# mqtt-server

**Repository Path**: zhuisu930/mqtt-server

## Basic Information

- **Project Name**: mqtt-server
- **Description**: rumqttd服务端配置
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2024-12-03
- **Last Updated**: 2024-12-10

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# mqtt-server

#### 介绍
rumqttd服务端配置

配置文件为rumqttd.toml

设置tls通信

[v4.2]

name = "v4-2"

listen = "0.0.0.0:8883"

next_connection_delay_ms = 10
   
   [v4.2.tls]

   capath = "/home/kylin/ca/ca.cert.pem"

   certpath = "/home/kylin/ca/broker.kylin.cn.cert.pem"

   keypath = "/home/kylin/ca/broker.kylin.cn.key.pem"

   [v4.2.connections]

   connection_timeout_ms = 60000

   throttle_delay_ms = 0

   max_payload_size = 20480

   max_inflight_count = 100

   max_inflight_size = 1024

其中broker.kylin.cn是客户端连接的地址，需要在客户端配置/etc/hosts，将对应的ip地址指向域名

![输入图片说明](https://foruda.gitee.com/images/1733218035853901362/a19c2ab9_5329577.png "屏幕截图")

关于生成broker.kylin.cn.cert.pem、broker.kylin.cn.key.pem
使用：./provision server --ca ca.cert.pem --cakey ca.key.pem --domain broker.kylin.cn

生成client端pem
./provision client --ca ca.cert.pem --cakey ca.key.pem --device client --tenant a

### 使用openssl生成秘钥
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 36500 -out ca.pem -subj "/C=CN/ST=HuNan/L=ChangSha/O=YS/CN=SelfCA"
新建并编辑vim openssl.cnf

kylin@ys:~/ssl$ cat openssl.cnf 
[req]
default_bits  = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
countryName = CN
stateOrProvinceName = HuNan
localityName = ChangSha
organizationName = YS
commonName = Emqx
[req_ext]
subjectAltName = @alt_names
[v3_req]
subjectAltName = @alt_names
[alt_names]
IP.1 = 10.42.183.13
IP.2 = 127.0.0.1
#DNS.1 = BROKER_ADDRESS

# 生成server端证书
openssl genrsa -out emqx.key 2048
openssl req -new -key ./emqx.key -config openssl.cnf -out emqx.csr
openssl x509 -req -in ./emqx.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out emqx.pem -days 36500 -sha256 -extensions v3_req -extfile openssl.cnf

#生成client端证书
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr -subj "/C=CN/ST=HuNan/L=ChangSha/O=YS/CN=client"
openssl x509 -req -days 36500 -in client.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client.pem

验证证书
openssl verify -CAfile ca.pem emqx.pem
openssl verify -CAfile ca.pem client.pem