From faa56fbb3daa9c2bde6107d971ac85897713ff86 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 2 Dec 2020 22:43:42 +0000 Subject: [PATCH] Docker files for 2.0 --- docker/2.0-openssl/Dockerfile | 108 +++++++++++++++++++++++ docker/2.0-openssl/README.md | 49 +++++++++++ docker/2.0-openssl/docker-entrypoint.sh | 10 +++ docker/2.0/Dockerfile | 110 ++++++++++++++++++++++++ docker/2.0/README.md | 49 +++++++++++ docker/2.0/docker-entrypoint.sh | 10 +++ docker/README.md | 12 ++- 7 files changed, 344 insertions(+), 4 deletions(-) create mode 100644 docker/2.0-openssl/Dockerfile create mode 100644 docker/2.0-openssl/README.md create mode 100755 docker/2.0-openssl/docker-entrypoint.sh create mode 100644 docker/2.0/Dockerfile create mode 100644 docker/2.0/README.md create mode 100755 docker/2.0/docker-entrypoint.sh diff --git a/docker/2.0-openssl/Dockerfile b/docker/2.0-openssl/Dockerfile new file mode 100644 index 00000000..4e7dba8e --- /dev/null +++ b/docker/2.0-openssl/Dockerfile @@ -0,0 +1,108 @@ +FROM alpine:3.12 + +LABEL maintainer="Roger Light " \ + description="Eclipse Mosquitto MQTT Broker" + +ENV VERSION=2.0.0 \ + DOWNLOAD_SHA256=ab89ddba508131b82c274f5697b03e6a067ac89cc2af4ac59dc124ac135d95a4 \ + GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 \ + LWS_VERSION=2.4.2 \ + CJSON_VERSION=1.7.14 + +RUN set -x && \ + apk --no-cache add --virtual build-deps \ + build-base \ + cmake \ + gnupg \ + openssl-dev \ + util-linux-dev && \ + wget https://github.com/warmcat/libwebsockets/archive/v${LWS_VERSION}.tar.gz -O /tmp/lws.tar.gz && \ + mkdir -p /build/lws && \ + tar --strip=1 -xf /tmp/lws.tar.gz -C /build/lws && \ + rm /tmp/lws.tar.gz && \ + cd /build/lws && \ + cmake . \ + -DCMAKE_BUILD_TYPE=MinSizeRel \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DLWS_IPV6=ON \ + -DLWS_WITHOUT_BUILTIN_GETIFADDRS=ON \ + -DLWS_WITHOUT_CLIENT=ON \ + -DLWS_WITHOUT_EXTENSIONS=ON \ + -DLWS_WITHOUT_TESTAPPS=ON \ + -DLWS_WITH_SHARED=OFF \ + -DLWS_WITH_ZIP_FOPS=OFF \ + -DLWS_WITH_ZLIB=OFF && \ + make -j "$(nproc)" && \ + rm -rf /root/.cmake && \ + wget https://github.com/DaveGamble/cJSON/archive/v${CJSON_VERSION}.tar.gz -O /tmp/cjson.tar.gz && \ + mkdir -p /build/cjson && \ + tar --strip=1 -xf /tmp/cjson.tar.gz -C /build/cjson && \ + rm /tmp/cjson.tar.gz && \ + cd /build/cjson && \ + cmake . \ + -DCMAKE_BUILD_TYPE=MinSizeRel \ + -DBUILD_SHARED_AND_STATIC_LIBS=OFF \ + -DBUILD_SHARED_LIBS=OFF \ + -DCJSON_BUILD_SHARED_LIBS=OFF \ + -DCJSON_OVERRIDE_BUILD_SHARED_LIBS=OFF \ + -DCMAKE_INSTALL_PREFIX=/usr && \ + make -j "$(nproc)" && \ + rm -rf /root/.cmake && \ + wget https://mosquitto.org/files/tmp/mosquitto-${VERSION}.tar.gz -O /tmp/mosq.tar.gz && \ + echo "$DOWNLOAD_SHA256 /tmp/mosq.tar.gz" | sha256sum -c - && \ + wget https://mosquitto.org/files/tmp/mosquitto-${VERSION}.tar.gz.asc -O /tmp/mosq.tar.gz.asc && \ + export GNUPGHOME="$(mktemp -d)" && \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $GPG_KEYS from $server"; \ + gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ + gpg --batch --verify /tmp/mosq.tar.gz.asc /tmp/mosq.tar.gz && \ + gpgconf --kill all && \ + rm -rf "$GNUPGHOME" /tmp/mosq.tar.gz.asc && \ + mkdir -p /build/mosq && \ + tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \ + rm /tmp/mosq.tar.gz && \ + make -C /build/mosq -j "$(nproc)" \ + CFLAGS="-Wall -O2 -I/build/lws/include -I/build/cjson" \ + LDFLAGS="-L/build/lws/lib -L/build/cjson" \ + WITH_ADNS=no \ + WITH_DOCS=no \ + WITH_SHARED_LIBRARIES=yes \ + WITH_SRV=no \ + WITH_STRIP=yes \ + WITH_WEBSOCKETS=yes \ + prefix=/usr \ + binary && \ + addgroup -S -g 1883 mosquitto 2>/dev/null && \ + adduser -S -u 1883 -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \ + mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ + install -d /usr/sbin/ && \ + install -s -m755 /build/mosq/client/mosquitto_pub /usr/bin/mosquitto_pub && \ + install -s -m755 /build/mosq/client/mosquitto_rr /usr/bin/mosquitto_rr && \ + install -s -m755 /build/mosq/client/mosquitto_sub /usr/bin/mosquitto_sub && \ + install -s -m644 /build/mosq/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1 && \ + install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \ + install -s -m755 /build/mosq/apps/mosquitto_ctrl/mosquitto_ctrl /usr/bin/mosquitto_ctrl && \ + install -s -m755 /build/mosq/apps/mosquitto_passwd/mosquitto_passwd /usr/bin/mosquitto_passwd && \ + install -s -m755 /build/mosq/plugins/dynamic-security/mosquitto_dynamic_security.so /usr/lib/mosquitto_dynamic_security.so && \ + install -m644 /build/mosq/mosquitto.conf /mosquitto/config/mosquitto.conf && \ + chown -R mosquitto:mosquitto /mosquitto && \ + apk --no-cache add \ + ca-certificates && \ + apk del build-deps && \ + rm -rf /build + +VOLUME ["/mosquitto/data", "/mosquitto/log"] + +# Set up the entry point script and default command +COPY docker-entrypoint.sh / +EXPOSE 1883 +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/2.0-openssl/README.md b/docker/2.0-openssl/README.md new file mode 100644 index 00000000..8a54a86b --- /dev/null +++ b/docker/2.0-openssl/README.md @@ -0,0 +1,49 @@ +# Eclipse Mosquitto Docker Image +Containers built with this Dockerfile build as source from published tarballs. + +## Mount Points +A docker mount point has been created in the image to be used for configuration. +``` +/mosquitto/config +``` + +Two docker volumes have been created in the image to be used for persistent storage and logs. +``` +/mosquitto/data +/mosquitto/log +``` + +## User/Group + +The image runs mosquitto under the mosquitto user and group, which are created +with a uid and gid of 1883. + +## Configuration +When creating a container from the image, the default configuration values are used. +To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf` +``` +docker run -it -p 1883:1883 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: +``` + +:boom: if the mosquitto configuration (mosquitto.conf) was modified +to use non-default ports, the docker run command will need to be updated +to expose the ports that have been configured, for example: + +``` +docker run -it -p 1883:1883 -p 8080:8080 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: +``` + +Configuration can be changed to: + +* persist data to `/mosquitto/data` +* log to `/mosquitto/log/mosquitto.log` + +i.e. add the following to `mosquitto.conf`: +``` +persistence true +persistence_location /mosquitto/data/ + +log_dest file /mosquitto/log/mosquitto.log +``` + +**Note**: For any volume used, the data will be persistent between containers. diff --git a/docker/2.0-openssl/docker-entrypoint.sh b/docker/2.0-openssl/docker-entrypoint.sh new file mode 100755 index 00000000..583f67c9 --- /dev/null +++ b/docker/2.0-openssl/docker-entrypoint.sh @@ -0,0 +1,10 @@ +#!/bin/ash +set -e + +# Set permissions +user="$(id -u)" +if [ "$user" = '0' ]; then + [ -d "/mosquitto" ] && chown -R mosquitto:mosquitto /mosquitto || true +fi + +exec "$@" diff --git a/docker/2.0/Dockerfile b/docker/2.0/Dockerfile new file mode 100644 index 00000000..e78cbfa0 --- /dev/null +++ b/docker/2.0/Dockerfile @@ -0,0 +1,110 @@ +FROM alpine:3.12 + +LABEL maintainer="Roger Light " \ + description="Eclipse Mosquitto MQTT Broker" + +ENV VERSION=2.0.0 \ + DOWNLOAD_SHA256=ab89ddba508131b82c274f5697b03e6a067ac89cc2af4ac59dc124ac135d95a4 \ + GPG_KEYS=A0D6EEA1DCAE49A635A3B2F0779B22DFB3E717B7 \ + LWS_VERSION=2.4.2 \ + CJSON_VERSION=1.7.14 + +RUN set -x && \ + apk --no-cache add --virtual build-deps \ + build-base \ + cmake \ + gnupg \ + libressl-dev \ + util-linux-dev && \ + wget https://github.com/warmcat/libwebsockets/archive/v${LWS_VERSION}.tar.gz -O /tmp/lws.tar.gz && \ + mkdir -p /build/lws && \ + tar --strip=1 -xf /tmp/lws.tar.gz -C /build/lws && \ + rm /tmp/lws.tar.gz && \ + cd /build/lws && \ + cmake . \ + -DCMAKE_BUILD_TYPE=MinSizeRel \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DLWS_IPV6=ON \ + -DLWS_WITHOUT_BUILTIN_GETIFADDRS=ON \ + -DLWS_WITHOUT_CLIENT=ON \ + -DLWS_WITHOUT_EXTENSIONS=ON \ + -DLWS_WITHOUT_TESTAPPS=ON \ + -DLWS_WITH_SHARED=OFF \ + -DLWS_WITH_ZIP_FOPS=OFF \ + -DLWS_WITH_ZLIB=OFF && \ + make -j "$(nproc)" && \ + rm -rf /root/.cmake && \ + wget https://github.com/DaveGamble/cJSON/archive/v${CJSON_VERSION}.tar.gz -O /tmp/cjson.tar.gz && \ + mkdir -p /build/cjson && \ + tar --strip=1 -xf /tmp/cjson.tar.gz -C /build/cjson && \ + rm /tmp/cjson.tar.gz && \ + cd /build/cjson && \ + cmake . \ + -DCMAKE_BUILD_TYPE=MinSizeRel \ + -DBUILD_SHARED_AND_STATIC_LIBS=OFF \ + -DBUILD_SHARED_LIBS=OFF \ + -DCJSON_BUILD_SHARED_LIBS=OFF \ + -DCJSON_OVERRIDE_BUILD_SHARED_LIBS=OFF \ + -DCMAKE_INSTALL_PREFIX=/usr && \ + make -j "$(nproc)" && \ + rm -rf /root/.cmake && \ + wget https://mosquitto.org/files/tmp/mosquitto-${VERSION}.tar.gz -O /tmp/mosq.tar.gz && \ + echo "$DOWNLOAD_SHA256 /tmp/mosq.tar.gz" | sha256sum -c - && \ + wget https://mosquitto.org/files/tmp/mosquitto-${VERSION}.tar.gz.asc -O /tmp/mosq.tar.gz.asc && \ + export GNUPGHOME="$(mktemp -d)" && \ + found=''; \ + for server in \ + ha.pool.sks-keyservers.net \ + hkp://keyserver.ubuntu.com:80 \ + hkp://p80.pool.sks-keyservers.net:80 \ + pgp.mit.edu \ + ; do \ + echo "Fetching GPG key $GPG_KEYS from $server"; \ + gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$GPG_KEYS" && found=yes && break; \ + done; \ + test -z "$found" && echo >&2 "error: failed to fetch GPG key $GPG_KEYS" && exit 1; \ + gpg --batch --verify /tmp/mosq.tar.gz.asc /tmp/mosq.tar.gz && \ + gpgconf --kill all && \ + rm -rf "$GNUPGHOME" /tmp/mosq.tar.gz.asc && \ + mkdir -p /build/mosq && \ + tar --strip=1 -xf /tmp/mosq.tar.gz -C /build/mosq && \ + rm /tmp/mosq.tar.gz && \ + make -C /build/mosq -j "$(nproc)" \ + CFLAGS="-Wall -O2 -I/build/lws/include -I/build/cjson" \ + LDFLAGS="-L/build/lws/lib -L/build/cjson" \ + WITH_ADNS=no \ + WITH_DOCS=no \ + WITH_SHARED_LIBRARIES=yes \ + WITH_SRV=no \ + WITH_STRIP=yes \ + WITH_TLS_PSK=no \ + WITH_WEBSOCKETS=yes \ + prefix=/usr \ + binary && \ + addgroup -S -g 1883 mosquitto 2>/dev/null && \ + adduser -S -u 1883 -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto 2>/dev/null && \ + mkdir -p /mosquitto/config /mosquitto/data /mosquitto/log && \ + install -d /usr/sbin/ && \ + install -s -m755 /build/mosq/client/mosquitto_pub /usr/bin/mosquitto_pub && \ + install -s -m755 /build/mosq/client/mosquitto_rr /usr/bin/mosquitto_rr && \ + install -s -m755 /build/mosq/client/mosquitto_sub /usr/bin/mosquitto_sub && \ + install -s -m644 /build/mosq/lib/libmosquitto.so.1 /usr/lib/libmosquitto.so.1 && \ + install -s -m755 /build/mosq/src/mosquitto /usr/sbin/mosquitto && \ + install -s -m755 /build/mosq/apps/mosquitto_ctrl/mosquitto_ctrl /usr/bin/mosquitto_ctrl && \ + install -s -m755 /build/mosq/apps/mosquitto_passwd/mosquitto_passwd /usr/bin/mosquitto_passwd && \ + install -s -m755 /build/mosq/plugins/dynamic-security/mosquitto_dynamic_security.so /usr/lib/mosquitto_dynamic_security.so && \ + install -m644 /build/mosq/mosquitto.conf /mosquitto/config/mosquitto.conf && \ + chown -R mosquitto:mosquitto /mosquitto && \ + apk --no-cache add \ + ca-certificates \ + libressl && \ + apk del build-deps && \ + rm -rf /build + +VOLUME ["/mosquitto/data", "/mosquitto/log"] + +# Set up the entry point script and default command +COPY docker-entrypoint.sh / +EXPOSE 1883 +ENTRYPOINT ["/docker-entrypoint.sh"] +CMD ["/usr/sbin/mosquitto", "-c", "/mosquitto/config/mosquitto.conf"] diff --git a/docker/2.0/README.md b/docker/2.0/README.md new file mode 100644 index 00000000..8a54a86b --- /dev/null +++ b/docker/2.0/README.md @@ -0,0 +1,49 @@ +# Eclipse Mosquitto Docker Image +Containers built with this Dockerfile build as source from published tarballs. + +## Mount Points +A docker mount point has been created in the image to be used for configuration. +``` +/mosquitto/config +``` + +Two docker volumes have been created in the image to be used for persistent storage and logs. +``` +/mosquitto/data +/mosquitto/log +``` + +## User/Group + +The image runs mosquitto under the mosquitto user and group, which are created +with a uid and gid of 1883. + +## Configuration +When creating a container from the image, the default configuration values are used. +To use a custom configuration file, mount a **local** configuration file to `/mosquitto/config/mosquitto.conf` +``` +docker run -it -p 1883:1883 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: +``` + +:boom: if the mosquitto configuration (mosquitto.conf) was modified +to use non-default ports, the docker run command will need to be updated +to expose the ports that have been configured, for example: + +``` +docker run -it -p 1883:1883 -p 8080:8080 -v :/mosquitto/config/mosquitto.conf eclipse-mosquitto: +``` + +Configuration can be changed to: + +* persist data to `/mosquitto/data` +* log to `/mosquitto/log/mosquitto.log` + +i.e. add the following to `mosquitto.conf`: +``` +persistence true +persistence_location /mosquitto/data/ + +log_dest file /mosquitto/log/mosquitto.log +``` + +**Note**: For any volume used, the data will be persistent between containers. diff --git a/docker/2.0/docker-entrypoint.sh b/docker/2.0/docker-entrypoint.sh new file mode 100755 index 00000000..583f67c9 --- /dev/null +++ b/docker/2.0/docker-entrypoint.sh @@ -0,0 +1,10 @@ +#!/bin/ash +set -e + +# Set permissions +user="$(id -u)" +if [ "$user" = '0' ]; then + [ -d "/mosquitto" ] && chown -R mosquitto:mosquitto /mosquitto || true +fi + +exec "$@" diff --git a/docker/README.md b/docker/README.md index 0314c244..71bc3bae 100644 --- a/docker/README.md +++ b/docker/README.md @@ -2,10 +2,14 @@ This directory contains Docker files for Mosquitto. -The `1.6` directory contains the latest version of Mosquitto for -that series, and provide the basis of the official image. It uses libressl. The -`1.6-openssl` directory is identical except that it uses openssl instead of -libressl, and enables TLS-PSK support. +The `2.0` directory contains the latest version of Mosquitto for that +series, it uses libressl. The `2.0-openssl` directory is identical except that +it uses openssl instead of libressl, and enables TLS-PSK and TLS v1.3 cipher +support. + +The `1.6` directory contains the version of Mosquitto based on the 1.6 branch. +It uses libressl. The `1.6-openssl` directory is identical except that it uses +openssl instead of libressl, and enables TLS-PSK support. The `1.5` directory contains the version of Mosquitto based on the 1.5 branch. It uses libressl. The `1.5-openssl` directory is identical except that it uses