Skip to content

Instantly share code, notes, and snippets.

@hardillb hardillb/Dockerfile
Last active Nov 20, 2019

Embed
What would you like to do?
Mosquitto + auth_plugin + mongo
FROM ubuntu:16.04
MAINTAINER Ben Hardill <hardillb@gmail.com>
ENV DEBIAN_FRONTEND noninteractive
USER root
RUN apt-get update && apt-get install -y \
pkg-config \
libssl-dev \
libsasl2-dev \
git \
wget \
mosquitto \
mosquitto-clients \
libmosquitto-dev \
mosquitto-dev \
jq \
curl \
mongodb-clients \
libcurl4-openssl-dev \
cron \
mongodb-server \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /usr/local/src
RUN wget http://mosquitto.org/files/source/mosquitto-1.4.8.tar.gz
RUN tar xvzf ./mosquitto-1.4.8.tar.gz
RUN wget https://github.com/mongodb/mongo-c-driver/releases/download/1.4.2/mongo-c-driver-1.4.2.tar.gz
RUN tar zxf ./mongo-c-driver-1.4.2.tar.gz
WORKDIR /usr/local/src/mongo-c-driver-1.4.2
RUN ./configure
RUN make
RUN make install
WORKDIR /usr/local/src
RUN git clone https://github.com/jpmens/mosquitto-auth-plug.git
WORKDIR /usr/local/src/mosquitto-auth-plug
COPY config.mk /usr/local/src/mosquitto-auth-plug
RUN make
RUN mkdir -p /etc/mosquitto/certs
RUN chown mosquitto /etc/mosquitto
COPY mosquitto.conf /etc/mosquitto/mosquitto.conf-start
COPY mosquitto-tls.conf /usr/local/src
RUN mkdir -p /var/lib/mosquitto
RUN chown mosquitto /var/lib/mosquitto
RUN ln -s /etc/letsencrypt/live/example.com/cert.pem /etc/mosquitto/certs/cert.pem
RUN ln -s /etc/letsencrypt/live/example.com/fullchain.pem /etc/mosquitto/certs/fullchain.pem
RUN ln -s /etc/letsencrypt/live/example.com/privkey.pem /etc/mosquitto/certs/privkey.pem
RUN mkdir -p /usr/local/src/certbot /var/lib/letsencrypt /etc/letsencrypt
WORKDIR /usr/local/src/certbot
RUN wget https://dl.eff.org/certbot-auto
RUN chmod a+x ./certbot-auto
RUN ./certbot-auto --os-packages-only -n
WORKDIR /usr/local/src
COPY startup.sh /usr/local/src
COPY certs.sh /usr/local/src
RUN chmod +x /usr/local/src/startup.sh /usr/local/src/certs.sh
ADD cronttab /etc/cron.d/certs-cron
RUN chmod 0644 /etc/cron.d/certs-cron
RUN touch /var/log/cron.log
ADD mongodb.conf /etc/mongodb.conf
ADD mongodb /etc/default/mongodb
ADD createAdmin.js /usr/local/src
ADD createUsers.js /usr/local/src
RUN mkdir -p /var/log/mongodb /var/lib/mongodb
RUN chown mongodb /var/log/mongodb /var/lib/mongodb
VOLUME ["/etc/letsencrypt", "/var/lib/mongodb"]
EXPOSE 1883 8883 8880 443 27017
CMD ["/bin/sh", "/usr/local/src/startup.sh"]
#!/bin/sh
echo $VCAP_SERVICES
if [ "" = "$VCAP_SERVICES" ] ; then
echo "No VCAP"
else
export MONGO_DB=`echo $VCAP_SERVICES | jq -M -c -r '."mongodb-2.4"[0].credentials.db'`
export MONGO_HOST=`echo $VCAP_SERVICES | jq -M -c -r '."mongodb-2.4"[0].credentials.host'`
export MONGO_PORT=`echo $VCAP_SERVICES | jq -M -c -r '."mongodb-2.4"[0].credentials.port'`
export MONGO_USER=`echo $VCAP_SERVICES | jq -M -c -r '."mongodb-2.4"[0].credentials.username'`
export MONGO_PASSWORD=`echo $VCAP_SERVICES | jq -M -c -r '."mongodb-2.4"[0].credentials.password'`
fi
echo $MONGO_HOST
echo $MONGO_PORT
echo $MONGO_DB
echo $MONGO_USER
echo $MONGO_PASSWORD
sed -e "s/MONGO_USER/$MONGO_USER/" /etc/mosquitto/mosquitto.conf-start | \
sed -e "s/MONGO_PASSWORD/$MONGO_PASSWORD/" | \
sed -e "s/MONGO_HOST/$MONGO_HOST/" | \
sed -e "s/MONGO_PORT/$MONGO_PORT/" | \
sed -e "s/MONGO_DB/$MONGO_DB/" > /etc/mosquitto/mosquitto.conf
if [ "$CERTS" = "true" ]; then
/etc/init.d/cron start
if [ -d "/etc/letsencrypt/live/$DOMAIN" ]; then
/usr/local/src/certs.sh
else
/usr/local/src/certbot/certbot-auto certonly \
-t --standalone --agree-tos \
--preferred-challenges tls-sni-01 -m foobar@gmail.com \
-d "$DOMAIN"
fi
cp /usr/local/src/mosquitto-tls.conf /etc/mosquitto/conf.d
fi
/etc/init.d/mongodb start
sleep 10
if [ ! -f '/var/lib/mongodb/admin.0' ]; then
mongo --verbose admin /usr/local/src/createAdmin.js
fi
if [ ! -f '/var/lib/mongodb/accounts.0' ]; then
mongo --verbose -u superuser -p foo --authenticationDatabase admin /usr/local/src/createUsers.js
fi
cat /etc/mosquitto/mosquitto.conf
mosquitto -c /etc/mosquitto/mosquitto.conf
@khush-bhatia

This comment has been minimized.

Copy link

khush-bhatia commented Apr 26, 2018

This is very helpful. Thanks. Can you please share the certs.sh, createAdmin.js and createUsers.js files ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.