probonopd · June 2, 2019 03:56
diff --git a/mosquitto-on-uberspace.txt b/mosquitto-on-uberspace.txt
 # Make a directory
 mkdir ~/mosquitto
 cd ~/mosquitto

 # Get mosquitto for CentOS 6 and locally unpack it
 wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/oojah:/mqtt/RedHat_RHEL-6/x86_64/mosquitto-1.2-6.1.x86_64.rpm
 rpm2cpio mosquitto-*.rpm | cpio -idmv
 mosquitto-*.rpm

 # Set up ~/service on uberspace
 test -d ~/service || uberspace-setup-svscan

 uberspace-setup-service mosquitto ~/mosquitto/usr/sbin/mosquitto

 # Congratulations - the ~/service/mosquitto service is now ready to use!
 # To control your service you'll need the svc command (hint: svc = service control):

 # To start the service (hint: u = up):
  svc -u ~/service/mosquitto
 # To stop the service (hint: d = down):
  svc -d ~/service/mosquitto
 # To reload the service (hint: h = HUP):
  svc -h ~/service/mosquitto
 # To restart the service (hint: du = down, up):
  svc -du ~/service/mosquitto

 # Log can be viewed with
 cat ~/service/mosquitto/log/main/current 

 # By default mosquitto starts on port 1883; we need to find another
 # free port on uberspace and use that

 cat > etc/mosquitto/mosquitto.conf <<EOF
 port 11883
 persistence true
 persistence_location $HOME/mosquitto/var/lib/mosquitto/
 EOF

 # Create the required directories
 mkdir -p ~/mosquitto/var/log/mosquitto/

 # Try
 ~/mosquitto/usr/sbin/mosquitto -c ~/mosquitto/etc/mosquitto/mosquitto.conf

 # Edit ~/service/mosquitto/run so that the exec line reads:
 exec ~/mosquitto/usr/sbin/mosquitto -c ~/mosquitto/etc/mosquitto/mosquitto.conf 2>&1

 # Restart
 svc -du ~/service/mosquitto

 # Inspect the log
 tail ~/service/mosquitto/log/main/current

 # To remove the service:
  cd ~/service/mosquitto
  rm ~/service/mosquitto
  svc -dx . log
  rm -rf ~/etc/run-mosquitto

 # More information about controlling daemons can be found here:
 # https://uberspace.de/dokuwiki/system:daemontools#wenn_der_daemon_laeuft

 # Uberspace support needs to be informed to open the firewall for the special port.
 # Before we do this though, we need to think about security as the above does not
 # implement any security at all so far.

 ############

 https://blog.uberspace.de/lets-encrypt-rollt-an/

 # Do once
 uberspace-letsencrypt 
 letsencrypt certonly
 uberspace-prepare-certificate -k ~/.config/letsencrypt/live/www.*/privkey.pem -c ~/.config/letsencrypt/live/www.*/cert.pem

 # Do every 90 days
 letsencrypt-renewer --config-dir ~/.config/letsencrypt --logs-dir ~/.config/letsencrypt/logs --work-dir ~/tmp/
 uberspace-prepare-certificate -k ~/.config/letsencrypt/live/www.*/privkey.pem -c ~/.config/letsencrypt/live/www.*/cert.pem

 ############

 http://mosquitto.org/2015/12/using-lets-encrypt-certificates-with-mosquitto/

 If you want to use TLS certificates you’ve generated using the Let’s Encrypt service, this is how you should configure your listener (replace “example.com” with your own domain of course):

 Go to https://www.identrust.com/certificates/trustid/root-download-x3.html to get the DST root certificate. Open a text editor, and paste the contents from that link, surrounding the text with the BEGIN and END lines as below:

    —–BEGIN CERTIFICATE—–

    <pasted content goes here

    —–END CERTIFICATE—–

 Then, each time after your script to automatically generate your certificates runs you should also run:

    cat /etc/letsencrypt/live/example.com/chain.pem /etc/letsencrypt/<your root>.pem > /etc/letsencrypt/live/example.com/chain-ca.pem

 Then use the following for your mosquitto.conf:

    listener 8883
    cafile /etc/letsencrypt/live/example.com/chain-ca.pem
    certfile /etc/letsencrypt/live/example.com/cert.pem
    keyfile /etc/letsencrypt/live/example.com/privkey.pem

 You need to be aware that current versions of mosquitto never update listener settings when running, so when you regenerate the server certificates you will need to completely restart the broker.
	# Make a directory
	mkdir ~/mosquitto
	cd ~/mosquitto

	# Get mosquitto for CentOS 6 and locally unpack it
	wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home:/oojah:/mqtt/RedHat_RHEL-6/x86_64/mosquitto-1.2-6.1.x86_64.rpm
	rpm2cpio mosquitto-*.rpm \| cpio -idmv
	mosquitto-*.rpm

	# Set up ~/service on uberspace
	test -d ~/service \|\| uberspace-setup-svscan

	uberspace-setup-service mosquitto ~/mosquitto/usr/sbin/mosquitto

	# Congratulations - the ~/service/mosquitto service is now ready to use!
	# To control your service you'll need the svc command (hint: svc = service control):

	# To start the service (hint: u = up):
	svc -u ~/service/mosquitto
	# To stop the service (hint: d = down):
	svc -d ~/service/mosquitto
	# To reload the service (hint: h = HUP):
	svc -h ~/service/mosquitto
	# To restart the service (hint: du = down, up):
	svc -du ~/service/mosquitto

	# Log can be viewed with
	cat ~/service/mosquitto/log/main/current

	# By default mosquitto starts on port 1883; we need to find another
	# free port on uberspace and use that

	cat > etc/mosquitto/mosquitto.conf <<EOF
	port 11883
	persistence true
	persistence_location $HOME/mosquitto/var/lib/mosquitto/
	EOF

	# Create the required directories
	mkdir -p ~/mosquitto/var/log/mosquitto/

	# Try
	~/mosquitto/usr/sbin/mosquitto -c ~/mosquitto/etc/mosquitto/mosquitto.conf

	# Edit ~/service/mosquitto/run so that the exec line reads:
	exec ~/mosquitto/usr/sbin/mosquitto -c ~/mosquitto/etc/mosquitto/mosquitto.conf 2>&1

	# Restart
	svc -du ~/service/mosquitto

	# Inspect the log
	tail ~/service/mosquitto/log/main/current

	# To remove the service:
	cd ~/service/mosquitto
	rm ~/service/mosquitto
	svc -dx . log
	rm -rf ~/etc/run-mosquitto

	# More information about controlling daemons can be found here:
	# https://uberspace.de/dokuwiki/system:daemontools#wenn_der_daemon_laeuft

	# Uberspace support needs to be informed to open the firewall for the special port.
	# Before we do this though, we need to think about security as the above does not
	# implement any security at all so far.

	############

	https://blog.uberspace.de/lets-encrypt-rollt-an/

	# Do once
	uberspace-letsencrypt
	letsencrypt certonly
	uberspace-prepare-certificate -k ~/.config/letsencrypt/live/www./privkey.pem -c ~/.config/letsencrypt/live/www./cert.pem

	# Do every 90 days
	letsencrypt-renewer --config-dir ~/.config/letsencrypt --logs-dir ~/.config/letsencrypt/logs --work-dir ~/tmp/
	uberspace-prepare-certificate -k ~/.config/letsencrypt/live/www./privkey.pem -c ~/.config/letsencrypt/live/www./cert.pem

	############

	http://mosquitto.org/2015/12/using-lets-encrypt-certificates-with-mosquitto/

	If you want to use TLS certificates you’ve generated using the Let’s Encrypt service, this is how you should configure your listener (replace “example.com” with your own domain of course):

	Go to https://www.identrust.com/certificates/trustid/root-download-x3.html to get the DST root certificate. Open a text editor, and paste the contents from that link, surrounding the text with the BEGIN and END lines as below:

	—–BEGIN CERTIFICATE—–

	<pasted content goes here

	—–END CERTIFICATE—–

	Then, each time after your script to automatically generate your certificates runs you should also run:

	cat /etc/letsencrypt/live/example.com/chain.pem /etc/letsencrypt/<your root>.pem > /etc/letsencrypt/live/example.com/chain-ca.pem

	Then use the following for your mosquitto.conf:

	listener 8883
	cafile /etc/letsencrypt/live/example.com/chain-ca.pem
	certfile /etc/letsencrypt/live/example.com/cert.pem
	keyfile /etc/letsencrypt/live/example.com/privkey.pem

	You need to be aware that current versions of mosquitto never update listener settings when running, so when you regenerate the server certificates you will need to completely restart the broker.