diff --git a/docs/source/reference/configuration.rst b/docs/source/reference/configuration.rst index 92bf1a5f..1abd20f9 100644 --- a/docs/source/reference/configuration.rst +++ b/docs/source/reference/configuration.rst @@ -132,6 +132,37 @@ Pub/Sub configuration provides connectivity information for the Pub/Sub broker. of expected observations per day. See :ref:`getting-started` for more information on system requirements. +Note that the ``WIS2BOX_BROKER_PUBLIC`` URL can be used to publish WIS2 notifications to an external broker. By default, the internal broker is used. + +Apart from the wis2box-internal-user defined by the ``WIS2BOX_BROKER_USERNAME`` and ``WIS2BOX_BROKER_PASSWORD`` environment variables, the wis2box-broker will also include the user 'everyone' with password 'everyone'. +The 'everyone'-user has read-only access to the origin/# topic and can be used to allow the WIS2 Global Broker to subscribe to the wis2box. + +To add additional users to the wis2box-broker, login to the mosquitto container with the following command: + +.. code-block:: bash + + docker exec -it mosquitto /bin/sh + +Then, to add a new user, use the following command: + +.. code-block:: bash + + mosquitto_passwd -b /mosquitto/config/password.txt + +To add or change access rights for mosquitto users, you can edit the file /mosquitto/config/acl.conf from inside the mosquitto container using 'vi': + +.. code-block:: bash + + vi /mosquitto/config/acl.conf + +See the mosquitto documentation for more information on the ACL configuration file. + +Restart the mosquitto container for the changes to take effect with the command: + +.. code-block:: bash + + docker restart mosquitto + Web application ^^^^^^^^^^^^^^^ diff --git a/wis2box-broker/entrypoint.sh b/wis2box-broker/entrypoint.sh index dee09a01..c8bf940d 100644 --- a/wis2box-broker/entrypoint.sh +++ b/wis2box-broker/entrypoint.sh @@ -7,14 +7,19 @@ if [ -f /tmp/wis2box.crt ]; then cp /tmp/wis2box.crt /mosquitto/certs cp /tmp/wis2box.key /mosquitto/certs chown -R mosquitto:mosquitto /mosquitto/certs - cp /mosquitto/config/mosquitto-ssl.conf /mosquitto/config/mosquitto.conf + cp -f /mosquitto/config/mosquitto-ssl.conf /mosquitto/config/mosquitto.conf else echo "SSL disabled" fi echo "Setting mosquitto authentication" -mosquitto_passwd -b -c /mosquitto/config/password.txt $WIS2BOX_BROKER_USERNAME $WIS2BOX_BROKER_PASSWORD -mosquitto_passwd -b /mosquitto/config/password.txt everyone everyone +if [ ! -e "/mosquitto/config/password.txt" ]; then + echo "Adding wis2box users to mosquitto password file" + mosquitto_passwd -b -c /mosquitto/config/password.txt $WIS2BOX_BROKER_USERNAME $WIS2BOX_BROKER_PASSWORD + mosquitto_passwd -b /mosquitto/config/password.txt everyone everyone +else + echo "Mosquitto password file already exists. Skipping wis2box user addition." +fi sed -i "s#_WIS2BOX_BROKER_QUEUE_MAX#$WIS2BOX_BROKER_QUEUE_MAX#" /mosquitto/config/mosquitto.conf sed -i "s#_WIS2BOX_BROKER_USERNAME#$WIS2BOX_BROKER_USERNAME#" /mosquitto/config/acl.conf