From e3524021ee8d5fc9a0eb10ea4637a07c355e0a8e Mon Sep 17 00:00:00 2001 From: Maaike Date: Wed, 23 Aug 2023 15:24:12 +0200 Subject: [PATCH 1/2] enable adding of mosquitto users --- docs/source/reference/configuration.rst | 31 +++++++++++++++++++++++++ wis2box-broker/entrypoint.sh | 11 ++++++--- 2 files changed, 39 insertions(+), 3 deletions(-) diff --git a/docs/source/reference/configuration.rst b/docs/source/reference/configuration.rst index 92bf1a5f..1abd20f9 100644 --- a/docs/source/reference/configuration.rst +++ b/docs/source/reference/configuration.rst @@ -132,6 +132,37 @@ Pub/Sub configuration provides connectivity information for the Pub/Sub broker. of expected observations per day. See :ref:`getting-started` for more information on system requirements. +Note that the ``WIS2BOX_BROKER_PUBLIC`` URL can be used to publish WIS2 notifications to an external broker. By default, the internal broker is used. + +Apart from the wis2box-internal-user defined by the ``WIS2BOX_BROKER_USERNAME`` and ``WIS2BOX_BROKER_PASSWORD`` environment variables, the wis2box-broker will also include the user 'everyone' with password 'everyone'. +The 'everyone'-user has read-only access to the origin/# topic and can be used to allow the WIS2 Global Broker to subscribe to the wis2box. + +To add additional users to the wis2box-broker, login to the mosquitto container with the following command: + +.. code-block:: bash + + docker exec -it mosquitto /bin/sh + +Then, to add a new user, use the following command: + +.. code-block:: bash + + mosquitto_passwd -b /mosquitto/config/password.txt + +To add or change access rights for mosquitto users, you can edit the file /mosquitto/config/acl.conf from inside the mosquitto container using 'vi': + +.. code-block:: bash + + vi /mosquitto/config/acl.conf + +See the mosquitto documentation for more information on the ACL configuration file. + +Restart the mosquitto container for the changes to take effect with the command: + +.. code-block:: bash + + docker restart mosquitto + Web application ^^^^^^^^^^^^^^^ diff --git a/wis2box-broker/entrypoint.sh b/wis2box-broker/entrypoint.sh index dee09a01..c8bf940d 100644 --- a/wis2box-broker/entrypoint.sh +++ b/wis2box-broker/entrypoint.sh @@ -7,14 +7,19 @@ if [ -f /tmp/wis2box.crt ]; then cp /tmp/wis2box.crt /mosquitto/certs cp /tmp/wis2box.key /mosquitto/certs chown -R mosquitto:mosquitto /mosquitto/certs - cp /mosquitto/config/mosquitto-ssl.conf /mosquitto/config/mosquitto.conf + cp -f /mosquitto/config/mosquitto-ssl.conf /mosquitto/config/mosquitto.conf else echo "SSL disabled" fi echo "Setting mosquitto authentication" -mosquitto_passwd -b -c /mosquitto/config/password.txt $WIS2BOX_BROKER_USERNAME $WIS2BOX_BROKER_PASSWORD -mosquitto_passwd -b /mosquitto/config/password.txt everyone everyone +if [ ! -e "/mosquitto/config/password.txt" ]; then + echo "Adding wis2box users to mosquitto password file" + mosquitto_passwd -b -c /mosquitto/config/password.txt $WIS2BOX_BROKER_USERNAME $WIS2BOX_BROKER_PASSWORD + mosquitto_passwd -b /mosquitto/config/password.txt everyone everyone +else + echo "Mosquitto password file already exists. Skipping wis2box user addition." +fi sed -i "s#_WIS2BOX_BROKER_QUEUE_MAX#$WIS2BOX_BROKER_QUEUE_MAX#" /mosquitto/config/mosquitto.conf sed -i "s#_WIS2BOX_BROKER_USERNAME#$WIS2BOX_BROKER_USERNAME#" /mosquitto/config/acl.conf From 1e3d1f807775f6426f7f08c32c73c4e46f8e6ee7 Mon Sep 17 00:00:00 2001 From: Tom Kralidis Date: Wed, 23 Aug 2023 10:21:00 -0400 Subject: [PATCH 2/2] Update configuration.rst --- docs/source/reference/configuration.rst | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/source/reference/configuration.rst b/docs/source/reference/configuration.rst index 1abd20f9..00ddb2a1 100644 --- a/docs/source/reference/configuration.rst +++ b/docs/source/reference/configuration.rst @@ -134,10 +134,11 @@ Pub/Sub configuration provides connectivity information for the Pub/Sub broker. Note that the ``WIS2BOX_BROKER_PUBLIC`` URL can be used to publish WIS2 notifications to an external broker. By default, the internal broker is used. -Apart from the wis2box-internal-user defined by the ``WIS2BOX_BROKER_USERNAME`` and ``WIS2BOX_BROKER_PASSWORD`` environment variables, the wis2box-broker will also include the user 'everyone' with password 'everyone'. -The 'everyone'-user has read-only access to the origin/# topic and can be used to allow the WIS2 Global Broker to subscribe to the wis2box. +Apart from the wis2box internal user defined by the ``WIS2BOX_BROKER_USERNAME`` and ``WIS2BOX_BROKER_PASSWORD`` environment variables, the wis2box broker will also include the user ``everyone`` with password ``everyone``. -To add additional users to the wis2box-broker, login to the mosquitto container with the following command: +The ``everyone`` user has **read-only** access to the ``origin/#`` topic and can be used to allow the WIS2 Global Broker to subscribe to the wis2box. + +To add additional users to the wis2box broker, login to the mosquitto container with the following command: .. code-block:: bash @@ -149,7 +150,7 @@ Then, to add a new user, use the following command: mosquitto_passwd -b /mosquitto/config/password.txt -To add or change access rights for mosquitto users, you can edit the file /mosquitto/config/acl.conf from inside the mosquitto container using 'vi': +To add or change access rights for mosquitto users, you can edit the file ``/mosquitto/config/acl.conf`` from inside the mosquitto container using the ``vi`` command: .. code-block:: bash