mosquitto icon indicating copy to clipboard operation
mosquitto copied to clipboard

Published 20 hours ago verified publisher icon eclipse

Enable username and password environmental variables in docker image

Open thepotoo opened this issue 6 years ago • 7 comments

Most docker images (e.g. mariadb) allow you to define settings via docker-compose. Right now, it's awkward to manage the username and password - you have to bring in an external file, and then sh into the container and run mosquitto_passwd

It looks like this repository by @thelebster does that - can these changes be merged in to the official branch?

https://github.com/thelebster/example-mosquitto-simple-auth-docker

thepotoo avatar Feb 02 '19 23:02 thepotoo

It sounds like you're asking to have an option of setting a single username and password, and no other users. Is that right? It doesn't sound like a great idea for the majority of users.

ralight avatar Feb 02 '19 23:02 ralight

Correct, that's what I'm asking. Why is having something that's optional a bad idea? Most people I know have a single username/password that they use on their MQTT brokers.

thepotoo avatar Feb 03 '19 00:02 thepotoo

Well, in the example you linked to it's not optional - the docker-entrypoint.sh will exit 1 if not provided with a username or password. Plus the mosquitto config is also hard-coded to disable anonymous access and require the password file. So it's not quite as simple as it may seem to make it optional.

chriswue avatar Feb 12 '19 23:02 chriswue

Hi guys, I have added additional branch with an example of how to use password file.

Add passwordfile to root directory. Keep in mind that file name should be the same in .env file and in Mosquitto configuration file.

In entrypoint file I have used another command: mosquitto_passwd -U passwordfile

Maybe configuration a little overwhelmed, just a fast example. Let me know if I could help.

thelebster avatar Feb 15 '19 18:02 thelebster

Hello, any update on this one?

anubisg1 avatar Mar 19 '22 22:03 anubisg1

Hello, any update on this one?

anubisg1 avatar Mar 19 '22 22:03 anubisg1

You can easily override entrypoint to achieve what you want:

docker run -e MOSQUITTO_PASSWORD_FILE=/mosquitto/passwd_file -e MOSQUITTO_CREDENTIALS=asd:zzzzzzzz --entrypoint /bin/sh eclipse-mosquitto -c "echo $MOSQUITTO_CREDENTIALS > $MOSQUITTO_PASSWORD_FILE && chmod 700 $MOSQUITTO_PASSWORD_FILE && mosquitto_passwd -U $MOSQUITTO_PASSWORD_FILE && /docker-entrypoint.sh /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf"

modify /mosquitto/config/mosquitto.conf to include

      password_file /mosquitto/passwd_file
      allow_anonymous false

how you see fit

mateuszkozakiewicz avatar Dec 24 '23 23:12 mateuszkozakiewicz