Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use EMQ X Auth & ACL based on MySQL". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn how to use EMQ X Auth & ACL based on MySQL.

Emqx-auth-mysql implements access control to the terminal by checking whether the username and password accessed by each terminal are consistent with the information stored in the user-specified MySQL database. Its functional logic is as follows:

This article assumes that MySQL is already installed on your machine and that you can connect to the MySQL server. Note: the open source version of EMQ X does not support MySQL 8.0 until v3.1-beta.2, so the following applies only to MySQL version 5.7 and below.

$mysql-- versionmysql Ver 14.14 Distrib 5.7.25, for macos10.14 (x86x64) using EditLine wrapper plugin configuration item description

Mqtt.sql

Emqx-auth-mysql provides mqtt.sql files to help users quickly create datasheets and import default data. Mqtt.sql will import the following default rules for the mqtt_acl data table:

Mysql > select * from mqtt_acl +-+ | id | allow | ipaddr | username | clientid | access | topic | +- -+ | 1 | 1 | NULL | $all | NULL | 2 | # | 2 | 0 | NULL | $all | NULL | 1 | $SYS/# | | 3 | 0 | NULL | $all | NULL | 1 | eq # | 4 | 1 | 127.0.0.1 | | NULL | NULL | 2 | $SYS/# | | 5 | 1 | 127.0.0.1 | NULL | NULL | 2 | # | 6 | 1 | NULL | dashboard | NULL | 1 | $SYS/# | +-- + | -+-+ 6 rows in set (0.00 sec)

Allow-1: allow; 0: deny

Access-1: subscribe; 2: publish; 3: publish and subscribe

The above rules respectively indicate:

Allow any user to post messages on any topic except the beginning of the'$'character

Deny any user subscription to any topic that starts with "$SYS/"

Deny any user subscription to the "#" topic

Allow local users to post any topic that starts with "$SYS/"

Allow local users to publish messages for any topic except the beginning of the'$'character

Allow dashboard users to subscribe to any topic that starts with "$SYS/"

In addition, users can import custom ACL rules.

Functional Verification of Auth and ACL

Install mosquitto in Mac environment

Brew install mosquitto

Create a database and import data

The mqtt.sql path can be changed according to the actual situation.

Mysql > create database mqtt;mysql > use mqtt;mysql > source. / emqx_auth_mysql/mqtt.sqlmysql > insert into mqtt_user (id, is_superuser, username, password, salt)-> values (1, false, 'test',' password', 'salt'); mysql > insert into mqtt_acl (id, allow, ipaddr, username, clientid, access, topic)-> values (7,0, NULL,' test', NULL, 1, 'mytopic'); mysql > exit

Modify the configuration file

Anonymous access is prohibited:

# #... / etc/emqx.confallow_anonymous = false

The password in the configuration database is encrypted by plain, that is, it is not encrypted:

# #... / etc/plugins/emqx_auth_mysql.confauth.mysql.password_hash = plain

Configure the database to access and the username and password:

# #... / etc/plugins/emqx_auth_mysql.confauth.mysql.username = rootauth.mysql.password = publicauth.mysql.database = mqtt

Start EMQ X and emqx-auth-mysql

$. / _ rel/emqx/bin/emqx startemqx 3.1 is started fully fulfilled $. / _ rel/emqx/bin/emqx_ctl plugins load emqx_auth_mysql

test

Connect with the correct user name and password and subscribe to the "topic" topic

$mosquitto_sub-p 1883-u test-P password-t 'topic'-dClient mosqsub | 91114-zhouzibod sending CONNECTClient mosqsub | 91114-zhouzibod received CONNACKClient mosqsub | 91114-zhouzibod sending SUBSCRIBE (Mid: 1, Topic: topic, QoS: 0) Client mosqsub | 91114-zhouzibod received SUBACKSubscribed (mid: 1): 0

Symptom: connect and subscribe successfully

Connect with the wrong user name or password and subscribe to the "topic" topic

$mosquitto_sub-p 1883-u bad_user-P password-t 'topic'-dClient mosqsub | 91136-zhouzibod sending CONNECTClient mosqsub | 91136-zhouzibod received CONNACKConnection Refused: not authorised.

Phenomenon: connection denied

Connect with the correct user name and password and subscribe to the "#" topic

$mosquitto_sub-p 1883-u test-P password-t'#'- dClient mosqsub | 11257-zhouzibod sending CONNECTClient mosqsub | 11257-zhouzibod received CONNACKClient mosqsub | 11257-zhouzibod sending SUBSCRIBE (Mid: 1, Topic: #, QoS: 0) Client mosqsub | 11257-zhouzibod received SUBACKSubscribed (mid: 1): 128

Symptom: connection succeeded, subscription failed, reason code 128

Connect with the correct user name and password and subscribe to the "mytopic" topic

$mosquitto_sub-p 1883-u test-P password-t 'mytopic'-dClient mosqsub | 13606-zhouzibod sending CONNECTClient mosqsub | 13606-zhouzibod received CONNACKClient mosqsub | 13606-zhouzibod sending SUBSCRIBE (Mid: 1, Topic: mytopic, QoS: 0) Client mosqsub | 13606-zhouzibod received SUBACKSubscribed (mid: 1): 128

Symptom: connection succeeded, subscription failed, reason code 128

Thank you for reading, the above is the content of "how to use EMQ X Auth & ACL based on MySQL". After the study of this article, I believe you have a deeper understanding of how to use EMQ X Auth & ACL based on MySQL, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.