Mosquitto + auth_plugin + mongo

Dockerfile

FROM ubuntu:16.04

MAINTAINER Ben Hardill <[email protected]> 

ENV DEBIAN_FRONTEND noninteractive 

USER root

RUN apt-get update && apt-get install -y \ 
	pkg-config \
	libssl-dev \
	libsasl2-dev \
	git \
	wget \
	mosquitto \
	mosquitto-clients \
	libmosquitto-dev \
	mosquitto-dev \
	jq \
	curl \
	mongodb-clients \
	libcurl4-openssl-dev \
	cron \
	mongodb-server \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /usr/local/src
RUN wget http://mosquitto.org/files/source/mosquitto-1.4.8.tar.gz
RUN tar xvzf ./mosquitto-1.4.8.tar.gz

RUN wget https://github.com/mongodb/mongo-c-driver/releases/download/1.4.2/mongo-c-driver-1.4.2.tar.gz
RUN tar zxf ./mongo-c-driver-1.4.2.tar.gz
WORKDIR /usr/local/src/mongo-c-driver-1.4.2
RUN ./configure
RUN make
RUN make install
WORKDIR /usr/local/src

RUN git clone https://github.com/jpmens/mosquitto-auth-plug.git
WORKDIR /usr/local/src/mosquitto-auth-plug
COPY config.mk /usr/local/src/mosquitto-auth-plug
RUN make

RUN mkdir -p /etc/mosquitto/certs
RUN chown mosquitto /etc/mosquitto
COPY mosquitto.conf /etc/mosquitto/mosquitto.conf-start
COPY mosquitto-tls.conf /usr/local/src
RUN mkdir -p /var/lib/mosquitto
RUN chown mosquitto /var/lib/mosquitto
RUN ln -s /etc/letsencrypt/live/example.com/cert.pem /etc/mosquitto/certs/cert.pem
RUN ln -s /etc/letsencrypt/live/example.com/fullchain.pem /etc/mosquitto/certs/fullchain.pem
RUN ln -s /etc/letsencrypt/live/example.com/privkey.pem /etc/mosquitto/certs/privkey.pem

RUN mkdir -p /usr/local/src/certbot /var/lib/letsencrypt /etc/letsencrypt
WORKDIR /usr/local/src/certbot
RUN wget https://dl.eff.org/certbot-auto
RUN chmod a+x ./certbot-auto
RUN ./certbot-auto --os-packages-only -n

WORKDIR /usr/local/src

COPY startup.sh /usr/local/src
COPY certs.sh /usr/local/src
RUN chmod +x /usr/local/src/startup.sh /usr/local/src/certs.sh

ADD cronttab /etc/cron.d/certs-cron
RUN chmod 0644 /etc/cron.d/certs-cron
RUN touch /var/log/cron.log

ADD mongodb.conf /etc/mongodb.conf
ADD mongodb /etc/default/mongodb
ADD createAdmin.js /usr/local/src
ADD createUsers.js /usr/local/src
RUN mkdir -p /var/log/mongodb /var/lib/mongodb
RUN chown mongodb /var/log/mongodb /var/lib/mongodb


VOLUME ["/etc/letsencrypt", "/var/lib/mongodb"]

EXPOSE 1883 8883 8880 443 27017

CMD ["/bin/sh", "/usr/local/src/startup.sh"]

startup.sh

#!/bin/sh

echo $VCAP_SERVICES

if [ "" = "$VCAP_SERVICES" ] ; then
  echo "No VCAP"
else
  export MONGO_DB=`echo $VCAP_SERVICES | jq -M -c -r '."mongodb-2.4"[0].credentials.db'`
  export MONGO_HOST=`echo $VCAP_SERVICES | jq -M -c -r '."mongodb-2.4"[0].credentials.host'`
  export MONGO_PORT=`echo $VCAP_SERVICES | jq -M -c -r '."mongodb-2.4"[0].credentials.port'`
  export MONGO_USER=`echo $VCAP_SERVICES | jq -M -c -r '."mongodb-2.4"[0].credentials.username'`
  export MONGO_PASSWORD=`echo $VCAP_SERVICES | jq -M -c -r '."mongodb-2.4"[0].credentials.password'`
fi

echo $MONGO_HOST
echo $MONGO_PORT
echo $MONGO_DB
echo $MONGO_USER
echo $MONGO_PASSWORD

sed -e "s/MONGO_USER/$MONGO_USER/" /etc/mosquitto/mosquitto.conf-start | \
   sed -e "s/MONGO_PASSWORD/$MONGO_PASSWORD/" | \
   sed -e "s/MONGO_HOST/$MONGO_HOST/" | \
   sed -e "s/MONGO_PORT/$MONGO_PORT/" | \
   sed -e "s/MONGO_DB/$MONGO_DB/" > /etc/mosquitto/mosquitto.conf

if [ "$CERTS" = "true" ]; then

   /etc/init.d/cron start

   if [ -d "/etc/letsencrypt/live/$DOMAIN" ]; then
     /usr/local/src/certs.sh
   else
     /usr/local/src/certbot/certbot-auto certonly \
       -t --standalone --agree-tos \
       --preferred-challenges tls-sni-01 -m [email protected] \
       -d "$DOMAIN"
   fi

   cp /usr/local/src/mosquitto-tls.conf /etc/mosquitto/conf.d

fi

/etc/init.d/mongodb start

sleep 10

if [ ! -f '/var/lib/mongodb/admin.0' ]; then
  mongo --verbose admin /usr/local/src/createAdmin.js
fi

if [ ! -f '/var/lib/mongodb/accounts.0' ]; then
  mongo --verbose -u superuser -p foo --authenticationDatabase admin /usr/local/src/createUsers.js
fi

cat /etc/mosquitto/mosquitto.conf


mosquitto -c /etc/mosquitto/mosquitto.conf