enable adding of mosquitto users

wmo-im · Aug 23, 2023 · e352402 · e352402
1 parent 12c638a
commit e352402
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 3 deletions.
diff --git a/docs/source/reference/configuration.rst b/docs/source/reference/configuration.rst
@@ -132,6 +132,37 @@ Pub/Sub configuration provides connectivity information for the Pub/Sub broker.
    of expected observations per day.  See :ref:`getting-started` for more information on system requirements.
 
 
+Note that the ``WIS2BOX_BROKER_PUBLIC`` URL can be used to publish WIS2 notifications to an external broker. By default, the internal broker is used.
+
+Apart from the wis2box-internal-user defined by the ``WIS2BOX_BROKER_USERNAME`` and ``WIS2BOX_BROKER_PASSWORD`` environment variables, the wis2box-broker will also include the user 'everyone' with password 'everyone'.
+The 'everyone'-user has read-only access to the origin/# topic and can be used to allow the WIS2 Global Broker to subscribe to the wis2box.
+
+To add additional users to the wis2box-broker, login to the mosquitto container with the following command:
+
+.. code-block:: bash
+
+    docker exec -it mosquitto /bin/sh
+
+Then, to add a new user, use the following command:
+
+.. code-block:: bash
+
+    mosquitto_passwd -b /mosquitto/config/password.txt <username> <password>
+
+To add or change access rights for mosquitto users, you can edit the file /mosquitto/config/acl.conf from inside the mosquitto container using 'vi':
+
+.. code-block:: bash
+
+    vi /mosquitto/config/acl.conf
+
+See the mosquitto documentation for more information on the ACL configuration file.
+
+Restart the mosquitto container for the changes to take effect with the command:
+
+.. code-block:: bash
+
+    docker restart mosquitto
+
 Web application
 ^^^^^^^^^^^^^^^
 

diff --git a/wis2box-broker/entrypoint.sh b/wis2box-broker/entrypoint.sh
@@ -7,14 +7,19 @@ if [ -f /tmp/wis2box.crt ]; then
     cp /tmp/wis2box.crt /mosquitto/certs
     cp /tmp/wis2box.key /mosquitto/certs
     chown -R mosquitto:mosquitto /mosquitto/certs
-    cp /mosquitto/config/mosquitto-ssl.conf /mosquitto/config/mosquitto.conf
+    cp -f /mosquitto/config/mosquitto-ssl.conf /mosquitto/config/mosquitto.conf
 else
     echo "SSL disabled"
 fi
 
 echo "Setting mosquitto authentication"
-mosquitto_passwd -b -c /mosquitto/config/password.txt $WIS2BOX_BROKER_USERNAME $WIS2BOX_BROKER_PASSWORD
-mosquitto_passwd -b /mosquitto/config/password.txt everyone everyone
+if [ ! -e "/mosquitto/config/password.txt" ]; then
+    echo "Adding wis2box users to mosquitto password file"
+    mosquitto_passwd -b -c /mosquitto/config/password.txt $WIS2BOX_BROKER_USERNAME $WIS2BOX_BROKER_PASSWORD
+    mosquitto_passwd -b /mosquitto/config/password.txt everyone everyone
+else
+    echo "Mosquitto password file already exists. Skipping wis2box user addition."
+fi
 
 sed -i "s#_WIS2BOX_BROKER_QUEUE_MAX#$WIS2BOX_BROKER_QUEUE_MAX#" /mosquitto/config/mosquitto.conf
 sed -i "s#_WIS2BOX_BROKER_USERNAME#$WIS2BOX_BROKER_USERNAME#" /mosquitto/config/acl.conf