EMQ Millions mqtt messaging Service (TLS Docker Golang)

This is a creation in Article, where the information may have evolved or changed.

Attached:

It's a kitty. Blog: w-blog.cn

EMQ Official Address: http://emqtt.com/

EMQ Chinese Document: http://emqtt.com/docs/v2/guide.html

1.TLS Certificate Validation

For security purposes. We often use HTTPS to ensure that requests are not tampered with, as MQTT uses TLS encryption to ensure transport security

EMQ The TLS encrypted port that is used by default is Port 8883, and the default certificate is etc/certs in the EMQ directory:

The corresponding configuration file in emq.conf, you can modify your port and configuration file path

listener.ssl.external = 8883listener.ssl.external.keyfile = etc/certs/key.pemlistener.ssl.external.certfile = etc/certs/cert.pem

PS: Note that you need to make this change from the previous link prefix when linking tcp://-ssl://

2. Deploying EMQ with Docker

Using Docker to deploy EMQ is a convenient version upgrade, port management and single node multi-EMQ, and so on, for performance is basically no additional overhead

However, the official does not provide for the direct use of the Docker image, but the provision of git can pack their own and compress the package, the author because of the use of the public to make the following (2.3.5 to the previous version will be in maintenance):

registry.cn-hangzhou.aliyuncs.com/sunmi-base/sunmi-emq:2.3.5registry.cn-hangzhou.aliyuncs.com/sunmi-base/sunmi-emq:2.3.6registry.cn-hangzhou.aliyuncs.com/sunmi-base/sunmi-emq:2.3.7

Of course, the more important point is about the configuration, EMQ provides a way to influence the configuration file through the environment variables, you can refer to the Daocker-composer and kubernetes of the orchestration file, through the environment variable configuration file modification, The orchestration is configured with MySQL authentication and custom authentication statements and the default enable MySQL authentication plugin

version: '2'services:  emq:    image: 'registry.cn-hangzhou.aliyuncs.com/sunmi-base/sunmi-emq:2.3.7'    ports:      - '31883:1883'      - '31083:18083'      - '38883:8883'    environment:      - EMQ_MQTT__ALLOW_ANONYMOUS=false      - EMQ_AUTH__MYSQL__USERNAME=emq      - EMQ_AUTH__MYSQL__PASSWORD=Emq666      - EMQ_AUTH__MYSQL__DATABASE=emq      - "EMQ_AUTH__MYSQL__SERVER=xxxxxx:3306"      - "EMQ_AUTH__MYSQL__AUTH_QUERY=select password from mqtt_user where username = '%u' limit 1"      - "EMQ_AUTH__MYSQL__SUPER_QUERY=select is_superuser from mqtt_user where username = '%u' limit 1"      - "EMQ_AUTH__MYSQL__ACL_QUERY=select allow, ipaddr, username, clientid, access, REPLACE(topic,'$user','%u') from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'"      - "EMQ_LOADED_PLUGINS=emq_auth_mysql,emq_recon,emq_modules,emq_retainer,emq_dashboard"    restart: always

The following is the k8s orchestration file:

APIVERSION:EXTENSIONS/V1BETA1 # k8s corresponds to the API version Kind:deployment # corresponding to the type Metada Ta:name:emq-deployment labels:name:emq-deploymentspec:replicas:1 # Number of mirrored replicas T Emplate:metadata:labels: # The label of the container can be associated with the service APP:EMQ Spec:con Tainers:-Name:emq # container name and Mirror image:registry.cn-hangzhou.aliyuncs.com/sunmi-base/s unmi-emq:2.3.6 imagepullpolicy:always env: # environment variable-NAME:EMQ          _mqtt__allow_anonymous value: "False"-Name:emq_auth__mysql__username value: "EMQ" -Name:emq_auth__mysql__password Value: "Emq666"-name:emq_auth__mysql__database Valu E: "EMQ"-name:emq_auth__mysql__server Value: "xxxxxx:3306"-name:emq_auth__mysql__auth_q Uery Value: "Select password from mqtt_user where username = '%u ' limit 1 "-Name:emq_auth__mysql__super_query Val            UE: "Select Is_superuser from mqtt_user where username = '%u ' limit 1"-name:emq_auth__mysql__acl_query Value: "Select Allow, IPAddr, username, ClientID, Access, REPLACE (topic, ' $user ', '%u ') from mqtt_acl where ipaddr = '%a ' or username = '%u ' or username = ' $all ' or ClientID = '%c ' "-name:emq_loaded_plugins value:" Emq_a Uth_mysql,emq_recon,emq_modules,emq_retainer,emq_dashboard "---apiVersion:v1kind:Servicemetadata:name:                                  Emq-service # Name Labels:name:emq-servicespec:type:nodeport # Development Port Type selector: # Service Payload container needs to have the same labels APP:EMQ ports:-NAME:EMQ                              -service-1883-30111 port:1883 # Ports accessed through the service targetport:1883 # Port of the corresponding container nodeport:30111-name:emq-service-8883-30112 port:8883 # Ports accessed through the service targetport:8883                                    # Port of the corresponding container nodeport:30112-name:emq-service-18083-30113 port:18083 # port targetport:18083 # corresponding to the port of the container accessed through the service nodeport:30113

PS: Need to do TCP link optimization on the host

3.GOALNG Client

I use the Gobot library based on the Https://github.com/eclipse/paho.mqtt.golang PAHO system library, examples are as follows:

package mainimport (  "gobot.io/x/gobot"  "gobot.io/x/gobot/platforms/mqtt"  "fmt"  "time")func main() {  mqttAdaptor := mqtt.NewAdaptor("tcp://0.0.0.0:1883", "pinger")  work := func() {    mqttAdaptor.On("hello", func(msg mqtt.Message) {      fmt.Println(msg)    })    mqttAdaptor.On("hola", func(msg mqtt.Message) {      fmt.Println(msg)    })    data := []byte("o")    gobot.Every(1*time.Second, func() {      mqttAdaptor.Publish("hello", data)    })    gobot.Every(5*time.Second, func() {      mqttAdaptor.Publish("hola", data)    })  }  robot := gobot.NewRobot("mqttBot",    []gobot.Connection{mqttAdaptor},    work,  )  robot.Start()}

Using Mqttadaptor.publish can send messages Mqttadaptor.on can subscribe to messages, if there is user authentication can use the following way:

mqttAdaptor = mqtt.NewAdaptorWithAuth("EMQ.host","EMQ.clientID","EMQ.userName","EMQ.passWordActive",)

Disconnection can also be configured to automatically re-connect the connection rules (default is not turned on, as the server is strongly recommended to open)

mqttAdaptor.SetAutoReconnect(true)

and message cleanup mechanism (default disconnect cleanup message)

mqttAdaptor.SetCleanSession(false)

You can also specify a connection using TLS certificates

mqttAdaptor.SetUseSSL(true)# 下面可以指定证书(如果EMQ使用了标准的CA证书下面就不用配置了)mqttAdaptor.SetClientKey(`/client/client-key.pem`)mqttAdaptor.SetClientCert(`/client/client-cert.pem`)

4. Summary

There are a lot of details to keep in mind during the EMQ and Mqtt use, and attention to detail to go further

Note: The author has limited ability to say the wrong place hope that we can point out, but also hope to communicate!