|
| 1 | +--- |
| 2 | +navTitle: Team Broker |
| 3 | +meta: |
| 4 | + description: How to set up a local instance of EMQX to work with a FlowFuse Development |
| 5 | + tags: |
| 6 | + - flowfuse |
| 7 | + - development |
| 8 | + - contributing |
| 9 | +--- |
| 10 | + |
| 11 | +# Team Broker configuration |
| 12 | + |
| 13 | +The FlowFuse Team Broker makes use of an EMQX instance. |
| 14 | + |
| 15 | +## Requirement |
| 16 | + |
| 17 | + - Docker |
| 18 | + |
| 19 | +## Configuration files |
| 20 | + |
| 21 | +Create a directory where the configuration for your broker will live. Create the following three files, with their respective content, in that directory: |
| 22 | + |
| 23 | + |
| 24 | +cluster.hocon |
| 25 | +``` |
| 26 | +authentication = [ |
| 27 | + { |
| 28 | + backend = http |
| 29 | + body { |
| 30 | + clientId = "${clientid}" |
| 31 | + password = "${password}" |
| 32 | + username = "${username}" |
| 33 | + } |
| 34 | + connect_timeout = "15s" |
| 35 | + enable = true |
| 36 | + enable_pipelining = 100 |
| 37 | + headers { |
| 38 | + content-type = "application/json" |
| 39 | + } |
| 40 | + mechanism = password_based |
| 41 | + method = post |
| 42 | + pool_size = 8 |
| 43 | + request_timeout = "5s" |
| 44 | + ssl { |
| 45 | + ciphers = [] |
| 46 | + depth = 10 |
| 47 | + enable = false |
| 48 | + hibernate_after = "5s" |
| 49 | + log_level = notice |
| 50 | + reuse_sessions = true |
| 51 | + secure_renegotiate = true |
| 52 | + verify = verify_peer |
| 53 | + versions = [ |
| 54 | + "tlsv1.3", |
| 55 | + "tlsv1.2" |
| 56 | + ] |
| 57 | + } |
| 58 | + url = "http://host.docker.internal:3000/api/comms/v2/auth" |
| 59 | + }, |
| 60 | + { |
| 61 | + backend = built_in_database |
| 62 | + bootstrap_file = "${EMQX_ETC_DIR}/auth-built-in-db-bootstrap.csv" |
| 63 | + bootstrap_type = plain |
| 64 | + enable = true |
| 65 | + mechanism = password_based |
| 66 | + password_hash_algorithm {name = plain, salt_position = disable} |
| 67 | + user_id_type = username |
| 68 | + } |
| 69 | +] |
| 70 | +authorization { |
| 71 | + cache { |
| 72 | + enable = true |
| 73 | + excludes = [] |
| 74 | + max_size = 32 |
| 75 | + ttl = "1m" |
| 76 | + } |
| 77 | + deny_action = ignore |
| 78 | + no_match = allow |
| 79 | + sources = [ |
| 80 | + { |
| 81 | + body { |
| 82 | + action = "${action}" |
| 83 | + topic = "${topic}" |
| 84 | + username = "${username}" |
| 85 | + } |
| 86 | + connect_timeout = "15s" |
| 87 | + enable = true |
| 88 | + enable_pipelining = 100 |
| 89 | + headers { |
| 90 | + content-type = "application/json" |
| 91 | + } |
| 92 | + method = post |
| 93 | + pool_size = 8 |
| 94 | + request_timeout = "30s" |
| 95 | + ssl { |
| 96 | + ciphers = [] |
| 97 | + depth = 10 |
| 98 | + enable = false |
| 99 | + hibernate_after = "5s" |
| 100 | + log_level = notice |
| 101 | + reuse_sessions = true |
| 102 | + secure_renegotiate = true |
| 103 | + verify = verify_peer |
| 104 | + versions = [ |
| 105 | + "tlsv1.3", |
| 106 | + "tlsv1.2" |
| 107 | + ] |
| 108 | + } |
| 109 | + type = http |
| 110 | + url = "http://host.docker.internal:3000/api/comms/v2/acls" |
| 111 | + }, |
| 112 | + { |
| 113 | + enable = false |
| 114 | + path = "data/authz/acl.conf" |
| 115 | + type = file |
| 116 | + } |
| 117 | + ] |
| 118 | +} |
| 119 | +listeners { |
| 120 | + tcp { |
| 121 | + default { |
| 122 | + acceptors = 16 |
| 123 | + access_rules = [ |
| 124 | + "allow all" |
| 125 | + ] |
| 126 | + bind = "0.0.0.0:1883" |
| 127 | + enable = true |
| 128 | + enable_authn = true |
| 129 | + max_conn_rate = infinity |
| 130 | + max_connections = infinity |
| 131 | + mountpoint = "${client_attrs.team}" |
| 132 | + proxy_protocol = false |
| 133 | + proxy_protocol_timeout = "3s" |
| 134 | + tcp_options { |
| 135 | + active_n = 100 |
| 136 | + backlog = 1024 |
| 137 | + buffer = "4KB" |
| 138 | + high_watermark = "1MB" |
| 139 | + keepalive = none |
| 140 | + nodelay = true |
| 141 | + reuseaddr = true |
| 142 | + send_timeout = "15s" |
| 143 | + send_timeout_close = true |
| 144 | + } |
| 145 | + zone = default |
| 146 | + } |
| 147 | + } |
| 148 | + ws { |
| 149 | + default { |
| 150 | + acceptors = 16 |
| 151 | + access_rules = [ |
| 152 | + "allow all" |
| 153 | + ] |
| 154 | + bind = "0.0.0.0:8083" |
| 155 | + enable = true |
| 156 | + enable_authn = true |
| 157 | + max_conn_rate = infinity |
| 158 | + max_connections = infinity |
| 159 | + mountpoint = "${client_attrs.team}" |
| 160 | + proxy_protocol = false |
| 161 | + proxy_protocol_timeout = "3s" |
| 162 | + tcp_options { |
| 163 | + active_n = 100 |
| 164 | + backlog = 1024 |
| 165 | + buffer = "4KB" |
| 166 | + high_watermark = "1MB" |
| 167 | + keepalive = none |
| 168 | + nodelay = true |
| 169 | + reuseaddr = true |
| 170 | + send_timeout = "15s" |
| 171 | + send_timeout_close = true |
| 172 | + } |
| 173 | + websocket { |
| 174 | + allow_origin_absence = true |
| 175 | + check_origin_enable = false |
| 176 | + check_origins = "http://localhost:18083, http://127.0.0.1:18083" |
| 177 | + compress = false |
| 178 | + deflate_opts { |
| 179 | + client_context_takeover = takeover |
| 180 | + client_max_window_bits = 15 |
| 181 | + mem_level = 8 |
| 182 | + server_context_takeover = takeover |
| 183 | + server_max_window_bits = 15 |
| 184 | + strategy = default |
| 185 | + } |
| 186 | + fail_if_no_subprotocol = true |
| 187 | + idle_timeout = "7200s" |
| 188 | + max_frame_size = infinity |
| 189 | + mqtt_path = "/" |
| 190 | + mqtt_piggyback = multiple |
| 191 | + proxy_address_header = "x-forwarded-for" |
| 192 | + proxy_port_header = "x-forwarded-port" |
| 193 | + supported_subprotocols = "mqtt, mqtt-v3, mqtt-v3.1.1, mqtt-v5" |
| 194 | + validate_utf8 = true |
| 195 | + } |
| 196 | + zone = default |
| 197 | + } |
| 198 | + } |
| 199 | +} |
| 200 | +dashboard { |
| 201 | + default_password = topSecret |
| 202 | +} |
| 203 | +api_key { |
| 204 | + bootstrap_file = "/mounted/config/api-keys" |
| 205 | +} |
| 206 | +``` |
| 207 | + |
| 208 | +acl.conf |
| 209 | +``` |
| 210 | +{allow, {username, {re, "^dashboard$"}}, subscribe, ["$SYS/#"]}. |
| 211 | +
|
| 212 | +{allow, {ipaddr, "127.0.0.1"}, all, ["$SYS/#", "#"]}. |
| 213 | +
|
| 214 | +{deny, all, subscribe, ["$SYS/#"]}. |
| 215 | +
|
| 216 | +{allow, all}. |
| 217 | +``` |
| 218 | + |
| 219 | +api-keys |
| 220 | +``` |
| 221 | +flowforge:verySecret:administrator |
| 222 | +``` |
| 223 | + |
| 224 | +## Starting |
| 225 | + |
| 226 | +The following docker command should be run in the directory the configuration files were stored. |
| 227 | + |
| 228 | +``` |
| 229 | +docker run -d --rm \ |
| 230 | + -v $(pwd)/cluster.hocon:/opt/emqx/data/configs/cluster.hocon \ |
| 231 | + -v $(pwd)/api-keys:/mounted/config/api-keys \ |
| 232 | + -v $(pwd)/acl.conf:/opt/emqx/data/authz/acl.conf \ |
| 233 | + --add-host=host.docker.internal:host-gateway \ |
| 234 | + -p 1883:1883 -p 8083:8083 -p 18083:18083 --name emqx emqx/emqx:5.8.0 |
| 235 | +``` |
| 236 | + |
| 237 | +## Configuring FlowFuse |
| 238 | + |
| 239 | +Make sure the `broker` section of the `flowfuse.yml` is updated as follows |
| 240 | + |
| 241 | +``` |
| 242 | +broker: |
| 243 | + url: mqtt://[::1]:1883 |
| 244 | + public_url: ws://<ip-of-dev-computer>:8083 |
| 245 | + teamBroker: |
| 246 | + enabled: true |
| 247 | +``` |
| 248 | + |
| 249 | + |
| 250 | +## Access to the EQMX Dashboard |
| 251 | + |
| 252 | +You can log into the EMQX Dashboard at `http://locahost:18083` |
| 253 | + |
| 254 | +Username: `admin` |
| 255 | +Password: `topSecret` |
0 commit comments