在docker环境下,emqx 的证书配置:
先编辑 emqx.conf 文件如下:
## NOTE:
## This config file overrides data/configs/cluster.hocon,
## and is merged with environment variables which start with 'EMQX_' prefix.
##
## Config changes made from EMQX dashboard UI, management HTTP API, or CLI
## are stored in data/configs/cluster.hocon.
## To avoid confusion, please do not store the same configs in both files.
##
## See https://www.emqx.io/docs/en/v5.0/configuration/configuration.html for more details.
## Configuration full example can be found in etc/examples
node {
name = "emqx@127.0.0.1"
cookie = "emqxsecretcookie"
data_dir = "data"
}
cluster {
name = emqxcl
discovery_strategy = manual
}
dashboard {
listeners.http {
bind = 18083
}
}
listeners.ssl.default {
bind = "0.0.0.0:8883"
max_connections = 512000
ssl_options {
keyfile = "etc/certs/emqx.key"
certfile = "etc/certs/emqx.pem"
cacertfile = "etc/certs/ca.pem"
verify = verify_none #单向验证 若是有双项验证则为verify_peer 下面为true
fail_if_no_peer_cert = false
}
}
emqx.conf 与 certs 的目录对应情况:(emqx.conf 与 certs平级)
把镜像的配置文件映射到docker内部:
services:
emqx1:
container_name: emqx1
image: emqx/emqx:5.5.0
privileged: true
restart: always
environment:
- "EMQX_NODE_NAME=emqx@node1.emqx.io"
- "EMQX_CLUSTER__DISCOVERY_STRATEGY=static"
- "EMQX_CLUSTER__STATIC__SEEDS=[emqx@node1.emqx.io,emqx@node2.emqx.io,emqx@node3.emqx.io]"
healthcheck:
test: ["CMD", "/opt/emqx/bin/emqx ctl", "status"]
interval: 5s
timeout: 25s
retries: 5
ports:
- 1883:1883
- 8083:8083
- 8084:8084
- 8883:8883
- 18083:18083
volumes:
- /opt/emqx/etc:/opt/emqx/etc
- /opt/emqx/lib:/opt/emqx/lib
- /opt/emqx/data:/opt/emqx/data
- /opt/emqx/log:/opt/emqx/log
networks:
default:
aliases:
- node1.emqx.io