Skip to content

Instantly share code, notes, and snippets.

@lixit

lixit/install_emqx.md

Last active September 18, 2019 02:33
Show Gist options
  • Save lixit/013bb228377c4be86b2f2d2c10992e6e to your computer and use it in GitHub Desktop.
Save lixit/013bb228377c4be86b2f2d2c10992e6e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
install_emqx.md

Install in Ubuntu:

# download: https://www.emqx.io/downloads/broker?osType=Linux
# unzip emqx-ubuntu18.04-v3.2.2.zip && cd emqx
# start emqx
./bin/emqx start
# Check the running status
./bin/emqx_ctl status
# stop emqx
./bin/emqx stop

MQTT client can connect it though port 1883
web console: http://127.0.0.1:18083 . Default username: admin,password:public

Install from source:

# install Erlang. Note: emqx is built on Erlang programming language.
# install rebar3: A sophisticated build-tool for Erlang projects that follows OTP principles

#Get the source code
git clone -b v3.2.0 https://github.com/emqx/emqx-rel.git
#Set environment variables
$ export EMQX_DEPS_DEFAULT_VSN=v3.2.0
#Compile
$ cd emqx-rel && make
#Start EMQ X
cd _build/emqx/rel/emqx
./bin/emqx start
#   emqx v3.2.0 is started successfully!

./bin/emqx_ctl status
#	Node 'emqx@127.0.0.1' is started
#	emqx 3.2.0 is running

The default TCP ports used by the EMQ X message server include:

Port Protocol
1883 MQTT protocol port
8883 MQTT/SSL port
8083 MQTT/WebSocket port
8080 HTTP API port
18083 Dashboard Management Console Port

Using the mosquitto_sub/pub client on command line to publish and to subscribe to messages:

mosquitto_sub -h 127.0.0.1 -p 1883 -t topic -q 2
mosquitto_pub -h 127.0.0.1 -p 1883 -t topic -q 1 -m "Hello, MQTT!"

Using username & password to connect to server

cd /home/x/work/emqx-rel/_build/emqx/rel/emqx
# add a user
./bin/emqx_ctl users add ElonMusk password
# config emqx
vim ./etc/emqx.conf
#	allow_anonymous = false
# enable plugins
./bin/emqx_ctl plugins list
./bin/emqx_ctl plugins load emqx_auth_username
# restart emqx
./bin/emqx restart
./bin/emqx --help
#		Usage: emqx {start|start_boot
#       <file>|ertspath|foreground|stop|restart|reboot|pid|ping|console|console_clean|console_boot
#       <file>|attach|remote_console|upgrade|escript|rpc|rpcterms|eval}

# connect	
mosquitto_sub -h 127.0.0.1 -p 1883 -d -t topic -q 2 -u ElonMusk -P password
mosquitto_pub -h 127.0.0.1 -p 1883 -d -t topic -q 2 -m "Hello, Username!" -u ElonMusk -P password

Connect server by TLS

mosquitto_sub -h 127.0.0.1 -p 8883 -d -t topic -q 2 -u ElonMusk -P password --psk 1234 --psk-identity client1
mosquitto_pub -h 127.0.0.1 -p 8883 -d -t topic -q 2 -m "Hello TLS" -u Sender -P password --psk 1234 --psk-identity client1

Configution

File Description
etc/emqx.conf EMQ X 3.0 Configuration File
etc/acl.conf The default ACL File
etc/plugins/*.conf Config Files of Plugins

Configuration file processing flow during EMQ X start-up::

   ----------------------                                          3.0/schema/*.schema      -------------------
   | etc/emqx.conf      |                   -----------------              \|/              | data/app.config |
   |       +            | --> mergeconf --> | data/app.conf | -->  cuttlefish generate  --> |                 |
   | etc/plugins/*.conf |                   -----------------                               | data/vm.args    |
   ----------------------                                                                   -------------------

Authentication

authetication is provided by a seriers of authentication plugins
supports authentication by username, password, ClientID or anonymous
anonymous is default
Multiple auth plug-ins can be started at the same time. The plug-in that starts first checks first.

Username Auth -> ClientID Auth -> Anonymous Auth

Modify etc/emqx.conf

enable anonymous authentication: allow_anonymous = true
Access Control List:
acl_nomatch = allow
acl_file = etc/acl.conf

etc/acl.conf

%% Allows 'dashboard' users to subscribe to '$SYS/#'
{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
%% Allows local user to publish and subscribe to all topics
{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
%% Deny all the users to subscribe to '$SYS/#' and '#' topics except local users
{deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
%% Allows any situation other than the above rules
{allow, all}.

The authentication plugins provided by EMQ X include:

plugins description
emqx_auth_clientid ClientId authentication plugin
emqx_auth_username username and password authentication plugin
emqx_auth_jwt JWT authentication plugin
emqx_auth_ldap LDAP authentication plugin
emqx_auth_http HTTP authentication plugin
emqx_auth_mysql MySQ Lauthentication plugin
emqx_auth_pgsql Postgre authentication plugin
emqx_auth_redis Redis authentication plugin
emqx_auth_mongo MongoDB authentication plugin

Bridge

RPC bridge
MQTT bridge

configure:
etc/plugins/emqx_bridge_mqtt.conf

HTTP Publish API

through which an application server or web server can publish MQTT messages

MQTT WebSocket Connection

web browsers or applications can connect directly to the broker via WebSocket

EMQ X Node Connection Method:

	##  Specify the Erlang Distributed Communication Protocol: inet_tcp | inet6_tcp | inet_tls
	node.proto_dist = inet_tcp
	
	Files for storing SSL/TLS options when Erlang distributed using TLS:
	node.ssl_dist_optfile = etc/ssl_dist.conf

MQTT/SSL Listener - 8883

	SSL listening port:
	listener.ssl.external = 8883
	Path of the file containing the user’s private key:
	listener.ssl.external.keyfile = etc/certs/key.pem
	
	Path of the file containing the user certificate:
	listener.ssl.external.certfile = etc/certs/cert.pem
	
	Path of the file containing the CA certificate:
	## listener.ssl.external.cacertfile = etc/certs/cacert.pem
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment