mosquitto icon indicating copy to clipboard operation
mosquitto copied to clipboard

Published 20 hours ago verified publisher icon eclipse

Update documentation

Open mosterdt opened this issue 4 years ago • 2 comments

Thank you for contributing your time to the Mosquitto project!

Before you go any further, please note that we cannot accept contributions if you haven't signed the Eclipse Contributor Agreement. If you aren't able to do that, or just don't want to, please describe your bug fix/feature change in an issue. For simple bug fixes it is can be just as easy for us to be told about the problem and then go fix it directly.

Then please check the following list of things we ask for in your pull request:

  • [x] Have you signed the Eclipse Contributor Agreement, using the same email address as you used in your commits?
  • [x] Do each of your commits have a "Signed-off-by" line, with the correct email address? Use "git commit -s" to generate this line for you.
  • [x] If you are contributing a new feature, is your work based off the develop branch?
  • [x] If you are contributing a bugfix, is your work based off the fixes branch?
  • [x] Have you added an explanation of what your changes do and why you'd like us to include them?
  • [x] Have you successfully run make test with your changes locally?

This pull request addresses some documentation changes regarding the migration to 2.0 and beyond. There is also some discussion around this in #2074 and #2040.

I will repeat here that while I agree that it's a great idea to only bind to the loopback interface by default, restricting the listener to localhost inside a docker container serves no benefit at all. It forces users to always define a mosquitto.conf. And even if mosquitto binds to every address within a docker container, it is still up to the user of the container to bind this port to their own network with e.g. -p 1883:1883. Additionally, users need now also to explicitly allow anonymous users, or set up proper user authentication.

mosterdt avatar Feb 11 '21 22:02 mosterdt

Removed the last commit about docker documentation as this was fixed in 12ff9d5e1491b805605d698c198b681db5c1dcbb

mosterdt avatar Feb 25 '21 22:02 mosterdt

I ended up here for exactly the reasons mentioned by @mosterdt. Docker Hub currently contains the phrasing:

When running the image, the default configuration values are used. To use a custom configuration file, mount a local configuration file to /mosquitto/config/mosquitto.conf

I think this is much too passive, to the point where it misleads people. It seems like the default configuration should "work", so the default configuration yielding a roughly useless container is not a nice experience.

I think the proposed changes (or similar) would be both an opportunity to reduce on-boarding friction for Docker users as well as give insight into the intended security configuration. Judging by #2074 it seems like a number of people are confused, so some prescriptive "this is what'd you'd need to do to get the equivalent of 1.* containers" would be welcome!

tobymurray avatar Jun 13 '21 22:06 tobymurray