配置 mosquitto MQTT 代理以侦听多个端口

Question

我在 Win7 PC 上安装了 mosquitto，我希望它可以侦听许多端口，因此我根据 mosquitto 文档和网上找到的一些教程/示例修改了 mosquitto.conf。这些是我对 mosquitto.conf 所做的修改：

\n\n

    # Plain MQTT protocol\n    listener 1883\n\n    # MQTT over TLS/SSL\n    listener 8883\n    protocol mqtt\n    require_certificate false\n\n    # MQTT over TLS/SSL with certificates\n    listener 8884\n    protocol mqtt\n    require_certificate true\n    certfile cert.pem\n    cafile chain.pem\n    keyfile privkey.pem\n\n    # Plain WebSockets configuration\n    listener 9001\n    protocol websockets\n\n    # WebSockets over TLS/SSL\n    listener 9883\n    protocol websockets\n    require_certificate true\n    cafile mosquitto/ca.crt\n    certfile mosquitto/hostname.crt\n    keyfile mosquitto/hostname.key\n\n    # Log system configuration\n    log_type all \n    #log_dest file C:/Dati/mosquitto/mosquitto.log\n    log_facility 5\n    log_type error\n    log_type warning\n    log_type notice\n    log_type information\n

\n\n

不幸的是，这些修改不再有效。\n所以，我需要研究一个工作示例来了解什么是对的，什么是错的。\n我的目标是让 mosquitto 监听 1883 端口（没有加密的普通 MQTT）8883（通过 TLS 1.2 但不使用证书）8884（使用证书的 TLS 1.2）9001（普通 Websockets），最后是 9883（需要证书的 Web 套接字）。

\n\n

我怀疑证书有问题，但我按照 test.mosquitto.org 报告中的指示进行操作：

\n\n

服务器侦听以下端口：

\n\n

\n
• 1883：MQTT，未加密
\n
• 8883：MQTT，加密
\n
• 8884：MQTT，加密，需要客户端证书
\n
• 8080：基于 WebSocket 的 MQTT，未加密
\n
• 8081：基于 WebSocket 的 MQTT，已加密
\n

\n\n

因此，连接到端口 8883 似乎不需要客户端证书。

\n\n

更新\n最后，将 mosquitto 作为一个简单的应用程序而不是 Windows 服务启动，我可以在 stdio/stderr 上看到日志，结果如下：

\n\n

这就是我开始驱蚊的方式：

\n\n

mosquitto -c mosquitto.conf -v\n

\n\n

这是在端口 8883 上测试 mosquitto 的测试命令及其结果：

\n\n

mosquitto_pub --cafile C:\\Dati\\mosquitto\\ca.crt -h 192.168.1.2 -t "test" -m "message" -p 8883\nError: Unknown error.\n

\n\n

这是在端口 1883 上测试 mosquitto 的测试命令（日志文件的最后几行）：

\n\n

mosquitto_pub -h 192.168.1.2 -t "test" -m "message" -p 1883\n

\n\n

这是日志文件：

\n\n

    1559207712: mosquitto version 1.5.8 starting\n    1559207712: Config loaded from mosquitto.conf.\n    1559207712: Opening ipv6 listen socket on port 8883.\n    1559207712: Opening ipv4 listen socket on port 8883.\n    1559207712: Opening ipv6 listen socket on port 1883.\n    1559207712: Opening ipv4 listen socket on port 1883.\n    1559207731: New connection from 192.168.1.2 on port 8883.\n    1559207731: Socket error on client <unknown>, disconnecting.\n    1559207789: New connection from 192.168.1.2 on port 1883.\n    1559207789: New client connected from 192.168.1.2 as MQTT_FX_Client (c1, k60).\n    1559207789: No will message specified.\n    1559207789: Sending CONNACK to MQTT_FX_Client (0, 0)\n    1559207808: Received DISCONNECT from MQTT_FX_Client\n    1559207808: Client MQTT_FX_Client disconnected.\n    1559207902: New connection from 192.168.1.2 on port 8883.\n    1559207902: Socket error on client <unknown>, disconnecting.\n    1559207902: New connection from 192.168.1.2 on port 8883.\n    1559207902: Socket error on client <unknown>, disconnecting.\n    1559207949: New connection from 192.168.1.2 on port 8883.\n    1559207949: Socket error on client <unknown>, disconnecting.\n    1559207949: New connection from 192.168.1.2 on port 8883.\n    1559207949: Socket error on client <unknown>, disconnecting.\n    1559207956: New connection from 192.168.1.2 on port 8883.\n    1559207956: Socket error on client <unknown>, disconnecting.\n    1559207956: New connection from 192.168.1.2 on port 8883.\n    1559207956: Socket error on client <unknown>, disconnecting.\n    1559207994: New connection from 192.168.1.2 on port 8883.\n    1559207994: Socket error on client <unknown>, disconnecting.\n1559208345: New connection from 192.168.1.2 on port 1883.\n1559208345: New client connected from 192.168.1.2 as mosqpub|7544-NOTEBOOK (c1, k60).\n1559208345: No will message specified.\n1559208345: Sending CONNACK to mosqpub|7544-NOTEBOOK (0, 0)\n1559208345: Received PUBLISH from mosqpub|7544-NOTEBOOK (d0, q0, r0, m0, \'test\', ... (7 bytes))\n1559208345: Received DISCONNECT from mosqpub|7544-NOTEBOOK\n1559208345: Client mosqpub|7544-NOTEBOOK disconnected.\n

\n\n

我对 mosquitto.conf 进行了一些修改，试图更好地了解情况，并且使用 mosquitto_pub 发现了一些有趣的事情，这是我修改的 mosquitto.conf 的相关部分：

\n\n

# Log system configuration\nlog_type all \n#log_dest file C:\\Dati\\mosquitto\\mosquitto.log    now stderr\n\n# MQTT over TLS/SSL\nlistener 8893\nprotocol mqtt\nallow_anonymous true\nrequire_certificate false\ncafile C:\\Dati\\mosquitto\\ca.crt\ncertfile C:\\Dati\\mosquitto\\server.crt\nkeyfile C:\\Dati\\mosquitto\\server.key\n\n# MQTT plain\nlistener 1893\nprotocol mqtt\n

\n\n

实际上，我在非标准端口上启动了 2 个新侦听器，以确保只有 mosquitto.conf 上的配置会影响它们，因此没有太多幻想...... 1883 - > 1893 和 8883 - > 8893。

\n\n

然后，现在在没有 SSL 的情况下执行 mosquitto_pub 这是（正确的）结果：

\n\n

mosquitto_pub -h 192.168.1.2 -i "MQTT_FX_Client" -t "test" -m "message" -p 1893 -d\nClient MQTT_FX_Client sending CONNECT\nClient MQTT_FX_Client received CONNACK (0)\nClient MQTT_FX_Client sending PUBLISH (d0, q0, r0, m1, \'test\', ... (7 bytes))\nClient MQTT_FX_Client sending DISCONNECT\n

\n\n

这是在端口 8893 上使用 SSL 执行 mosquitto_pub 的（错误）结果：

\n\n

mosquitto_pub --cafile C:\\Dati\\mosquitto\\ca.crt -h 192.168.1.2 -i "MQTT_FX_Client" -t "test" -m "message" -p 8893 -d\nClient MQTT_FX_Client sending CONNECT\nOpenSSL Error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed\nError: A TLS error occurred.\n

\n\n

但使用 MQTT.fx 需要使用以下参数：\n配置文件类型：MQTT 代理\n代理地址：192.168.1.2\n代理端口：8893\n客户端 ID\xc2\xa7：MQTT_FX_Client\n启用 SSL/TLS：是\n协议 TLSv1.2\ nCA证书文件：C:\\Dati\\mosquitto\\ca.crt

\n\n

一切正常，如日志中所报告：

\n\n

1559231176: New connection from 192.168.1.2 on port 8893.\n1559231177: New client connected from 192.168.1.2 as MQTT_FX_Client (c1, k60).\n1559231177: No will message specified.\n1559231177: Sending CONNACK to MQTT_FX_Client (0, 0)\n

\n\n

在我看来，MQTT.fx 和 mosquitto_pub 参数是相同的，但是......无论如何都会出现问题，所以......还有什么？

\n\n

谢谢，\n马西莫

\n