[mosquitto-dev] config file questions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[mosquitto-dev] config file questions

From: Greg Troxel <gdt@xxxxxxxxxx>
Date: Sun, 30 Jun 2019 20:26:47 -0400
Delivered-to: mosquitto-dev@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/mosquitto-dev>
List-help: <mailto:mosquitto-dev-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/mosquitto-dev>, <mailto:mosquitto-dev-request@eclipse.org?subject=unsubscribe>
Openpgp: id=098ED60E
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (berkeley-unix)

(I've updated the pkgsrc-wip package to install an rc.d startup file and
worked out using the pid_file for this.  These comments are sort of "new
user comments".)

1. Having put two lines in mosquitto.conf via a patch at package time:
  pid_file @VAR_RUN@/mosquitto/mosquitto.pid
  log_dest syslog
I am now thinking about configuring tls and users.  This is making me
think that I really don't want the vast commented example as my config
file, and thus that mosquitto.conf should be renamed to
mosquitto.conf.example, to indicate that it's fodder to read, understand
and take from, rather than something that should be used.

I would then install a minimal config file with the above two lines, and
a persistence directory (as I think the directory should have a
system-sensible default, from the package user's point of view, even if
persistence should not default to on).  (For pkgsrc this should be
/var/db/mosquitto, and be created/chown'd to mosquitto at startup.)

2. mosquitto does not read ${PREFIX}/etc/mosquitto.conf by default, or
at least that's how I read the man page.  I don't know if that is really
intended, but it seems odd to me - normally a daemon has a config file
location, and when started with no arguments reads it.  I admit that I
am definitely thinking it terms of the normal approach being to set up
to run one system version of the daemon -- is that off base?

3. mosquitto(8) and the default config differ about the default for
persistence directory.

4. The documentation for mosquitto-tls tells you to create your own
cert.  In a letsencrypt world this seems off.  Even without, it blurs
the notion of how to configure the user of a certificate/keypair that
you have, and how you might go about getting one.

The capath option does not seem to default to the system's openssl
configuration.  That seems unexpected.  It seems I need to set capath
separately for the server, for the server to use for validating bridges,
and for mosquitto_sub.  I expect all of these to default to the system's
openssl configuration, so that if e.g. I use letsencrypt, everything
will just work.  (I'm implicitly taking the position that validation of
mqtt and validation of https by wget, etc. should more or less be done
the same way.)

I am somewhat surpised to have to create a dhparams file and point to
it, rather than this working by default.  I don't remember having to do
this for apache, postfix, dovecot, but I could well be wrong.  Dovecot
seems to generate params by default at startup:
  https://wiki2.dovecot.org/SSL/DovecotConfiguration

5. The "per_listener_settings" section in mosquitto.conf(5) is
confusing.  It does not explain what it means for authentication to be
separate per listener, and it isn't quite clear what a listener is, and
why one does or doesn't want to use this.

Thanks for listening, Greg

Follow-Ups:
- Re: [mosquitto-dev] config file questions
  - From: Roger Light

References:
- [mosquitto-dev] cnofig file theory, standard approach
  - From: Greg Troxel

Prev by Date: [mosquitto-dev] cnofig file theory, standard approach
Next by Date: Re: [mosquitto-dev] cnofig file theory, standard approach
Previous by thread: [mosquitto-dev] cnofig file theory, standard approach
Next by thread: Re: [mosquitto-dev] config file questions
Index(es):
- Date
- Thread

Breadcrumbs