容器emqx
docker pull emqx/emqx:4.3.10
docker run -d --name emqx -p 1883:1883 -p 8081:8081 -p 8083:8083 -p 8084:8084 -p 8883:8883 -p 18083:18083 emqx/emqx:4.3.10
启动emqx
bin\emqx start
检查运行状态
bin\emqx_ctl status
停止emqx
bin\emqx stop
启动mysql数据库
bin\emqx_ctl plugins load emqx_auth_mysql
web控制台
http://127.0.0.1:18083
默认用户:
admin
密码:
public
mqtt服务配置
权限
默认鉴权配置文件
emqx\etc\acl.conf
全部用 %% 注释掉
尾部添加 允许用户订阅上下线 通知
{allow, all, subscribe, ["$SYS/brokers/emqx@127.0.0.1/clients/+/connected"]}.
{allow, all, subscribe, ["$SYS/brokers/emqx@127.0.0.1/clients/+/disconnected"]}.
mysql鉴权插件配置文件
emqx\etc\plugins\emqx_auth_mysql.conf
auth.mysql.server = 127.0.0.1:3306
auth.mysql.pool = 8
auth.mysql.username = mqtt
auth.mysql.password =qq547176052
auth.mysql.database = mqtt
## Value: SQL
##
## Variables:
## - %u: username
## - %c: clientid
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
auth.mysql.auth_query = select password from mqtt_user where username = '%u' limit 1
## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1
## Password hash.
##
## Value: plain | md5 | sha | sha256 | bcrypt
auth.mysql.password_hash = plain
## Superuser query.
##
## Value: SQL
##
## Variables:
## - %u: username
## - %c: clientid
## - %C: common name of client TLS cert
## - %d: subject of client TLS cert
##
auth.mysql.super_query = select is_superuser from mqtt_user where username = '%u' limit 1
## ACL query.
##
## Value: SQL
##
## Variables:
## - %a: ipaddr
## - %u: username
## - %c: clientid
##
## Note: You can add the 'ORDER BY' statement to control the rules match order
auth.mysql.acl_query = select allow, ipaddr, username, clientid, access, topic from mqtt_acl where ipaddr = '%a' or username = '%u' or username = '$all' or clientid = '%c'
emqx 配置文件
全局配置
默认配置中 ACL 是开放授权的,即授权结果为忽略(ignore)时允许客户端通过授权。
通过 etc/emqx.conf 中的 ACL 配置可以更改该属性:
# etc/emqx.conf
## ACL 未匹配时默认授权
## Value: allow | deny
acl_nomatch = allow
# 配置默认 ACL 文件,使用文件定义默认 ACL 规则:
# etc/emqx.conf
acl_file = etc/acl.conf
# 配置 ACL 授权结果为禁止的响应动作,为 disconnect 时将断开设备:
# etc/emqx.conf
## Value: ignore | disconnect
acl_deny_action = ignore
cluster.name = emqxcl
cluster.proto_dist = inet_tcp
cluster.discovery = manual
cluster.autoheal = on
cluster.autoclean = 5m
node.name = emqx@127.0.0.1
node.cookie = emqxsecretcookie
node.data_dir = data
node.global_gc_interval = 15m
node.crash_dump = log/crash.dump
node.dist_listen_min = 6369
node.dist_listen_max = 6369
node.backtrace_depth = 16
rpc.mode = async
rpc.async_batch_size = 256
rpc.port_discovery = stateless
rpc.connect_timeout = 5s
rpc.send_timeout = 5s
rpc.authentication_timeout = 5s
rpc.call_receive_timeout = 15s
rpc.socket_keepalive_idle = 900s
rpc.socket_keepalive_interval = 75s
rpc.socket_keepalive_count = 9
rpc.socket_sndbuf = 1MB
rpc.socket_recbuf = 1MB
rpc.socket_buffer = 1MB
log.to = file
log.level = warning
log.dir = log
log.file = emqx.log
log.rotation = on
log.rotation.size = 10MB
log.rotation.count = 5
## To create additional log files for specific log levels.
##
## Value: File Name
## Format: log.$level.file = $filename,
## where "$level" can be one of: debug, info, notice, warning,
## error, critical, alert, emergency
## Note: Log files for a specific log level will only contain all the logs
## that higher than or equal to that level
##
#log.info.file = info.log
#log.error.file = error.log
## The max allowed queue length before switching to sync mode.
##
## Log overload protection parameter. If the message queue grows
## larger than this value the handler switches from anync to sync mode.
##
## Default: 100
##
#log.sync_mode_qlen = 100
## The max allowed queue length before switching to drop mode.
##
## Log overload protection parameter. When the message queue grows
## larger than this threshold, the handler switches to a mode in which
## it drops all new events that senders want to log.
##
## Default: 3000
##
#log.drop_mode_qlen = 3000
## The max allowed queue length before switching to flush mode.
##
## Log overload protection parameter. If the length of the message queue
## grows larger than this threshold, a flush (delete) operation takes place.
## To flush events, the handler discards the messages in the message queue
## by receiving them in a loop without logging.
##
## Default: 8000
##
#log.flush_qlen = 8000
## Kill the log handler when it gets overloaded.
##
## Log overload protection parameter. It is possible that a handler,
## even if it can successfully manage peaks of high load without crashing,
## can build up a large message queue, or use a large amount of memory.
## We could kill the log handler in these cases and restart it after a
## few seconds.
##
## Default: on
##
#log.overload_kill = on
## The max allowed queue length before killing the log hanlder.
##
## Log overload protection parameter. This is the maximum allowed queue
## length. If the message queue grows larger than this, the handler
## process is terminated.
##
## Default: 20000
##
#log.overload_kill_qlen = 20000
## The max allowed memory size before killing the log hanlder.
##
## Log overload protection parameter. This is the maximum memory size
## that the handler process is allowed to use. If the handler grows
## larger than this, the process is terminated.
##
## Default: 30MB
##
#log.overload_kill_mem_size = 30MB
## Restart the log hanlder after some seconds.
##
## Log overload protection parameter. If the handler is terminated,
## it restarts automatically after a delay specified in seconds.
## The value "infinity" prevents restarts.
##
## Default: 5s
##
#log.overload_kill_restart_after = 5s
## Max burst count and time window for burst control.
##
## Log overload protection parameter. Large bursts of log events - many
## events received by the handler under a short period of time - can
## potentially cause problems. By specifying the maximum number of events
## to be handled within a certain time frame, the handler can avoid
## choking the log with massive amounts of printouts.
##
## This config controls the maximum number of events to handle within
## a time frame. After the limit is reached, successive events are
## dropped until the end of the time frame.
##
## Note that there would be no warning if any messages were
## dropped because of burst control.
##
## Comment this config out to disable the burst control feature.
##
## Value: MaxBurstCount,TimeWindow
## Default: disabled
##
#log.burst_limit = 20000, 1s
## CONFIG_SECTION_END=logger ===================================================
##--------------------------------------------------------------------
## Authentication/Access Control
##--------------------------------------------------------------------
## Allow anonymous authentication by default if no auth plugins loaded.
## Notice: Disable the option in production deployment!
##
## Value: true | false
allow_anonymous = true
## Allow or deny if no ACL rules matched.
##
## Value: allow | deny
acl_nomatch = deny
## Default ACL File.
##
## Value: File Name
acl_file = etc/acl.conf
## Whether to enable ACL cache.
##
## If enabled, ACLs roles for each client will be cached in the memory
##
## Value: on | off
enable_acl_cache = on
## The maximum count of ACL entries can be cached for a client.
##
## Value: Integer greater than 0
## Default: 32
acl_cache_max_size = 32
## The time after which an ACL cache entry will be deleted
##
## Value: Duration
## Default: 1 minute
acl_cache_ttl = 1m
## The action when acl check reject current operation
##
## Value: ignore | disconnect
## Default: ignore
acl_deny_action = ignore
## Specify the global flapping detect policy.
## The value is a string composed of flapping threshold, duration and banned interval.
## 1. threshold: an integer to specfify the disconnected times of a MQTT Client;
## 2. duration: the time window for flapping detect;
## 3. banned interval: the banned interval if a flapping is detected.
##
## Value: Integer,Duration,Duration
flapping_detect_policy = 30, 1m, 5m
##--------------------------------------------------------------------
## MQTT Protocol
##--------------------------------------------------------------------
## Maximum MQTT packet size allowed.
##
## Value: Bytes
## Default: 1MB
mqtt.max_packet_size = 1MB
## Maximum length of MQTT clientId allowed.
##
## Value: Number [23-65535]
mqtt.max_clientid_len = 65535
## Maximum topic levels allowed. 0 means no limit.
##
## Value: Number
mqtt.max_topic_levels = 0
## Maximum QoS allowed.
##
## Value: 0 | 1 | 2
mqtt.max_qos_allowed = 2
## Maximum Topic Alias, 0 means no topic alias supported.
##
## Value: 0-65535
mqtt.max_topic_alias = 65535
## Whether the Server supports MQTT retained messages.
##
## Value: boolean
mqtt.retain_available = true
## Whether the Server supports MQTT Wildcard Subscriptions
##
## Value: boolean
mqtt.wildcard_subscription = true
## Whether the Server supports MQTT Shared Subscriptions.
##
## Value: boolean
mqtt.shared_subscription = true
## Whether to ignore loop delivery of messages.(for mqtt v3.1.1)
##
## Value: true | false
mqtt.ignore_loop_deliver = false
## Whether to parse the MQTT frame in strict mode
##
## Value: true | false
mqtt.strict_mode = false
## Specify the response information returned to the client
##
## Value: String
## mqtt.response_information = example
## CONFIG_SECTION_BGN=zones ===================================================
##--------------------------------------------------------------------
## External Zone
## Idle timeout of the external MQTT connections.
##
## Value: duration
zone.external.idle_timeout = 15s
## Enable ACL check.
##
## Value: Flag
zone.external.enable_acl = on
## Enable ban check.
##
## Value: Flag
zone.external.enable_ban = on
## Enable per connection statistics.
##
## Value: on | off
zone.external.enable_stats = on
## The action when acl check reject current operation
##
## Value: ignore | disconnect
## Default: ignore
zone.external.acl_deny_action = ignore
## Force the MQTT connection process GC after this number of
## messages | bytes passed through.
##
## Numbers delimited by `|'. Zero or negative is to disable.
zone.external.force_gc_policy = 16000|16MB
## Max message queue length and total heap size to force shutdown
## connection/session process.
## Message queue here is the Erlang process mailbox, but not the number
## of queued MQTT messages of QoS 1 and 2.
##
## Numbers delimited by `|'. Zero or negative is to disable.
##
## Default:
## - 10000|64MB on ARCH_64 system
## - 1000|32MB on ARCH_32 sytem
#zone.external.force_shutdown_policy = 10000|64MB
## Maximum MQTT packet size allowed.
##
## Value: Bytes
## Default: 1MB
## zone.external.max_packet_size = 64KB
## Maximum length of MQTT clientId allowed.
##
## Value: Number [23-65535]
## zone.external.max_clientid_len = 1024
## Maximum topic levels allowed. 0 means no limit.
##
## Value: Number
## zone.external.max_topic_levels = 7
## Maximum QoS allowed.
##
## Value: 0 | 1 | 2
## zone.external.max_qos_allowed = 2
## Maximum Topic Alias, 0 means no limit.
##
## Value: 0-65535
## zone.external.max_topic_alias = 65535
## Whether the Server supports retained messages.
##
## Value: boolean
## zone.external.retain_available = true
## Whether the Server supports Wildcard Subscriptions
##
## Value: boolean
## zone.external.wildcard_subscription = false
## Whether the Server supports Shared Subscriptions
##
## Value: boolean
## zone.external.shared_subscription = false
## Server Keep Alive
##
## Value: Number
## zone.external.server_keepalive = 0
## The backoff for MQTT keepalive timeout. The broker will kick a connection out
## until 'Keepalive * backoff * 2' timeout.
##
## Value: Float > 0.5
zone.external.keepalive_backoff = 0.75
## Maximum number of subscriptions allowed, 0 means no limit.
##
## Value: Number
zone.external.max_subscriptions = 0
## Force to upgrade QoS according to subscription.
##
## Value: on | off
zone.external.upgrade_qos = off
## Maximum size of the Inflight Window storing QoS1/2 messages delivered but unacked.
##
##