zhangyuqing
/
mosquitto-go-auth
mirror of https://github.com/iegomez/mosquitto-go-auth.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for Mosquitto version >=2.x and arm(v7 and 64) to Dockerfile (#163) 

* Add support for Mosquitto version >=2.x and arm

* Hopefully fix ARMv6 build

* Add disclaimer regarding tests on hardware
This commit is contained in:
arctic-alpaca 2021-06-10 15:53:09 +02:00 committed by GitHub
parent d895cf567a
commit 1c8e24b650
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 114 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
Dockerfile
View File

@ -1,46 +1,96 @@
# Define Mosquitto version
ARG MOSQUITTO_VERSION=1.6.14
#Use debian:stable-slim as a builder and then copy everything.
FROM debian:stable-slim as builder
# Use debian:stable-slim as a builder for Mosquitto and dependencies.
FROM debian:stable-slim as mosquitto_builder
ARG MOSQUITTO_VERSION
#Set mosquitto and plugin versions.
#Change them for your needs.
ENV MOSQUITTO_VERSION=1.6.10
ENV PLUGIN_VERSION=0.6.1
ENV GO_VERSION=1.13.8
# Get mosquitto build dependencies.
RUN apt update && apt install -y wget build-essential cmake libssl-dev libcjson-dev
# Get libwebsocket. Debian's libwebsockets is too old for Mosquitto version > 2.x so it gets built from source.
RUN if [ "$(echo $MOSQUITTO_VERSION | head -c 1)" != 2 ]; then \
apt install -y libwebsockets-dev ; \
else \
export LWS_VERSION=2.4.2 && \
wget https://github.com/warmcat/libwebsockets/archive/v${LWS_VERSION}.tar.gz -O /tmp/lws.tar.gz && \
mkdir -p /build/lws && \
tar --strip=1 -xf /tmp/lws.tar.gz -C /build/lws && \
rm /tmp/lws.tar.gz && \
cd /build/lws && \
cmake . \
-DCMAKE_BUILD_TYPE=MinSizeRel \
-DCMAKE_INSTALL_PREFIX=/usr \
-DLWS_IPV6=ON \
-DLWS_WITHOUT_BUILTIN_GETIFADDRS=ON \
-DLWS_WITHOUT_CLIENT=ON \
-DLWS_WITHOUT_EXTENSIONS=ON \
-DLWS_WITHOUT_TESTAPPS=ON \
-DLWS_WITH_SHARED=OFF \
-DLWS_WITH_ZIP_FOPS=OFF \
-DLWS_WITH_ZLIB=OFF && \
make -j "$(nproc)" && \
rm -rf /root/.cmake ; \
fi
WORKDIR /app
#Get mosquitto build dependencies.
RUN apt-get update && apt-get install -y libwebsockets8 libwebsockets-dev libc-ares2 libc-ares-dev openssl uuid uuid-dev wget build-essential git
RUN mkdir -p mosquitto/auth mosquitto/conf.d
RUN wget http://mosquitto.org/files/source/mosquitto-${MOSQUITTO_VERSION}.tar.gz
RUN tar xzvf mosquitto-${MOSQUITTO_VERSION}.tar.gz && rm mosquitto-${MOSQUITTO_VERSION}.tar.gz
RUN tar xzvf mosquitto-${MOSQUITTO_VERSION}.tar.gz
#Build mosquitto.
RUN cd mosquitto-${MOSQUITTO_VERSION} && make WITH_WEBSOCKETS=yes && make install && cd ..
# Build mosquitto.
RUN if [ "$(echo $MOSQUITTO_VERSION | head -c 1)" != 2 ]; then \
cd mosquitto-${MOSQUITTO_VERSION} && make WITH_WEBSOCKETS=yes && make install ; \
else \
cd mosquitto-${MOSQUITTO_VERSION} && make CFLAGS="-Wall -O2 -I/build/lws/include" LDFLAGS="-L/build/lws/lib" WITH_WEBSOCKETS=yes && make install ; \
fi
#Get Go.
RUN export GO_ARCH=$(uname -m | sed -es/x86_64/amd64/ -es/armv7l/armv6l/ -es/aarch64/arm64/) && \
wget https://dl.google.com/go/go${GO_VERSION}.linux-${GO_ARCH}.tar.gz && \
tar -C /usr/local -xzf go${GO_VERSION}.linux-${GO_ARCH}.tar.gz && \
export PATH=$PATH:/usr/local/go/bin && \
go version && \
rm go${GO_VERSION}.linux-${GO_ARCH}.tar.gz
# Use golang:latest as a builder for the Mosquitto Go Auth plugin.
FROM --platform=$BUILDPLATFORM golang:latest AS go_auth_builder
ENV CGO_CFLAGS="-I/usr/local/include -fPIC"
ENV CGO_LDFLAGS="-shared -Wl,-unresolved-symbols=ignore-all"
ENV CGO_ENABLED=1
# Bring TARGETPLATFORM to the build scope
ARG TARGETPLATFORM
ARG BUILDPLATFORM
# Install TARGETPLATFORM parser to translate its value to GOOS, GOARCH, and GOARM
COPY --from=tonistiigi/xx:golang / /
RUN go env
# Install needed libc and gcc for target platform.
RUN if [ ! -z "$TARGETPLATFORM" ]; then \
case "$TARGETPLATFORM" in \
"linux/arm64") \
apt update && apt install -y gcc-aarch64-linux-gnu libc6-dev-arm64-cross \
;; \
"linux/arm/v7") \
apt update && apt install -y gcc-arm-linux-gnueabihf libc6-dev-armhf-cross \
;; \
"linux/arm/v6") \
apt update && apt install -y gcc-arm-linux-gnueabihf libc6-dev-armel-cross libc6-dev-armhf-cross \
;; \
esac \
fi
WORKDIR /app
COPY --from=mosquitto_builder /usr/local/include/ /usr/local/include/
#Build the plugin from local source
COPY ./ ./
RUN go build -buildmode=c-archive go-auth.go && \
go build -buildmode=c-shared -o go-auth.so && \
go build pw-gen/pw.go
#Build the plugin.
RUN export PATH=$PATH:/usr/local/go/bin && export CGO_CFLAGS="-I/usr/local/include -fPIC" && export CGO_LDFLAGS="-shared" && make
#Start from a new image.
FROM debian:stable-slim
#Get mosquitto dependencies.
RUN apt-get update && apt-get install -y libwebsockets8 libc-ares2 openssl uuid tini
RUN apt update && apt install -y libwebsockets8 libc-ares2 openssl uuid tini
#Setup mosquitto env.
RUN mkdir -p /var/lib/mosquitto /var/log/mosquitto
RUN groupadd mosquitto \
&& useradd -s /sbin/nologin mosquitto -g mosquitto -d /var/lib/mosquitto \
@ -48,20 +98,11 @@ RUN groupadd mosquitto \
&& chown -R mosquitto:mosquitto /var/lib/mosquitto/
#Copy confs, plugin so and mosquitto binary.
COPY --from=builder /app/mosquitto/ /mosquitto/
COPY --from=builder /app/pw /mosquitto/pw
COPY --from=builder /app/go-auth.so /mosquitto/go-auth.so
COPY --from=builder /usr/local/sbin/mosquitto /usr/sbin/mosquitto
COPY --from=mosquitto_builder /app/mosquitto/ /mosquitto/
COPY --from=go_auth_builder /app/pw /mosquitto/pw
COPY --from=go_auth_builder /app/go-auth.so /mosquitto/go-auth.so
COPY --from=mosquitto_builder /usr/local/sbin/mosquitto /usr/sbin/mosquitto
#Uncomment to copy your custom confs (change accordingly) directly when building the image.
#Leave commented if you want to mount a volume for these (see docker-compose.yml).
# COPY ./docker/conf/mosquitto.conf /etc/mosquitto/mosquitto.conf
# COPY ./docker/conf/conf.d/go-auth.conf /etc/mosquitto/conf.d/go-auth.conf
# COPY ./docker/conf/auth/acls /etc/mosquitto/auth/acls
# COPY ./docker/conf/auth/passwords /etc/mosquitto/auth/passwords
#Expose tcp and websocket ports as defined at mosquitto.conf (change accordingly).
EXPOSE 1883 1884
ENTRYPOINT ["/usr/bin/tini", "--"]

38
README.md
View File

@ -83,6 +83,8 @@ Please open an issue with the `feature` or `enhancement` tag to request new back
- [Testing Javascript](#testing-javascript)
- [Using with LoRa Server](#using-with-lora-server)
- [Docker](#docker)
- [Prebuilt images](#prebuilt-images)
- [Building images](#building-images)
- [License](#license)
<!-- /MarkdownTOC -->
@ -1519,11 +1521,41 @@ See the official [MQTT authentication & authorization guide](https://www.loraser
### Docker
This project provides example Dockerfiles for building a Docker container that contains `mosquitto` and the `mosquitto-go-auth` plug-in.
#### Support and issues
Please be aware that, since Docker isn't actively used by the maintainer of this project, support for issues regarding Docker, the provided images and building Docker images is very limited and usually driven by other contributors.
Please read the [documentation](./docker/README.md) in the [docker](/docker) directory for more information.
Only images for x86_64/AMD64 and ARMv7 have been tested. ARMv6 and ARM64 hardware was not available to the contributor creating the build workflow.
#### Prebuilt images
Images are provided on Dockerhub under [iegomez/mosquitto-go-auth](https://hub.docker.com/r/iegomez/mosquitto-go-auth).
Prebuilt images are provided on Dockerhub under [iegomez/mosquitto-go-auth](https://hub.docker.com/r/iegomez/mosquitto-go-auth).
To run the latest image, use the following command and replace `/conf` with the location of your `.conf` files:
`docker run -it -p 1884:1884 -p 1883:1883 -v /conf:/etc/mosquitto iegomez/mosquitto-go-auth`
#### Building images
This project provides a Dockerfile for building a Docker container that contains `mosquitto` and the `mosquitto-go-auth` plug-in.
Building containers is only supported on x86_64/AMD64 machines with multi-arch build support via [Docker Buildx](https://docs.docker.com/buildx/working-with-buildx).
This allows building containers for x86_64/AMD64, ARMv6, ARMv7 and ARM64 on a single x86_64/AMD64 machine. For further instructions regarding Buildx, please refer to its documentation ond Docker's website.
#### Step-by-step guide:
* clone this repository: `git clone https://github.com/iegomez/mosquitto-go-auth.git`
* change into the project folder `cd mosquitto-go-auth`
* build containers for your desired architectures: `docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 .`
#### Base Image
Since there are several issues with using `alpine` based images we are using `debian:stable-slim` for both our build and final image. The final image size is about 60 MB.
Documented issues:
- https://github.com/iegomez/mosquitto-go-auth/issues/14
- https://github.com/iegomez/mosquitto-go-auth/issues/15
- https://github.com/iegomez/mosquitto-go-auth/issues/20
#### Mosquitto version
The Dockerfile compiles `mosquitto` using the source code from the version specified by `MOSQUITTO_VERSION`.
>Mosquitto released versions can be found at https://mosquitto.org/files/source/
### Testing using Docker

0
docker/conf/auth/acls → conf_example/auth/acls
View File

0
docker/conf/auth/passwords → conf_example/auth/passwords
View File

0
docker/conf/conf.d/go-auth.conf → conf_example/conf.d/go-auth.conf
View File

0
docker/conf/mosquitto.conf → conf_example/mosquitto.conf
View File

71
docker/Dockerfile
View File

@ -1,71 +0,0 @@
#Use debian:stable-slim as a builder and then copy everything.
FROM debian:stable-slim as builder
#Set mosquitto and plugin versions.
#Change them for your needs.
ENV MOSQUITTO_VERSION=1.6.10
ENV PLUGIN_VERSION=0.6.1
ENV GO_VERSION=1.13.8
WORKDIR /app
#Get mosquitto build dependencies.
RUN apt-get update && apt-get install -y libwebsockets8 libwebsockets-dev libc-ares2 libc-ares-dev openssl uuid uuid-dev wget build-essential git
RUN mkdir -p mosquitto/auth mosquitto/conf.d
RUN wget http://mosquitto.org/files/source/mosquitto-${MOSQUITTO_VERSION}.tar.gz
RUN tar xzvf mosquitto-${MOSQUITTO_VERSION}.tar.gz && rm mosquitto-${MOSQUITTO_VERSION}.tar.gz
#Build mosquitto.
RUN cd mosquitto-${MOSQUITTO_VERSION} && make WITH_WEBSOCKETS=yes && make install && cd ..
#Get Go.
RUN export GO_ARCH=$(uname -m | sed -es/x86_64/amd64/ -es/armv7l/armv6l/ -es/aarch64/arm64/) && \
wget https://dl.google.com/go/go${GO_VERSION}.linux-${GO_ARCH}.tar.gz && \
tar -C /usr/local -xzf go${GO_VERSION}.linux-${GO_ARCH}.tar.gz && \
export PATH=$PATH:/usr/local/go/bin && \
go version && \
rm go${GO_VERSION}.linux-${GO_ARCH}.tar.gz
#Get / build the plugin.
RUN mkdir mosquitto-go-auth && \
cd mosquitto-go-auth && \
git clone https://github.com/iegomez/mosquitto-go-auth.git . && \
export PATH=$PATH:/usr/local/go/bin && \
export CGO_CFLAGS="-I/usr/local/include -fPIC" && \
export CGO_LDFLAGS="-shared" && \
make
#Start from a new image.
FROM debian:stable-slim
#Get mosquitto dependencies.
RUN apt-get update && apt-get install -y libwebsockets8 libc-ares2 openssl uuid tini
#Setup mosquitto env.
RUN mkdir -p /var/lib/mosquitto /var/log/mosquitto
RUN groupadd mosquitto \
&& useradd -s /sbin/nologin mosquitto -g mosquitto -d /var/lib/mosquitto \
&& chown -R mosquitto:mosquitto /var/log/mosquitto/ \
&& chown -R mosquitto:mosquitto /var/lib/mosquitto/
#Copy confs, plugin so and mosquitto binary.
COPY --from=builder /app/mosquitto/ /mosquitto/
COPY --from=builder /app/mosquitto-go-auth/pw /mosquitto/pw
COPY --from=builder /app/mosquitto-go-auth/go-auth.so /mosquitto/go-auth.so
COPY --from=builder /usr/local/sbin/mosquitto /usr/sbin/mosquitto
#Uncomment to copy your custom confs (change accordingly) directly when building the image.
#Leave commented if you want to mount a volume for these (see docker-compose.yml).
#COPY conf/mosquitto.conf /etc/mosquitto/mosquitto.conf
#COPY conf/conf.d/go-auth.conf /etc/mosquitto/conf.d/go-auth.conf
#COPY conf/auth/acls /etc/mosquitto/auth/acls
#COPY conf/auth/passwords /etc/mosquitto/auth/passwords
#Expose tcp and websocket ports as defined at mosquitto.conf (change accordingly).
EXPOSE 1883 1884
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD [ "/usr/sbin/mosquitto" ,"-c", "/etc/mosquitto/mosquitto.conf" ]

66
docker/README.md
View File

@ -1,66 +0,0 @@
## Docker Images
This project utilizes two `Dockerfiles` to give the option of building the `mosquitto-go-auth` plugin from either local or released source.
In both cases the resulting image contains a compiled and ready to run version of `mosquitto` with the `mosquitto-go-auth` plugin-in enabled.
### Base Image
Since there are several issues with using `alpine` based images we are using `debian:stable-slim` for both our build and final image. The final image size is about 128 MB.
Documented issues:
- https://github.com/iegomez/mosquitto-go-auth/issues/14
- https://github.com/iegomez/mosquitto-go-auth/issues/15
- https://github.com/iegomez/mosquitto-go-auth/issues/20
### Build method
The Dockerfiles utilize the [multi-stage](https://docs.docker.com/develop/develop-images/multistage-build/) build feature provided by the Docker CLI.
This feature allows you to optimize the final image output by copying select artifacts from the previous stage.
### mosquitto-go-auth Plug-in (Released Source)
The `Dockerfile` in the `/docker` directory compiles the plug-in using the specified `PLUGIN_VERSION` source code. The source code will come directly from our [GitHub Releases](https://github.com/iegomez/mosquitto-go-auth/releases).
### mosquitto-go-auth Plug-In (Local Source)
The `Dockerfile` located in the `root` (`/`) directory will compile the plug-in using your local source code.
### Mosquitto
Both Dockerfiles compile `mosquitto` using the source code from the version specified by `MOSQUITTO_VERSION`.
>Mosquitto released versions can be found at https://mosquitto.org/files/source/
#### Conf files
The Dockerfiles can also copy `conf` files found in the `/docker/conf` project directory.
>You will have to uncomment the instructions manually for the files to be copied.
### Docker Commands
In case you're not familiar with [Docker](https://docs.docker.com/), here are some basic commands for getting going.
#### Build Container:
```sh
# Ensure your PWD is either project root or /docker
docker build -t mosquitto-go-auth .
```
#### Run Container:
```sh
# This command will run the container and map the corresponding ports locally.
# You can access Mosquitto running inside the container on localhost:1883 and localhost:1884 (WebSockets)
docker run -it -p 1884:1884 -p 1883:1883 mosquitto-go-auth
```
#### Stop Container:
```sh
docker stop $(docker ps -q --filter ancestor=mosquitto-go-auth)
```
#### Remove Container locally:
```sh
docker rmi $(docker images -q --filter reference='mosquitto-go-auth:*')
```
### Docker Compose
This is just a working example of how a docker image could be built for this project and composed with other images such as a `redis` one for cache (check [docker-compose](docker-compose.yml)). Any contributions to make it better are very welcome.

18
docker/docker-compose.yml
View File

@ -1,18 +0,0 @@
version: "3"
services:
redis:
image: redis:5-alpine
volumes:
- redisdata:/data
mosquitto:
image: iegomez/mosquitto-go-auth:latest
volumes:
- ./conf:/etc/mosquitto
ports:
- 1883:1883
volumes:
redisdata: