emqttd学习教程(三):emqttd插件详解

一、配置

有关插件的配置文件均在目录emqttd/etc/plugins目录下:
在这里插入图片描述也可以通过登录管理界面,通过plugins查看有哪些插件,并可以通过点击start开启相关插件服务。
在这里插入图片描述

二、讲解

1、ClientId 认证/鉴权插件
基于 MQTT 客户端 ID 认证

  • 配置文件路径:etc/plugins/emq_auth_clientid.conf:
auth.client.$N.clientid = clientid
auth.client.$N.password = passwd
  • 启用 emq_auth_clientid 插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_clientid
Start apps: [emq_auth_clientid]
Plugin emq_auth_clientid loaded successfully.
  •  

2、HTTP 插件认证

  • etc/plugins/emq_auth_http.conf 配置 ‘super_req’, ‘auth_req’:
## Variables: %u = username, %c = clientid, %a = ipaddress, %P = password, %t = topic
auth.http.auth_req = http://127.0.0.1:8080/mqtt/auth
auth.http.auth_req.method = post
auth.http.auth_req.params = clientid=%c,username=%u,password=%P
auth.http.super_req = http://127.0.0.1:8080/mqtt/superuser
auth.http.super_req.method = post
auth.http.super_req.params = clientid=%c,username=%u
auth.http.acl_req = http://127.0.0.1:8080/mqtt/acl
auth.http.acl_req.method = get
auth.http.acl_req.params = access=%A,username=%u,clientid=%c,ipaddr=%a,topic=%t
  • 启用 emq_auth_http 插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_http
Start apps: [emq_auth_http]
Plugin emq_auth_http loaded successfully.
  •  

3、JWT插件认证

  • etc/plugins/emq_auth_jwt.conf 配置 JWT 参数:
auth.jwt.secret = emqsecret
## auth.jwt.pubkey = etc/certs/jwt_public_key.pem
  • 启用 JWT认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_jwt
Start apps: [emq_auth_jwt]
Plugin emq_auth_jwt loaded successfully.
  •  

4、LDAP 插件认证

  • etc/plugins/emq_auth_ldap.conf 配置 LDAP 参数:
auth.ldap.servers = 127.0.0.1
auth.ldap.port = 389
auth.ldap.bind_dn = cn=root,dc=emqtt,dc=com
auth.ldap.bind_password = public
auth.ldap.timeout = 30
auth.ldap.auth_dn = cn=%u,ou=auth,dc=emqtt,dc=com
auth.ldap.password_hash = sha256
auth.ldap.ssl = false
  •  
  • 启用 LDAP 认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_ldap
  •  

5、MongoDB 插件认证

  • etc/plugins/emq_auth_mongo.conf 设置 ‘super_query’、’auth_query’:
## Mongo Server
auth.mongo.server = 127.0.0.1:27017

## Mongo Pool Size
auth.mongo.pool = 8

## Mongo User
## auth.mongo.user =

## Mongo Password
## auth.mongo.password =

## Mongo Database
auth.mongo.database = mqtt

## auth_query
auth.mongo.auth_query.collection = mqtt_user

auth.mongo.auth_query.password_field = password

auth.mongo.auth_query.password_hash = sha256

auth.mongo.auth_query.selector = username=%u

## super_query
auth.mongo.super_query.collection = mqtt_user

auth.mongo.super_query.super_field = is_superuser

auth.mongo.super_query.selector = username=%u
  • 启用 MongoDB 认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_mongo
Start apps: [emq_auth_mongo]
Plugin emq_auth_mongo loaded successfully.
  •  

6、MySQL 插件认证

  • 通过 MySQL 数据库表认证,可创建如下的 ‘mqtt_user’ 表:
CREATE TABLE `mqtt_user` (
  `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
  `username` varchar(100) DEFAULT NULL,
  `password` varchar(100) DEFAULT NULL,
  `salt` varchar(20) DEFAULT NULL,
  `is_superuser` tinyint(1) DEFAULT 0,
  `created` datetime DEFAULT NULL,
  PRIMARY KEY (`id`),
  UNIQUE KEY `mqtt_username` (`username`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
  •  
  • etc/plugins/emq_auth_mysql.conf 配置 ‘super_query’, ‘auth_query’, ‘password_hash’:
## Mysql Server
auth.mysql.server = 127.0.0.1:3306

## Mysql Pool Size
auth.mysql.pool = 8

## Mysql Username
## auth.mysql.username =

## Mysql Password
## auth.mysql.password =

## Mysql Database
auth.mysql.database = mqtt

## Variables: %u = username, %c = clientid

## Authentication Query: select password only
auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1

## Password hash: plain, md5, sha, sha256, pbkdf2
auth.mysql.password_hash = sha256

## %% Superuser Query
auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
  •  
  • 启用 MySQL 认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_mysql
  • 1

7、Postgre 插件认证

  • 通过 PostgreSQL 数据库表认证,可创建如下的 ‘mqtt_user’ 表:
CREATE TABLE mqtt_user (
  id SERIAL primary key,
  is_superuser boolean,
  username character varying(100),
  password character varying(100),
  salt character varying(40)
);
  •  
  • etc/plugins/emq_auth_pgsql.conf 配置 ‘auth_query’、’password_hash’:
## Postgre Server
auth.pgsql.server = 127.0.0.1:5432

auth.pgsql.pool = 8

auth.pgsql.username = root

#auth.pgsql.password =

auth.pgsql.database = mqtt

auth.pgsql.encoding = utf8

auth.pgsql.ssl = false

## Variables: %u = username, %c = clientid, %a = ipaddress

## Authentication Query: select password only
auth.pgsql.auth_query = select password from mqtt_user where username = '%u' limit 1

## Password hash: plain, md5, sha, sha256, pbkdf2
auth.pgsql.password_hash = sha256

## sha256 with salt prefix
## auth.pgsql.password_hash = salt sha256

## sha256 with salt suffix
## auth.pgsql.password_hash = sha256 salt

## Superuser Query
auth.pgsql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
  •  
  • 启用 Postgre 认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_pgsql
  • 1

8、Redis 插件认证

  • MQTT 用户记录存储在 Redis Hash, 键值: “mqtt_user:”,Redis Hash 存储一个 MQTT 客户端的访问控制规则:
HSET mqtt_acl:<username> topic1 1
HSET mqtt_acl:<username> topic2 2
HSET mqtt_acl:<username> topic3 3
  • etc/plugins/emq_auth_redis.conf 配置 ‘acl_cmd’ 与 ‘acl_nomatch’:
## ACL Query Command
auth.redis.acl_cmd = HGETALL mqtt_acl:%u
  • 启用 Redis 认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_redis
  •  

9、用户名密码认证

  • 基于 MQTT 登录用户名(username)、密码(password)认证。
  • etc/plugins/emq_auth_username.conf 中配置默认用户:
auth.user.$N.username = admin
auth.user.$N.password = public
  • 启用 emq_auth_username 插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_auth_username
Start apps: [emq_auth_username]
Plugin emq_auth_username loaded successfully.
  • 使用 ./emqttd_ctl users 命令添加用户:
$ ./emqttd_ctl users add <Username> <Password>
  •  

10、CoAP插件认证

  • etc/plugins/emq_coap.conf 配置 CoAP参数:
coap.port = 5683

coap.keepalive = 120s

coap.enable_stats = off

coap.keyfile = etc/certs/key.pem

coap.certfile = etc/certs/cert.pem
  • 启用 CoAP认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_coap
Start apps: [gen_coap,emq_coap]
Plugin emq_coap loaded successfully.
  •  

11、Dashboard插件认证

  • EMQ 消息服务器的 Web 管理控制台,EMQ 消息服务器默认加载 Dashboard 插件,Dashboard 插件可查询 EMQ 消息服务器基本信息、统计数据、度量数据,查询系统客户端(Client)、会话(Session)、主题(Topic)、订阅(Subscription)。
  • etc/plugins/emq_dashboard.conf 配置 Dashboard参数:
dashboard.default_user.login = admin

dashboard.default_user.password = public

dashboard.listener.http = 18083

dashboard.listener.http.acceptors = 4

dashboard.listener.http.max_clients = 512

dashboard.listener.http.access.1 = allow all
  • 1启用 Dashboard认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_dashboard
  •  

12、Lua Hook插件认证

  • 支持Lua脚本注册EMQ扩展钩子来开发插件。
  • etc/plugins/emq_lua_hook.conf配置 Lua Hook参数:
  • 启用Lua Hook认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_lua_hook
  •  

13、modules扩展模块插件认证

  • Modules 插件默认加载。
  • 版本将全部扩展模块项目(emq_mod_presence, emq_mod_subscription, emq_mod_rewrite)合并为一个 emq_modules 项目。
  • etc/plugins/emq_modules.conf配置 modules参数:
module.presence = on

module.presence.qos = 1

module.subscription = off

module.rewrite = off
  • 启用 modules认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_modules
  •  

14、plugin_template插件开发模版认证

  • emq_plugin_template 是模版插件
  • etc/plugins/emq_plugin_template.config配置 plugin_template参数:
  • 启用 plugin_template认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_plugin_template
  •  

15、Recon插件认证

  • emq_recon 插件集成 recon 性能调测库。
  • etc/plugins/emq_recon.conf 配置 Recon参数:
recon.gc_interval = 5m
  • 启用 Recon认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_recon
  •  

16、Reloader插件认证

  • 用于开发调试的代码热升级插件。加载该插件后,EMQ 会自动热升级更新代码。(产品部署环境不建议使用该插件)
  • etc/plugins/emq_reloader.conf配置 Reloader参数:
reloader.interval = 60s

reloader.logfile = reloader.log
  • 启用 Reloader认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_reloader
  •  

17、Retainer插件认证

  • Retainer 模块负责持久化 MQTT Retained 消息。
  • etc/plugins/emq_retainer.conf 配置 Retainer参数:
retainer.storage_type = ram

retainer.max_message_num = 1000000

retainer.max_payload_size = 64KB

retainer.expiry_interval = 0
  • 启用 Retainer认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_retainer
  •  

18、 MQTT-SN 协议插件认证

  • MQTT-SN 协议插件,支持 MQTT-SN 网关模式。(默认 MQTT-SN 协议 UDP 端口: 1884)
  • etc/plugins/emq_sn.conf 配置 EMQ-SN参数:
mqtt.sn.port = 1884

mqtt.sn.advertise_duration = 900

mqtt.sn.gateway_id = 1

mqtt.sn.enable_stats = off

mqtt.sn.enable_qos3 = off

mqtt.sn.predefined.topic.0 = reserved
mqtt.sn.predefined.topic.1 = /predefined/topic/name/hello
mqtt.sn.predefined.topic.2 = /predefined/topic/name/nice

mqtt.sn.username = mqtt_sn_user

mqtt.sn.password = abc
  • 启用 EMQ-SN认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_sn
  •  

19、Stomp插件认证

  • Stomp 协议插件。支持 STOMP 1.0/1.1/1.2 协议客户端连接 EMQ,发布订阅 MQTT 消息。
  • etc/plugins/emq_stomp.conf 配置 Stomp参数:
stomp.listener = 61613

stomp.listener.acceptors = 4

stomp.listener.max_clients = 512

## stomp.listener.ssl = off
## stomp.listener.keyfile = etc/certs/key.pem
## stomp.listener.certfile = etc/certs/cert.pem
## stomp.listener.cacertfile = etc/certs/cacert.pem
## stomp.listener.dhfile = etc/certs/dh-params.pem
## stomp.listener.verify = verify_peer
## stomp.listener.fail_if_no_peer_cert = true
## stomp.listener.tls_versions = tlsv1.2,tlsv1.1,tlsv1
## stomp.listener.handshake_timeout = 15s
## stomp.listener.secure_renegotiate = off
## stomp.listener.reuse_sessions = on
## stomp.listener.honor_cipher_order = on

stomp.default_user.login = guest

stomp.default_user.passcode = guest

stomp.allow_anonymous = true

stomp.frame.max_headers = 10

stomp.frame.max_header_length = 1024

stomp.frame.max_body_length = 8192
  • 启用 Stomp认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_stomp
  • 1

20、EMQ Web Hook插件认证

  • 支持在MQTT客户端上下线、消息发布订阅时触发WebHook回调。
  • etc/plugins/emq_web_hook.conf配置 EMQ Web Hook参数:
web.hook.api.url = http://127.0.0.1

## The WebHook Rules.
web.hook.rule.client.connected.1     = {"action": "on_client_connected"}
web.hook.rule.client.disconnected.1  = {"action": "on_client_disconnected"}
web.hook.rule.client.subscribe.1     = {"action": "on_client_subscribe"}
web.hook.rule.client.unsubscribe.1   = {"action": "on_client_unsubscribe"}
web.hook.rule.session.created.1      = {"action": "on_session_created"}
web.hook.rule.session.subscribed.1   = {"action": "on_session_subscribed"}
web.hook.rule.session.unsubscribed.1 = {"action": "on_session_unsubscribed"}
web.hook.rule.session.terminated.1   = {"action": "on_session_terminated"}
web.hook.rule.message.publish.1      = {"action": "on_message_publish"}
web.hook.rule.message.delivered.1    = {"action": "on_message_delivered"}
web.hook.rule.message.acked.1        = {"action": "on_message_acked"}
  • 启用 EMQ Web Hook认证插件:
[root@localhost bin]# ./emqttd_ctl plugins load emq_web_hook
©️2020 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页