trainer/labs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add labs

Browse Source
This commit is contained in:
Thomas Kruse
2026-02-03 22:29:46 +01:00
commit 8fdf5827e4
156 changed files with 23069 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
04-mosquitto/lab05/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*.pem

8
04-mosquitto/lab05/config/acl.txt Normal file
View File

@ -0,0 +1,8 @@
topic readwrite freeforall
pattern readwrite users/%u/#
topic read announcements
user thomas
topic readwrite announcements

7
04-mosquitto/lab05/config/docker-compose.yml Normal file
View File

@ -0,0 +1,7 @@
services:
mosquitto:
image: eclipse-mosquitto
ports:
- "1883:1883"
volumes:
- ./:/mosquitto/config

10
04-mosquitto/lab05/config/mosquitto.conf Normal file
View File

@ -0,0 +1,10 @@
listener 1883
listener_allow_anonymous true
password_file /mosquitto/config/users.txt
acl_file /mosquitto/config/acl.txt
listener 8883
listener_allow_anonymous true
certfile /mosquitto/config/cert.pem
keyfile /mosquitto/config/key.pem

2
04-mosquitto/lab05/config/users.txt Normal file
View File

@ -0,0 +1,2 @@
thomas:$7$101$+0sf4wma3qzDFw6R$H+lLmGLzo1Ex5rXxZqWxuEFCV7bSsAehEwTJ6XULFberEhwug/EC8aSWtiI4xScYQ2u/0sZ3xCg0rTRaMb5ITg==
admin:$7$101$S9wXlrBPl3PFz+9y$l3/GP/FjklfQ2inTxBf4FfLvFR3r5yF6G6ZSRDFRwAklzltZ+xhUWM83PKQjxy2ZFYYmHxMoKs4q1+IMrXL6NA==

55
04-mosquitto/lab05/lab.txt Normal file
View File

@ -0,0 +1,55 @@
= Mosquitto mit custom TLS Zertifikat
Erstellen Sie ein self-signed (CA) Zertifikat.
$ openssl req -new -x509 -newkey rsa:4096 -nodes -keyout ca-key.pem -out ca-cert.pem \
-days 365 -subj "/CN=My-CA" -addext "basicConstraints=critical,CA:TRUE" \
-addext "keyUsage=critical,keyCertSign,cRLSign"
Signieren Sie damit ein selbst erstelltes Zertifikat für Mosquitto.
$ openssl genrsa -out key.pem 2048
$ openssl req -new -key key.pem -out request.pem -subj "/CN=localhost" \
-addext 'subjectAltName=DNS:localhost,IP:127.0.0.1' \
-addext "keyUsage=digitalSignature,keyEncipherment" \
-addext "extendedKeyUsage=serverAuth"
$ openssl x509 -req -days 365 -in request.pem -CA ca-cert.pem -CAkey ca-key.pem \
-set_serial 01 -out cert.pem -copy_extensions copyall
Konfigurieren Sie damit einen zusätzlichen Listener in Mosquitto (`certfile`, `keyfile`) Port 8883
listener 1883
listener_allow_anonymous true
password_file /mosquitto/config/users.txt
acl_file /mosquitto/config/acl.txt
listener 8883
listener_allow_anonymous true
certfile /mosquitto/config/cert.pem
keyfile /mosquitto/config/key.pem
Konfigurieren Sie das CA Zertifikat im Client und greifen per TLS auf Mosquitto zu.
$ docker run --rm -it --init --net host -v $PWD:/data eclipse-mosquitto \
mosquitto_pub --port 8883 -V 5 --qos 1 --topic freeforall --message "this is secure" \
--cafile /data/ca-cert.pem --debug
Was passiert, wenn das CA Zertifikat nicht angegeben wird?
$ docker run --rm -it --init --net host -v $PWD:/data eclipse-mosquitto \
mosquitto_pub --port 8883 -V 5 --qos 1 --topic freeforall --message "this is secure" \
--debug
Optional können Sie auch Username/Passwort Credentials ergänzen
$ docker run --rm -it --init --net host -v $PWD:/data eclipse-mosquitto \
mosquitto_pub --port 8883 -V 5 --qos 1 --topic announcements --message "all secure" \
--cafile /data/ca-cert.pem --username thomas -P geheim --debug