalen Bridge ("beta" als reiner Broker),
+deaktivieren Sie `try_private` und mappen local/# nach remote: local/# und umgekehrt.
+
+listener 1883
+listener_allow_anonymous true
+
+connection beta
+try_private false
+address localhost:1884
+
+topic # out 1 local/ local/
+topic # in 1 local/ local/
+...
+listener 1884
+listener_allow_anonymous true
+
+
+$ docker run --rm -it --init --net host -v $PWD/alpha:/mosquitto/config eclipse-mosquitto
+$ docker run --rm -it --init --net host -v $PWD/beta:/mosquitto/config eclipse-mosquitto
+
+Senden Sie eine Testnachricht nach `local/loop`.
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+ mosquitto_sub --port 1883 --qos 1 --topic '#' --debug
+
+$ docker run --rm -it --init --net host eclipse-mosquitto \
+ mosquitto_pub --qos 1 --topic 'local/loop' --message "demo" --debug
+
+Erstellen Sie eine Bridge von "beta" zu "alpha" mit gleicher Konfiguration
+
+
+Testen Sie `try_private`, nicht überlappende Hierarchien als Lösungen.
+
+
+try_private true
+
+topic # out 1 cloud/ local/
+topic # in 1 local/ cloud/

04-mosquitto/lab12/lab.txt

@@ -0,0 +1,22 @@
+= Prometheus Exporter
+
+Verwenden Sie 10 Sekunden Interval für $SYS Nachrichten.
+Starten Sie, falls erforderlich, einen Mosquitto Broker.
+
+listener 1883
+listener_allow_anonymous true
+sys_interval 10
+
+
+
+Starten Sie den Mosquitto Prometheus Exporter.
+
+$ docker run --rm -it --init --net host -v $PWD:/mosquitto/config eclipse-mosquitto
+
+$ docker run --rm -it --init --net host sapcc/mosquitto-exporter \
+  --endpoint tcp://localhost:1883
+
+
+Rufen Sie die Daten mit dem Browser oder cURL ab:
+
+$ curl http://localhost:9234/metrics

04-mosquitto/lab12/mosquitto.conf

@@ -0,0 +1,3 @@
+listener 1883
+listener_allow_anonymous true
+sys_interval 10

04-mosquitto/lab13/docker-compose-mosquitto.yml

@@ -0,0 +1,57 @@
+version: '3.8'
+
+services:
+  mosquitto:
+    image: eclipse-mosquitto:latest
+    container_name: mosquitto
+    ports:
+      - "1883:1883"
+      - "9001:9001"
+    volumes:
+      - ./mosquitto.conf:/mosquitto/config/mosquitto.conf
+
+  mosquitto-exporter:
+    image: sapcc/mosquitto-exporter:latest
+    container_name: mosquitto-exporter
+    environment:
+      - "BROKER_ENDPOINT=tcp://mosquitto:1883"
+    depends_on:
+      - mosquitto
+
+  node-exporter:
+    image: prom/node-exporter:latest
+    container_name: node-exporter
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+    command:
+      - '--path.procfs=/host/proc'
+      - '--path.rootfs=/rootfs'
+      - '--path.sysfs=/host/sys'
+      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
+
+  prometheus:
+    image: prom/prometheus:latest
+    container_name: prometheus
+    volumes:
+      - ./prometheus.yaml:/etc/prometheus/prometheus.yml
+      - prometheus_data:/prometheus
+    ports:
+      - "9090:9090"
+
+  grafana:
+    image: grafana/grafana:latest
+    container_name: grafana
+    ports:
+      - "3000:3000"
+    environment:
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_ADMIN_PASSWORD=admin
+    volumes:
+      - grafana_data:/var/lib/grafana
+      - ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
+      - ./grafana/provisioning/dashboards:/etc/grafana/provisioning/dashboards
+volumes:
+  prometheus_data:
+  grafana_data:

04-mosquitto/lab13/docker-compose.yml

@@ -0,0 +1,49 @@
+version: '3.8'
+
+services:
+
+  mosquitto-exporter:
+    image: sapcc/mosquitto-exporter:latest
+    container_name: mosquitto-exporter
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+    environment:
+      - "BROKER_ENDPOINT=tcp://host.docker.internal:1883"
+
+  node-exporter:
+    image: prom/node-exporter:latest
+    container_name: node-exporter
+    volumes:
+      - /proc:/host/proc:ro
+      - /sys:/host/sys:ro
+      - /:/rootfs:ro
+    command:
+      - '--path.procfs=/host/proc'
+      - '--path.rootfs=/rootfs'
+      - '--path.sysfs=/host/sys'
+      - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)'
+
+  prometheus:
+    image: prom/prometheus:latest
+    container_name: prometheus
+    volumes:
+      - ./prometheus.yaml:/etc/prometheus/prometheus.yml
+      - prometheus_data:/prometheus
+    ports:
+      - "9090:9090"
+
+  grafana:
+    image: grafana/grafana:latest
+    container_name: grafana
+    ports:
+      - "3000:3000"
+    environment:
+      - GF_SECURITY_ADMIN_USER=admin
+      - GF_SECURITY_ADMIN_PASSWORD=admin
+    volumes:
+      - grafana_data:/var/lib/grafana
+      - ./grafana/provisioning/datasources:/etc/grafana/provisioning/datasources
+      - ./grafana/provisioning/dashboards:/etc/grafana/provisioning/dashboards
+volumes:
+  prometheus_data:
+  grafana_data:

04-mosquitto/lab13/grafana/provisioning/dashboards/dashboards.yml

@@ -0,0 +1,14 @@
+apiVersion: 1
+
+providers:
+  - name: 'Default'
+    orgId: 1
+    folder: ''
+    type: file
+    disableDeletion: false
+    editable: true
+    options:
+      path: /etc/grafana/provisioning/dashboards
+      jsonData:
+        DS_PROMETHEUS: Prometheus
+        DS_LOCALHOST: Prometheus

04-mosquitto/lab13/grafana/provisioning/datasources/datasource.yml

@@ -0,0 +1,8 @@
+apiVersion: 1
+
+datasources:
+  - name: Prometheus
+    type: prometheus
+    access: proxy
+    url: http://prometheus:9090
+    isDefault: true

04-mosquitto/lab13/lab.txt

@@ -0,0 +1,18 @@
+= Monitoring Prometheus
+
+Verwenden Sie Prometheus und Grafana, z.B. aus dem beigefügten docker-compose Setup.
+
+$ docker compose up 
+
+(In docker bereits vorkonfiguriert:)
+Konfigurieren Sie den Prometheus-Exporter als Scrape Target in Prometheus.
+Installieren Sie die Dashboards: 1860, 11054, 22739
+
+scrape_configs:
+  - job_name: 'mosquitto'
+    static_configs:
+      - targets: ['mosquitto-exporter:9234']
+
+
+Rufen Sie Grafana über http://localhost:3000 auf.
+Sie können sich mittels "admin/admin" anmelden.

04-mosquitto/lab13/mosquitto.conf

@@ -0,0 +1,8 @@
+listener 1883
+listener_allow_anonymous true
+
+persistence true
+persistence_location /mosquitto/data/
+#log_dest file /mosquitto/log/mosquitto.log
+
+sys_interval 10

04-mosquitto/lab13/prometheus.yaml

@@ -0,0 +1,37 @@
+global:
+  scrape_interval: 15s
+
+scrape_configs:
+  - job_name: 'mosquitto'
+    static_configs:
+      - targets: ['mosquitto-exporter:9234']
+
+  - job_name: 'node-exporter'
+    static_configs:
+      - targets: ['node-exporter:9100']
+
+  - job_name: prometheus
+    honor_timestamps: true
+    track_timestamps_staleness: false
+    scrape_interval: 15s
+    scrape_timeout: 10s
+    scrape_protocols:
+    - OpenMetricsText1.0.0
+    - OpenMetricsText0.0.1
+    - PrometheusText1.0.0
+    - PrometheusText0.0.4
+    scrape_native_histograms: false
+    always_scrape_classic_histograms: false
+    convert_classic_histograms_to_nhcb: false
+    metrics_path: /metrics
+    scheme: http
+    enable_compression: true
+    metric_name_validation_scheme: utf8
+    metric_name_escaping_scheme: allow-utf-8
+    follow_redirects: true
+    enable_http2: true
+    static_configs:
+    - targets:
+      - localhost:9090
+      labels:
+        app: prometheus