commit e9d6cf2fa75aa047144d0f9dc66976927d08e1a0 Author: Niko Abeler Date: Sat Feb 4 16:15:16 2023 +0100 rabbitmq with mqtt diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..ee51f2e --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,15 @@ +version: "3.7" +services: + rabbitmq: + hostname: rabbitmq + image: rabbitmq:3.11-management + command: rabbitmq-server + ports: + - "24001:5672" + - "24002:15672" + - "24003:1883" + - "24004:8883" + volumes: + - ./rabbitmq/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro + - ./rabbitmq/definitions.json:/etc/rabbitmq/definitions.json:ro + - ./rabbitmq/enabled_plugins:/etc/rabbitmq/enabled_plugins:rw \ No newline at end of file diff --git a/rabbitmq/definitions.json b/rabbitmq/definitions.json new file mode 100644 index 0000000..eb4795c --- /dev/null +++ b/rabbitmq/definitions.json @@ -0,0 +1,43 @@ +{ + "rabbit_version": "3.9", + "users": [ + { + "name": "sensor", + "password_hash": "oSMxBdl8oK3JPrBu2qWibnYqfCN4U+K/u9p8qNk4u1ev9kL7", + "hashing_algorithm": "rabbit_password_hashing_sha256", + "tags": "" + }, + { + "name": "adminuser", + "password_hash": "jU+b1o2Q6HWefFSFMRyPwAdjLenS3+9yqu8L3Y4GIBtf3gKB", + "hashing_algorithm": "rabbit_password_hashing_sha256", + "tags": "administrator" + } + ], + "vhosts": [ + { + "name": "\/" + } + ], + "permissions": [ + { + "user": "adminuser", + "vhost": "\/", + "configure": ".*", + "write": ".*", + "read": ".*" + }, + { + "user": "sensor", + "vhost": "\/", + "configure": ".*", + "write": ".*", + "read": ".*" + } + ], + "parameters": [], + "policies": [], + "queues": [], + "exchanges": [], + "bindings": [] +} diff --git a/rabbitmq/enabled_plugins b/rabbitmq/enabled_plugins new file mode 100644 index 0000000..73c869b --- /dev/null +++ b/rabbitmq/enabled_plugins @@ -0,0 +1 @@ +[rabbitmq_management,rabbitmq_prometheus,rabbitmq_mqtt]. \ No newline at end of file diff --git a/rabbitmq/hash_password.py b/rabbitmq/hash_password.py new file mode 100644 index 0000000..aef32b6 --- /dev/null +++ b/rabbitmq/hash_password.py @@ -0,0 +1,31 @@ +#!/usr/bin/env python3 + +# rabbitMQ password hashing algo as laid out in: +# http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2011-May/012765.html + +from __future__ import print_function +import base64 +import os +import hashlib +import sys + +# This is the password we wish to encode +password = sys.argv[1] + +# 1.Generate a random 32 bit salt: +# This will generate 32 bits of random data: +salt = os.urandom(4) + +# 2.Concatenate that with the UTF-8 representation of the plaintext password +tmp0 = salt + password.encode("utf-8") + +# 3. Take the SHA256 hash and get the bytes back +tmp1 = hashlib.sha256(tmp0).digest() + +# 4. Concatenate the salt again: +salted_hash = salt + tmp1 + +# 5. convert to base64 encoding: +pass_hash = base64.b64encode(salted_hash) + +print(pass_hash.decode("utf-8")) diff --git a/rabbitmq/rabbitmq.conf b/rabbitmq/rabbitmq.conf new file mode 100644 index 0000000..52c18cb --- /dev/null +++ b/rabbitmq/rabbitmq.conf @@ -0,0 +1,11 @@ +loopback_users.guest = false +management.load_definitions = /etc/rabbitmq/definitions.json + + +# mqtt +mqtt.listeners.tcp.default = 1883 +mqtt.allow_anonymous = false +mqtt.exchange = amq.topic +mqtt.vhost = / + +