版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/zhuyunier/article/details/86503664
一、配置
有关插件的配置文件均在目录emqttd/etc/plugins目录下:
也可以通过登录管理界面,通过plugins查看有哪些插件,并可以通过点击start开启相关插件服务。
二、讲解
1、ClientId 认证/鉴权插件
基于 MQTT 客户端 ID 认证
- 配置文件路径:etc/plugins/emq_auth_clientid.conf:
auth.client.$N.clientid = clientid
auth.client.$N.password = passwd
- 启用 emq_auth_clientid 插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_clientid
Start apps: [emq_auth_clientid]
Plugin emq_auth_clientid loaded successfully.
2、HTTP 插件认证
- etc/plugins/emq_auth_http.conf 配置 ‘super_req’, ‘auth_req’:
## Variables: %u = username, %c = clientid, %a = ipaddress, %P = password, %t = topic
auth.http.auth_req = http://127.0.0.1:8080/mqtt/auth
auth.http.auth_req.method = post
auth.http.auth_req.params = clientid=%c,username=%u,password=%P
auth.http.super_req = http://127.0.0.1:8080/mqtt/superuser
auth.http.super_req.method = post
auth.http.super_req.params = clientid=%c,username=%u
auth.http.acl_req = http://127.0.0.1:8080/mqtt/acl
auth.http.acl_req.method = get
auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t
- 启用 emq_auth_http 插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_http
Start apps: [emq_auth_http]
Plugin emq_auth_http loaded successfully.
3、JWT插件认证
- etc/plugins/emq_auth_jwt.conf 配置 JWT 参数:
auth.jwt.secret = emqsecret
## auth.jwt.pubkey = etc/certs/jwt_public_key.pem
- 启用 JWT认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_jwt
Start apps: [emq_auth_jwt]
Plugin emq_auth_jwt loaded successfully.
4、LDAP 插件认证
- etc/plugins/emq_auth_ldap.conf 配置 LDAP 参数:
auth.ldap.servers = 127.0.0.1
auth.ldap.port = 389
auth.ldap.bind_dn = cn=root,dc=emqtt,dc=com
auth.ldap.bind_password = public
auth.ldap.timeout = 30
auth.ldap.auth_dn = cn=%u,ou=auth,dc=emqtt,dc=com
auth.ldap.password_hash = sha256
auth.ldap.ssl = false
- 启用 LDAP 认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_ldap
5、MongoDB 插件认证
- etc/plugins/emq_auth_mongo.conf 设置 ‘super_query’、’auth_query’:
## Mongo Server
auth.mongo.server = 127.0.0.1:27017
## Mongo Pool Size
auth.mongo.pool = 8
## Mongo User
## auth.mongo.user =
## Mongo Password
## auth.mongo.password =
## Mongo Database
auth.mongo.database = mqtt
## auth_query
auth.mongo.auth_query.collection = mqtt_user
auth.mongo.auth_query.password_field = password
auth.mongo.auth_query.password_hash = sha256
auth.mongo.auth_query.selector = username=%u
## super_query
auth.mongo.super_query.collection = mqtt_user
auth.mongo.super_query.super_field = is_superuser
auth.mongo.super_query.selector = username=%u
- 启用 MongoDB 认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_mongo
Start apps: [emq_auth_mongo]
Plugin emq_auth_mongo loaded successfully.
6、MySQL 插件认证
- 通过 MySQL 数据库表认证,可创建如下的 ‘mqtt_user’ 表:
CREATE TABLE `mqtt_user` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`username` varchar(100) DEFAULT NULL,
`password` varchar(100) DEFAULT NULL,
`salt` varchar(20) DEFAULT NULL,
`is_superuser` tinyint(1) DEFAULT 0,
`created` datetime DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `mqtt_username` (`username`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
- etc/plugins/emq_auth_mysql.conf 配置 ‘super_query’, ‘auth_query’, ‘password_hash’:
## Mysql Server
auth.mysql.server = 127.0.0.1:3306
## Mysql Pool Size
auth.mysql.pool = 8
## Mysql Username
## auth.mysql.username =
## Mysql Password
## auth.mysql.password =
## Mysql Database
auth.mysql.database = mqtt
## Variables: %u = username, %c = clientid
## Authentication Query: select password only
auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
## Password hash: plain, md5, sha, sha256, pbkdf2
auth.mysql.password_hash = sha256
## %% Superuser Query
auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
- 启用 MySQL 认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_mysql
7、Postgre 插件认证
- 通过 PostgreSQL 数据库表认证,可创建如下的 ‘mqtt_user’ 表:
CREATE TABLE mqtt_user (
id SERIAL primary key,
is_superuser boolean,
username character varying(100),
password character varying(100),
salt character varying(40)
);
- etc/plugins/emq_auth_pgsql.conf 配置 ‘auth_query’、’password_hash’:
## Postgre Server
auth.pgsql.server = 127.0.0.1:5432
auth.pgsql.pool = 8
auth.pgsql.username = root
#auth.pgsql.password =
auth.pgsql.database = mqtt
auth.pgsql.encoding = utf8
auth.pgsql.ssl = false
## Variables: %u = username, %c = clientid, %a = ipaddress
## Authentication Query: select password only
auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1
## Password hash: plain, md5, sha, sha256, pbkdf2
auth.pgsql.password_hash = sha256
## sha256 with salt prefix
## auth.pgsql.password_hash = salt sha256
## sha256 with salt suffix
## auth.pgsql.password_hash = sha256 salt
## Superuser Query
auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
- 启用 Postgre 认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_pgsql
8、Redis 插件认证
- MQTT 用户记录存储在 Redis Hash, 键值: “mqtt_user:”,Redis Hash 存储一个 MQTT 客户端的访问控制规则:
HSET mqtt_acl:<username> topic1 1
HSET mqtt_acl:<username> topic2 2
HSET mqtt_acl:<username> topic3 3
- etc/plugins/emq_auth_redis.conf 配置 ‘acl_cmd’ 与 ‘acl_nomatch’:
## ACL Query Command
auth.redis.acl_cmd = HGETALL mqtt_acl:%u
- 启用 Redis 认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_redis
9、用户名密码认证
- 基于 MQTT 登录用户名(username)、密码(password)认证。
- etc/plugins/emq_auth_username.conf 中配置默认用户:
auth.user.$N.username = admin
auth.user.$N.password = public
- 启用 emq_auth_username 插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_username
Start apps: [emq_auth_username]
Plugin emq_auth_username loaded successfully.
- 使用 ./emqttd_ctl users 命令添加用户:
$ ./emqttd_ctl users add <Username> <Password>
10、CoAP插件认证
- etc/plugins/emq_coap.conf 配置 CoAP参数:
coap.port = 5683
coap.keepalive = 120s
coap.enable_stats = off
coap.keyfile = etc/certs/key.pem
coap.certfile = etc/certs/cert.pem
- 启用 CoAP认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_coap
Start apps: [gen_coap,emq_coap]
Plugin emq_coap loaded successfully.
11、Dashboard插件认证
- etc/plugins/emq_dashboard.conf 配置 Dashboard参数:
dashboard.default_user.login = admin
dashboard.default_user.password = public
dashboard.listener.http = 18083
dashboard.listener.http.acceptors = 4
dashboard.listener.http.max_clients = 512
dashboard.listener.http.access.1 = allow all
- 启用 Dashboard认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_dashboard
12、lua_hook插件认证
- etc/plugins/emq_lua_hook.conf配置 lua_hook参数:
- 启用 lua_hook认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_lua_hook
13、modules插件认证
- etc/plugins/emq_modules.conf配置 modules参数:
module.presence = on
module.presence.qos = 1
module.subscription = off
module.rewrite = off
- 启用 modules认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_modules
14、plugin_template认证
- etc/plugins/emq_plugin_template.config配置 plugin_template参数:
- 启用 plugin_template认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_plugin_template
15、Recon插件认证
- etc/plugins/emq_recon.conf 配置 Recon参数:
recon.gc_interval = 5m
- 启用 Recon认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_recon
16、Reloader插件认证
- etc/plugins/emq_reloader.conf配置 Reloader参数:
reloader.interval = 60s
reloader.logfile = reloader.log
- 启用 Reloader认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_reloader
17、Retainer插件认证
- etc/plugins/emq_retainer.conf 配置 Retainer参数:
retainer.storage_type = ram
retainer.max_message_num = 1000000
retainer.max_payload_size = 64KB
retainer.expiry_interval = 0
- 启用 Retainer认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_retainer
18、EMQ-SN网关插件认证
- etc/plugins/emq_sn.conf 配置 EMQ-SN参数:
mqtt.sn.port = 1884
mqtt.sn.advertise_duration = 900
mqtt.sn.gateway_id = 1
mqtt.sn.enable_stats = off
mqtt.sn.enable_qos3 = off
mqtt.sn.predefined.topic.0 = reserved
mqtt.sn.predefined.topic.1 = /predefined/topic/name/hello
mqtt.sn.predefined.topic.2 = /predefined/topic/name/nice
mqtt.sn.username = mqtt_sn_user
mqtt.sn.password = abc
- 启用 EMQ-SN认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_sn
19、Stomp插件认证
- etc/plugins/emq_stomp.conf 配置 Stomp参数:
stomp.listener = 61613
stomp.listener.acceptors = 4
stomp.listener.max_clients = 512
## stomp.listener.ssl = off
## stomp.listener.keyfile = etc/certs/key.pem
## stomp.listener.certfile = etc/certs/cert.pem
## stomp.listener.cacertfile = etc/certs/cacert.pem
## stomp.listener.dhfile = etc/certs/dh-params.pem
## stomp.listener.verify = verify_peer
## stomp.listener.fail_if_no_peer_cert = true
## stomp.listener.tls_versions = tlsv1.2,tlsv1.1,tlsv1
## stomp.listener.handshake_timeout = 15s
## stomp.listener.secure_renegotiate = off
## stomp.listener.reuse_sessions = on
## stomp.listener.honor_cipher_order = on
stomp.default_user.login = guest
stomp.default_user.passcode = guest
stomp.allow_anonymous = true
stomp.frame.max_headers = 10
stomp.frame.max_header_length = 1024
stomp.frame.max_body_length = 8192
- 启用 Stomp认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_stomp
20、EMQ Web Hook插件认证
- etc/plugins/emq_web_hook.conf配置 EMQ Web Hook参数:
web.hook.api.url = http://127.0.0.1
## The WebHook Rules.
web.hook.rule.client.connected.1 = {"action": "on_client_connected"}
web.hook.rule.client.disconnected.1 = {"action": "on_client_disconnected"}
web.hook.rule.client.subscribe.1 = {"action": "on_client_subscribe"}
web.hook.rule.client.unsubscribe.1 = {"action": "on_client_unsubscribe"}
web.hook.rule.session.created.1 = {"action": "on_session_created"}
web.hook.rule.session.subscribed.1 = {"action": "on_session_subscribed"}
web.hook.rule.session.unsubscribed.1 = {"action": "on_session_unsubscribed"}
web.hook.rule.session.terminated.1 = {"action": "on_session_terminated"}
web.hook.rule.message.publish.1 = {"action": "on_message_publish"}
web.hook.rule.message.delivered.1 = {"action": "on_message_delivered"}
web.hook.rule.message.acked.1 = {"action": "on_message_acked"}
- 启用 EMQ Web Hook认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_web_hook