在docker环境下，emqx 的证书配置

在docker环境下，emqx 的证书配置：

先编辑  emqx.conf  文件如下：

## NOTE:
## This config file overrides data/configs/cluster.hocon,
## and is merged with environment variables which start with 'EMQX_' prefix.
##
## Config changes made from EMQX dashboard UI, management HTTP API, or CLI
## are stored in data/configs/cluster.hocon.
## To avoid confusion, please do not store the same configs in both files.
##
## See https://www.emqx.io/docs/en/v5.0/configuration/configuration.html for more details.
## Configuration full example can be found in etc/examples

node {
  name = "emqx@127.0.0.1"
  cookie = "emqxsecretcookie"
  data_dir = "data"
}

cluster {
  name = emqxcl
  discovery_strategy = manual
}

dashboard {
    listeners.http {
        bind = 18083
    }
}
listeners.ssl.default {
  bind = "0.0.0.0:8883"
  max_connections = 512000
  ssl_options {
    keyfile = "etc/certs/emqx.key"
    certfile = "etc/certs/emqx.pem"
    cacertfile = "etc/certs/ca.pem"
    verify = verify_none #单向验证 若是有双项验证则为verify_peer 下面为true
    fail_if_no_peer_cert = false
  }
}

emqx.conf  与 certs 的目录对应情况：（emqx.conf 与 certs平级）

把镜像的配置文件映射到docker内部：

services:
  emqx1:
    container_name: emqx1
    image: emqx/emqx:5.5.0
    privileged: true
    restart: always
    environment:
      - "EMQX_NODE_NAME=emqx@node1.emqx.io"
      - "EMQX_CLUSTER__DISCOVERY_STRATEGY=static"
      - "EMQX_CLUSTER__STATIC__SEEDS=[emqx@node1.emqx.io,emqx@node2.emqx.io,emqx@node3.emqx.io]"
    healthcheck:
      test: ["CMD", "/opt/emqx/bin/emqx ctl", "status"]
      interval: 5s
      timeout: 25s
      retries: 5
    ports:
      - 1883:1883
      - 8083:8083
      - 8084:8084
      - 8883:8883
      - 18083:18083
    volumes:
      - /opt/emqx/etc:/opt/emqx/etc
      - /opt/emqx/lib:/opt/emqx/lib
      - /opt/emqx/data:/opt/emqx/data
      - /opt/emqx/log:/opt/emqx/log
    networks:
      default:
        aliases:
        - node1.emqx.io