1、docker容器启动emqx
docker run --name=emqx \
--hostname=1f5f7148afca \
--user=emqx \
--mac-address=02:42:ac:11:00:08 \
--volume=/mnt/yruasa/emqx/etc:/opt/emqx/etc \
--volume=/mnt/yruasa/emqx/data:/opt/emqx/data \
--volume=/mnt/yruasa/emqx/log:/opt/emqx/log \
--workdir=/opt/emqx \
--expose=11883 \
-p 18083:18083 \
-p 1883:1883 \
--expose=4370 \
--expose=5369 \
-p 8083:8083 \
-p 8084:8084 \
-p 8883:8883 \
--restart=always \
--runtime=runc \
--detach=true \
emqx/emqx:5.2.1 \
/opt/emqx/bin/emqx foreground2、emqx配置文件
node {
name = "emqx@127.0.0.1"
cookie = "emqxsecretcookie"
data_dir = "data"
}
cluster {
name = emqxcl
discovery_strategy = manual
}
dashboard {
listeners.http {
bind = 18083
}
}
以上是默认配置
以下是写入配置
listeners.ssl.default {
bind = 8883
max_connections = 512000
ssl_options {
cacertfile = "etc/certs/emqx_ca.pem"
certfile = "etc/certs/emqx_01.pem"
keyfile = "etc/certs/emqx_01.key"
versions = [tlsv1.3, tlsv1.2]
}
}3、证书的生成
openssl genrsa -out emqx_ca.key 2048
openssl req -x509 -new -nodes -key emqx_ca.key -sha256 -days 3650 -out emqx_ca.pem
openssl genrsa -out emqx_01.key 2048
新建openssl.cnf文件:
[req]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = CN
stateOrProvinceName = Zhejiang
localityName = Hangzhou
organizationName = EMQX
commonName = Server certificate
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = BROKER_ADDRESS 这里写IP地址,例如49.77.204.16
DNS.1 = BROKER_ADDRESS 这里写IP地址,例如49.77.204.16
以这个密钥和配置生成一个证书请求
openssl req -new -key ./emqx_01.key -config openssl.cnf -out emqx_01.csr
根据根证书签发emqx实体证书:
openssl x509 -req -in ./emqx_01.csr -CA emqx_ca.pem -CAkey emqx_ca.key -CAcreateserial -out emqx_01.pem -days 3650 -sha256 -extensions v3_req -extfile openssl.cnf
验证emqx证书是否正确
$ openssl verify -CAfile emqx_ca.pem emqx_01.pem
emqx.pem: OK
证书配置好了以后,重启emqx容器,docker logs -f观察日志,确认成功启动
Categories:
大数据运维