From d4b7fa1c31ee623118203d009d507c854c020ac0 Mon Sep 17 00:00:00 2001 From: Joachim Hummel Date: Mon, 3 Nov 2025 22:44:47 +0000 Subject: [PATCH] first commit --- .env.example | 29 +++ .gitignore | 39 ++++ CLAUDE.md | 175 +++++++++++++++++ README.md | 363 +++++++++++++++++++++++++++++++++++ config/acl.conf | 48 +++++ config/mosquitto.conf | 53 +++++ data/mosquitto.db | Bin 0 -> 47 bytes docker-compose.yml | 57 ++++++ mqtt-panel-config.json | 109 +++++++++++ mqttui-data/mqtt_messages.db | Bin 0 -> 40960 bytes setup.sh | 114 +++++++++++ test-mqtt.sh | 69 +++++++ 12 files changed, 1056 insertions(+) create mode 100644 .env.example create mode 100644 .gitignore create mode 100644 CLAUDE.md create mode 100644 README.md create mode 100644 config/acl.conf create mode 100644 config/mosquitto.conf create mode 100644 data/mosquitto.db create mode 100644 docker-compose.yml create mode 100644 mqtt-panel-config.json create mode 100644 mqttui-data/mqtt_messages.db create mode 100644 setup.sh create mode 100644 test-mqtt.sh diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..37c4b9b --- /dev/null +++ b/.env.example @@ -0,0 +1,29 @@ +UID=1000 +GID=1000 + +# MQTT Admin Credentials (Vollzugriff) +MQTT_ADMIN_USERNAME=admin +MQTT_ADMIN_PASSWORD=change_me_admin_password + +# MQTT Panel Credentials (für Web Dashboard) +MQTT_PANEL_USERNAME=panel +MQTT_PANEL_PASSWORD=change_me_panel_password + +# MQTT Test User Credentials +MQTT_TESTUSER_USERNAME=testuser +MQTT_TESTUSER_PASSWORD=change_me_testuser_password + +# MQTT Device 1 Credentials +MQTT_DEVICE1_USERNAME=device1 +MQTT_DEVICE1_PASSWORD=change_me_device1_password + +# MQTT Device 2 Credentials +MQTT_DEVICE2_USERNAME=device2 +MQTT_DEVICE2_PASSWORD=change_me_device2_password + +# MQTT Monitor Credentials (Read-Only) +MQTT_MONITOR_USERNAME=monitor +MQTT_MONITOR_PASSWORD=change_me_monitor_password + +# MQTTUI Configuration (mindestens 32 Zeichen empfohlen) +SECRET_KEY=your-secret-key-here-minimum-32-characters diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..09c10a1 --- /dev/null +++ b/.gitignore @@ -0,0 +1,39 @@ +# MQTT Server - Git Ignore +# ========================= + +# Environment Variables mit Credentials +.env + +# Passwort-Dateien NICHT committen! +passwords.txt + +# Wenn die Datei mit echten Passwörtern gefüllt ist +# NIEMALS committen! + +# Mosquitto Logs +*.log + +# Docker Volumes +mosquitto_data/ +mosquitto_log/ + +# Backup Files +*.bak +*.backup + +# Temporäre Dateien +*.tmp +*.temp +*~ + +# macOS +.DS_Store + +# Windows +Thumbs.db + +# Editor Files +.vscode/ +.idea/ +*.swp +*.swo diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..26ec8bd --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,175 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## Project Overview + +This is a Docker-based MQTT server setup using Eclipse Mosquitto broker with a web-based MQTTUI dashboard. The system provides MQTT messaging on port 1883, WebSocket support on port 9001, and a web dashboard on port 5000. + +## Architecture + +### Container Stack +- **mosquitto**: Eclipse Mosquitto MQTT broker (eclipse-mosquitto:2) + - Runs with user-specified UID/GID from .env + - Two listeners: MQTT (1883) and WebSocket (9001) + - Persistence enabled with data stored in `./data/mosquitto.db` + +- **mqttui**: Web dashboard (terdia07/mqttui:latest) + - Depends on mosquitto service + - Database-enabled for message storage (SQLite) + - Configurable via environment variables + - Stores data in `./mqttui-data/` directory + +### Authentication & Authorization +- **Dual authentication model**: Supports both anonymous and authenticated users +- Anonymous users have limited access to `public/#` and `$SYS/#` topics only (defined in config/acl.conf:6-10) +- Authenticated users require username/password stored in `config/passwords.txt` +- Six user types defined (config/acl.conf): + - `admin`/`joachim`: Full access (readwrite #) + - `panel`: Dashboard user with full access + - `testuser`: Personal topic access (user/testuser/#) + public topics + - `device1`/`device2`: Device-specific write access (devices/deviceX/#) with read-only status + - `monitor`: Global read-only access + +### Configuration Files +- `config/mosquitto.conf`: Main broker configuration (listeners, persistence, auth, logging) +- `config/acl.conf`: Access Control Lists defining per-user topic permissions +- `config/passwords.txt`: Generated by setup.sh, stores hashed passwords (not in repo) +- `.env`: Environment variables for credentials and settings (not in repo, use .env.example) +- `mqtt-panel-config.json`: Legacy config file (current setup uses mqttui instead of mqtt-panel) + +## Development Commands + +### Initial Setup +```bash +# Copy environment template and configure credentials +cp .env.example .env +# Edit .env and set all passwords + +# Make scripts executable +chmod +x setup.sh test-mqtt.sh + +# Start containers +docker-compose up -d + +# Create MQTT users from .env credentials +./setup.sh +``` + +### Container Management +```bash +# Start all services +docker-compose up -d + +# View logs +docker-compose logs -f # All services +docker-compose logs -f mosquitto # Mosquitto only +docker-compose logs -f mqttui # MQTTUI only + +# Restart services +docker-compose restart # All +docker-compose restart mosquitto # Mosquitto only + +# Stop and remove containers +docker-compose down + +# Stop and remove including volumes +docker-compose down -v +``` + +### User Management +```bash +# Add/update user password +docker exec -it mosquitto-mqtt mosquitto_passwd -b /mosquitto/config/passwords.txt USERNAME PASSWORD + +# Delete user +docker exec -it mosquitto-mqtt mosquitto_passwd -D /mosquitto/config/passwords.txt USERNAME + +# After modifying users or ACL, restart Mosquitto +docker-compose restart mosquitto +``` + +### Testing & Debugging +```bash +# Run test script (sends sample messages to various topics) +./test-mqtt.sh + +# Publish to public topic (no auth required) +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "public/test" -m "Hello" + +# Publish with authentication +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "sensors/temperature" -m "22.5" -u admin -P admin123 + +# Subscribe to all topics +docker exec mosquitto-mqtt mosquitto_sub -h localhost -t '#' -v -u admin -P admin123 + +# Subscribe to public topics only (no auth) +docker exec mosquitto-mqtt mosquitto_sub -h localhost -t 'public/#' -v + +# Test Mosquitto configuration +docker exec mosquitto-mqtt mosquitto -c /mosquitto/config/mosquitto.conf -v + +# Access container shell +docker exec -it mosquitto-mqtt sh +docker exec -it mqttui sh +``` + +## Important Notes + +### Security Considerations +- `.env` file contains all credentials and MUST NOT be committed (already in .gitignore) +- Default passwords in .env.example must be changed for production +- Anonymous access is enabled but restricted to `public/#` topics via ACL +- All credentials are loaded from .env by setup.sh (lines setup.sh:8-18) +- The SECRET_KEY in .env is used by mqttui for session management + +### ACL Behavior +- ACL rules are evaluated per-user (config/acl.conf) +- Anonymous users get explicit rules defined under `user anonymous` +- Authenticated users inherit their specific user rules +- Pattern `#` is wildcard for all topics, `+` for single-level wildcard +- After ACL changes, always restart mosquitto: `docker-compose restart mosquitto` + +### MQTTUI Dashboard +- The docker-compose.yml uses mqttui (not mqtt-panel as mentioned in README.md) +- Dashboard connects to broker using credentials from .env: MQTT_PANEL_USERNAME/PASSWORD +- Database storage enabled (DB_PATH=/app/data/mqtt_messages.db) with cleanup after 30 days +- Max 10,000 messages retained in database (DB_MAX_MESSAGES) +- Widget configuration is managed through mqttui web interface, not mqtt-panel-config.json + +### File Permissions +- Mosquitto runs as UID:GID specified in .env (default 1000:1000) +- Ensure config/, data/, and log/ directories have correct permissions +- passwords.txt should be readable by the mosquitto user (chmod 644) + +### Persistence +- MQTT messages persist in `./data/mosquitto.db` +- MQTTUI data stored in `./mqttui-data/mqtt_messages.db` +- To completely reset: `docker-compose down -v` and remove data/log directories + +## Endpoints + +- **MQTT**: localhost:1883 +- **WebSocket**: ws://localhost:9001 +- **Web Dashboard**: http://localhost:5000 + +## Common Patterns + +### Adding a New User Type +1. Add credentials to .env +2. Update setup.sh to create the user (lines setup.sh:59-86) +3. Add ACL rules in config/acl.conf +4. Run `./setup.sh` to create user +5. Restart mosquitto: `docker-compose restart mosquitto` + +### Debugging ACL Issues +1. Enable verbose logging in config/mosquitto.conf (add `log_type all`) +2. Restart mosquitto: `docker-compose restart mosquitto` +3. Check logs: `docker-compose logs -f mosquitto` +4. Look for "DENIED" messages indicating ACL blocks + +### Client Integration +- Use MQTT port 1883 for native MQTT clients (Python paho-mqtt, etc.) +- Use WebSocket port 9001 for browser-based clients +- Provide username/password from .env for authenticated topics +- Use anonymous connection only for public/* topics diff --git a/README.md b/README.md new file mode 100644 index 0000000..67431f4 --- /dev/null +++ b/README.md @@ -0,0 +1,363 @@ +# MQTT Server Setup mit Mosquitto & Web Dashboard + +Komplettes MQTT Setup mit Eclipse Mosquitto Broker und MQTTUI Web Dashboard. + +## Features + +✅ **Mosquitto MQTT Broker** +- MQTT auf Port 1883 +- WebSocket auf Port 9001 +- Passwort-Authentifizierung +- ACL (Access Control Lists) +- Öffentliches Topic ohne Anmeldung (`public/*`) +- Persistenz aktiviert + +✅ **Web Dashboard (MQTTUI)** +- Web-basiertes MQTT Dashboard +- Nachrichtenverlauf mit SQLite Datenbank +- Echtzeit-Updates +- Läuft auf Port 5000 + +## Verzeichnisstruktur + +``` +mqtt/ +├── config/ # Konfigurationsdateien +│ ├── mosquitto.conf # Mosquitto Hauptkonfiguration +│ ├── acl.conf # Access Control Lists +│ └── passwords.txt # User/Passwort Datei (wird generiert) +├── data/ # Mosquitto Persistenz Daten +├── log/ # Mosquitto Log-Dateien +├── mqttui-data/ # MQTTUI Datenbank +├── docker-compose.yml # Docker Setup +├── .env # Umgebungsvariablen (NICHT committen!) +├── .env.example # Beispiel für Umgebungsvariablen +├── mqtt-panel-config.json # Legacy Dashboard Konfiguration +├── setup.sh # Setup-Script für User +├── test-mqtt.sh # Test-Script für MQTT Nachrichten +├── CLAUDE.md # Projekt-Dokumentation für Claude Code +└── README.md # Diese Datei +``` + +## Quick Start + +### 1. Umgebungsvariablen konfigurieren + +```bash +# .env.example als Vorlage kopieren +cp .env.example .env + +# .env editieren und sichere Passwörter setzen +nano .env +``` + +⚠️ **WICHTIG**: Setze sichere Passwörter in der `.env` Datei! + +### 2. Server starten + +```bash +# Container starten +docker-compose up -d + +# Logs anschauen +docker-compose logs -f +``` + +### 3. Benutzer erstellen + +```bash +# Setup-Script ausführbar machen +chmod +x setup.sh + +# User aus .env erstellen +./setup.sh +``` + +Das Script erstellt folgende User (Credentials aus .env): +- `admin` - Vollzugriff +- `panel` - Für Web Dashboard +- `testuser` - Normaler User +- `device1` - IoT Device 1 +- `device2` - IoT Device 2 +- `monitor` - Read-Only + +### 4. Dashboard öffnen + +Web Dashboard: **http://localhost:5000** + +## Zugriff + +### MQTT Endpoints + +- **MQTT**: `localhost:1883` +- **WebSocket**: `ws://localhost:9001` +- **Web Dashboard**: `http://localhost:5000` + +### Öffentliches Topic (ohne Anmeldung) + +Topic: `public/*` + +**Beispiel mit mosquitto_pub:** +```bash +# Nachricht an öffentliches Topic senden (KEINE Authentifizierung) +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "public/test" -m "Hallo Welt!" + +# Öffentliches Topic abhören +docker exec mosquitto-mqtt mosquitto_sub -h localhost -t "public/#" -v +``` + +### Mit Authentifizierung + +**Beispiel mit Admin User:** +```bash +# Mit Authentifizierung publishen (Credentials aus .env verwenden) +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "devices/device1/status" -m "online" -u admin -P + +# Mit Authentifizierung subscriben (Credentials aus .env verwenden) +docker exec mosquitto-mqtt mosquitto_sub -h localhost -t "#" -v -u admin -P +``` + +💡 **Hinweis**: Ersetze `` mit dem Passwort aus deiner `.env` Datei. + +## Benutzerverwaltung + +### Neuen User hinzufügen + +```bash +# User hinzufügen/ändern +docker exec -it mosquitto-mqtt mosquitto_passwd -b /mosquitto/config/passwords.txt USERNAME PASSWORD +``` + +### User löschen + +```bash +docker exec -it mosquitto-mqtt mosquitto_passwd -D /mosquitto/config/passwords.txt USERNAME +``` + +### Mosquitto neu laden (nach User-Änderungen) + +```bash +docker-compose restart mosquitto +``` + +## ACL Konfiguration (acl.conf) + +Die ACL definiert, wer auf welche Topics zugreifen darf: + +### Anonymous User (ohne Anmeldung) +``` +user anonymous +topic read public/# +topic write public/# +``` + +### Admin (alles erlaubt) +``` +user admin +topic readwrite # +``` + +### Device (nur eigene Topics) +``` +user device1 +topic write devices/device1/# +topic read devices/device1/status +topic read public/# +``` + +Nach ACL-Änderungen Container neu starten: +```bash +docker-compose restart mosquitto +``` + +## Dashboard + +Das MQTTUI Dashboard zeigt alle MQTT Nachrichten in Echtzeit an und speichert sie in einer SQLite Datenbank. + +### Dashboard Konfiguration + +Die Dashboard-Einstellungen werden über Umgebungsvariablen in der `.env` Datei konfiguriert: +- `MQTT_PANEL_USERNAME`: Benutzername für den Broker-Zugriff +- `MQTT_PANEL_PASSWORD`: Passwort für den Broker-Zugriff +- `SECRET_KEY`: Session-Key für die Web-Oberfläche + +Nach Änderungen Container neu starten: +```bash +docker-compose restart mqttui +``` + +## Test-Nachrichten senden + +### Via Docker + +```bash +# Öffentlich (ohne Auth) +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "public/message" -m "Test Nachricht" + +# Mit Auth (Passwort aus .env verwenden) +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "sensors/temperature" -m "22.5" -u admin -P +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "sensors/humidity" -m "65" -u admin -P +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "system/cpu" -m "45" -u admin -P +``` + +Oder verwende das Test-Script: +```bash +./test-mqtt.sh +``` + +### Via Python (paho-mqtt) + +```bash +pip install paho-mqtt +``` + +```python +import paho.mqtt.client as mqtt +import os + +# Credentials aus .env laden +admin_user = os.getenv("MQTT_ADMIN_USERNAME", "admin") +admin_pass = os.getenv("MQTT_ADMIN_PASSWORD") + +client = mqtt.Client() +client.username_pw_set(admin_user, admin_pass) +client.connect("localhost", 1883) + +# Nachrichten senden +client.publish("sensors/temperature", "23.4") +client.publish("sensors/humidity", "68") +client.publish("public/message", "Hallo von Python!") + +client.disconnect() +``` + +### Via JavaScript (Browser/Node.js) + +```bash +npm install mqtt +``` + +```javascript +const mqtt = require('mqtt'); + +// Credentials aus Umgebungsvariablen laden +const admin_user = process.env.MQTT_ADMIN_USERNAME || 'admin'; +const admin_pass = process.env.MQTT_ADMIN_PASSWORD; + +const client = mqtt.connect('ws://localhost:9001', { + username: admin_user, + password: admin_pass +}); + +client.on('connect', () => { + console.log('Connected!'); + + // Nachrichten senden + client.publish('sensors/temperature', '24.1'); + client.publish('public/message', 'Hallo von Node.js!'); +}); +``` + +## Troubleshooting + +### Container Logs anschauen + +```bash +# Alle Logs +docker-compose logs -f + +# Nur Mosquitto +docker-compose logs -f mosquitto + +# Nur MQTTUI +docker-compose logs -f mqttui +``` + +### In Container einsteigen + +```bash +# Mosquitto Container +docker exec -it mosquitto-mqtt sh + +# MQTTUI Container +docker exec -it mqttui sh +``` + +### Mosquitto Konfiguration testen + +```bash +docker exec mosquitto-mqtt mosquitto -c /mosquitto/config/mosquitto.conf -v +``` + +### Permissions Fehler + +```bash +# Berechtigungen für passwords.txt setzen +chmod 644 passwords.txt +``` + +### ACL Debug + +Aktiviere Debug-Logging in `mosquitto.conf`: +``` +log_type all +``` + +Dann Container neu starten und Logs prüfen. + +## Sicherheit für Production + +⚠️ **WICHTIG für Production-Umgebungen:** + +1. **Passwörter ändern**: Alle Default-Passwörter ändern! +2. **SSL/TLS aktivieren**: Verschlüsselte Verbindungen einrichten +3. **Firewall konfigurieren**: Nur benötigte Ports öffnen +4. **ACL restriktiv gestalten**: Principle of Least Privilege +5. **Anonymous Access prüfen**: `allow_anonymous false` belassen +6. **Mosquitto Updates**: Regelmäßig Updates einspielen + +### SSL/TLS einrichten (optional) + +1. Zertifikate generieren +2. `mosquitto.conf` erweitern: +``` +listener 8883 +protocol mqtt +cafile /mosquitto/config/ca.crt +certfile /mosquitto/config/server.crt +keyfile /mosquitto/config/server.key +``` + +## Container verwalten + +```bash +# Starten +docker-compose up -d + +# Stoppen +docker-compose stop + +# Neu starten +docker-compose restart + +# Stoppen und löschen +docker-compose down + +# Stoppen, löschen inkl. Volumes +docker-compose down -v + +# Nur mosquitto neu starten +docker-compose restart mosquitto +``` + +## Support & Dokumentation + +- **Mosquitto Docs**: https://mosquitto.org/documentation/ +- **MQTTUI**: https://github.com/nikesh-p/mqttui +- **MQTT.org**: https://mqtt.org/ + +## Lizenz + +Dieses Setup verwendet: +- Eclipse Mosquitto (EPL/EDL) +- MQTTUI (Open Source) diff --git a/config/acl.conf b/config/acl.conf new file mode 100644 index 0000000..33a99d7 --- /dev/null +++ b/config/acl.conf @@ -0,0 +1,48 @@ +# Mosquitto ACL (Access Control List) Konfiguration +# =========================================== + +# ÖFFENTLICHES TOPIC OHNE ANMELDUNG +# Anonymous User haben Zugriff auf public/* Topics +user anonymous +topic read public/# +topic write public/# +# Erlaube anonymous Lesezugriff auf $SYS/# für Healthchecks und Monitoring +topic read $SYS/# + +# ADMINISTRATOR MIT VOLLZUGRIFF +# Admin kann alles lesen und schreiben +user admin +topic readwrite # + +# MQTT-PANEL USER (für Web UI) +# Panel kann alles lesen/schreiben für Dashboard +user panel +topic readwrite # + +# BEISPIEL: Normale authentifizierte User +# User können ihre eigenen Topics lesen/schreiben +user testuser +topic readwrite user/testuser/# +topic read public/# +topic write public/# + +# BEISPIEL: IoT Devices mit eingeschränktem Zugriff +# Device kann nur an seinem eigenen Topic schreiben und Status lesen +user device1 +topic write devices/device1/# +topic read devices/device1/status +topic read public/# + +user device2 +topic write devices/device2/# +topic read devices/device2/status +topic read public/# + +# BEISPIEL: Read-Only User für Monitoring +user monitor +topic read # + +# Pattern für User-spezifische Topics (optional) +# %u wird durch den Username ersetzt +# pattern read sensor/%u/# +# pattern write sensor/%u/# diff --git a/config/mosquitto.conf b/config/mosquitto.conf new file mode 100644 index 0000000..f7f24f2 --- /dev/null +++ b/config/mosquitto.conf @@ -0,0 +1,53 @@ +# Mosquitto MQTT Broker Konfiguration +# =========================================== + +# Listener auf Port 1883 (Standard MQTT Port) +listener 1883 +protocol mqtt + +# WebSocket Support auf Port 9001 (für Browser-Clients und mqtt-panel) +listener 9001 +protocol websockets + +# Logging +log_dest stdout +log_dest file /mosquitto/log/mosquitto.log +log_type error +log_type warning +log_type notice +log_type information +log_timestamp true +log_timestamp_format %Y-%m-%dT%H:%M:%S + +# Connection Logging +connection_messages true + +# Persistenz aktivieren +persistence true +persistence_location /mosquitto/data/ +persistence_file mosquitto.db + +# Authentifizierung aktivieren +# allow_anonymous true ermöglicht anonyme Verbindungen, ACL regelt die Rechte +# Anonymous User haben nur Zugriff auf public/# und $SYS/# (siehe acl.conf) +allow_anonymous true + +# Passwort-Datei +password_file /mosquitto/config/passwords.txt + +# ACL (Access Control List) aktivieren +acl_file /mosquitto/config/acl.conf + +# Maximale Verbindungen +max_connections -1 + +# Message Limits +message_size_limit 0 +max_inflight_messages 20 +max_queued_messages 1000 + +# Keepalive +max_keepalive 65535 + +# QoS Settings +upgrade_outgoing_qos false diff --git a/data/mosquitto.db b/data/mosquitto.db new file mode 100644 index 0000000000000000000000000000000000000000..366600bbec01251ed81810e6cf733252fdb03551 GIT binary patch literal 47 lcmZSB%8;91Tv(b}Qj)KblEeT3Y(R<;hy||7Kt(tpGyv`$2B81| literal 0 HcmV?d00001 diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..6caaf25 --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,57 @@ +services: + mosquitto: + image: eclipse-mosquitto:2 + container_name: mosquitto-mqtt + restart: unless-stopped + user: "${UID:-1000}:${GID:-1000}" + ports: + - "1883:1883" + - "9001:9001" + volumes: + - ./config:/mosquitto/config:rw + - ./data:/mosquitto/data + - ./log:/mosquitto/log + networks: + - mqtt-network + # Healthcheck: beim mosquitto-Image fehlen oft Clients & nc. + # Entweder weglassen oder separaten Sidecar-Check verwenden. + # healthcheck: + # test: ["CMD-SHELL", "test -f /mosquitto/config/mosquitto.conf"] + # interval: 30s + # timeout: 10s + # retries: 3 + # start_period: 10s + + mqttui: + image: terdia07/mqttui:latest + container_name: mqttui + restart: unless-stopped + ports: + - "5000:5000" + environment: + - DEBUG=False + - HOST=0.0.0.0 + - PORT=5000 + - MQTT_BROKER=mosquitto + - MQTT_PORT=1883 + - MQTT_USERNAME=${MQTT_PANEL_USERNAME} + - MQTT_PASSWORD=${MQTT_PANEL_PASSWORD} + - MQTT_KEEPALIVE=60 + - MQTT_VERSION=3.1.1 + - SECRET_KEY=${SECRET_KEY} + - LOG_LEVEL=INFO + - MQTT_TOPICS=# + - DB_ENABLED=True + - DB_PATH=/app/data/mqtt_messages.db + - DB_MAX_MESSAGES=10000 + - DB_CLEANUP_DAYS=30 + volumes: + - ./mqttui-data:/app/data + networks: + - mqtt-network + depends_on: + - mosquitto + +networks: + mqtt-network: + driver: bridge diff --git a/mqtt-panel-config.json b/mqtt-panel-config.json new file mode 100644 index 0000000..e0a23a4 --- /dev/null +++ b/mqtt-panel-config.json @@ -0,0 +1,109 @@ +{ + "broker": "ws://localhost:9001", + "username": "${MQTT_PANEL_USERNAME}", + "password": "${MQTT_PANEL_PASSWORD}", + "title": "MQTT Dashboard", + "theme": { + "primary": "#2196F3", + "accent": "#FF5722" + }, + "widgets": [ + { + "type": "text", + "title": "Öffentliche Nachricht", + "topic": "public/message", + "suffix": "", + "row": 0, + "col": 0, + "sizeX": 2, + "sizeY": 1 + }, + { + "type": "toggle", + "title": "Gerät 1 Ein/Aus", + "topic": "devices/device1/power", + "onValue": "ON", + "offValue": "OFF", + "row": 0, + "col": 2, + "sizeX": 1, + "sizeY": 1 + }, + { + "type": "numeric", + "title": "Temperatur", + "topic": "sensors/temperature", + "suffix": " °C", + "precision": 1, + "row": 1, + "col": 0, + "sizeX": 1, + "sizeY": 1 + }, + { + "type": "numeric", + "title": "Luftfeuchtigkeit", + "topic": "sensors/humidity", + "suffix": " %", + "precision": 0, + "row": 1, + "col": 1, + "sizeX": 1, + "sizeY": 1 + }, + { + "type": "gauge", + "title": "CPU Last", + "topic": "system/cpu", + "min": 0, + "max": 100, + "suffix": " %", + "row": 1, + "col": 2, + "sizeX": 1, + "sizeY": 1 + }, + { + "type": "button", + "title": "Test Nachricht senden", + "topic": "public/test", + "payload": "Hallo MQTT!", + "row": 2, + "col": 0, + "sizeX": 1, + "sizeY": 1 + }, + { + "type": "chart", + "title": "Sensor Verlauf", + "topics": [ + { + "topic": "sensors/temperature", + "label": "Temperatur" + }, + { + "topic": "sensors/humidity", + "label": "Feuchtigkeit" + } + ], + "history": 20, + "row": 2, + "col": 1, + "sizeX": 2, + "sizeY": 2 + }, + { + "type": "slider", + "title": "LED Helligkeit", + "topic": "devices/device1/brightness", + "min": 0, + "max": 100, + "step": 1, + "suffix": " %", + "row": 0, + "col": 3, + "sizeX": 1, + "sizeY": 1 + } + ] +} diff --git a/mqttui-data/mqtt_messages.db b/mqttui-data/mqtt_messages.db new file mode 100644 index 0000000000000000000000000000000000000000..b7b10f12d8bb5fb778219bc2a2e950a9f5221d09 GIT binary patch literal 40960 zcmeI*PjA~~90zba|7?dQ50@$`sN_K$Xw)`}oup}tV0f(=fi~^ZR9X)x3XL-vwMiSh zFa{jT=p^0%R}k72At7->;=+j&7o>5Xv;$Z626&vrCQh7$Af`g~ebgqgpU1yE&*!nT zJ@Hd}@8*_a>9o;mAJ;6J<(}nuo_n2Aj^pC&H_CpU6k#ty&H{Vp`(BTF8Ryb>Ph+uP zI7td{@l@>L%th?$=!2Ozql?m4Y!wm&AOHafKmY;|xCDXo=OrPb&GY9qqgmJQ81*~V zW8E}sw{^2>wN8w~s%5YhR_*x2Ss&dfYidQK#nPsBi;mlZM(IG>DN!fPLMQwZb>q`b zZEqvx+2mXlg~S@G-3_1G4c1E{AS7f~lVzWp*iKHf#4)w7%T1_( zUBqi}@5Qi?NTv9TPpsOzM|#6Jvh;TKq^+B}WqOw)z4xxD*S9q4&7%t*S*Kr&I_t-Z zc0()E-EwhTEg#UgwF9c|S9Xde7H(TBRhE3WY}Sr-TG4J*=zghqb6=ySoeC}OZ*BP( zuj}Sv+c>d|Rh`XGm5yqrRXsEHx*K8Wol>tv zB8i<8&vo_<^Yn-fDyp?JtJPVqdOM;jdzXbzp9>0!xjFtb(&^yNVPSS3L!J)pt{c&j zoy@LVUq_BCHoZU@_`p<_wgmRW$Ipq z7ZUUH{QZwQF`a|mc@B7@IBQ4r)IUGu`ucc$Po300JZjbI1BcO&uHC79AHU84GCuZc z%N*+ajDO#^b&LJ8La*=aY-wuA?e-C+dzG%5#$EmIzQa_<_fY#&F?)}ReaDgS$$KOj z|26)3{I%ET!|akI0kDDqj0eJv>~*{G6H^2@Tk zoXJu}UeD&&_Ddbl(S>I5B zsY1zVWsO-WKB43yKTW9IYC69v=W;#`%&pqvf1doou^%J|KmY;|fB*y_009U<00Izz z00gd#zziRp=bZ@}qCNf(kdHa?1A9P%00bZa0SG_<0uX=z1Rwwb2teRp7kE_+&#IDY z&*B)EThTXzV|31j5KgMR>dxU9DA_l4Lm0|(=LFb);2$8rv-AJ#0SN*SfB*y_009U< z00Izz00bZaf&aIF7@XzpZyLl{Fv+{$83^|Ie|FJ7BnUtN0uX=z1Rwwb2tWV=5P$## zuCPGo0{W8~lmn3ywS?kI6&wGrJDJH{?sU z0to^TfB*y_009U<00Izz00bZafu}4mYO;R+)cuHOB7fMk6!I(uJxhU^U{Z4b0Kh)~ zFA|9(5?LTONP}FE2jnO6=qWc4;UNG42tWV=5P$##AOHafKmY=lBk)2{nA0(<`1&ixJ}qq4jAFbw-=JNG3FjmqxcYcS}a?c6^wFdtNh?;+^9{+}5Ck&8bf z&yXB>hukOMlHb@0BnUtN0uX=z1Rwwb2tWV=5P-mcM&PB;tlGJ%-I$U4LWo@@-#yi7VF4!CEPb%n+`d? /dev/null 2>&1; then + echo "❌ Fehler: Docker ist nicht gestartet!" + exit 1 +fi + +# Prüfe ob Container läuft +if ! docker ps | grep -q mosquitto-mqtt; then + echo "⚠️ Mosquitto Container läuft nicht. Starte Container..." + docker-compose up -d mosquitto + echo "⏳ Warte 5 Sekunden bis Mosquitto gestartet ist..." + sleep 5 +fi + +echo "📝 Erstelle Benutzer in der Passwort-Datei..." +echo "" + +# Admin User +echo "➡️ Erstelle Admin User (Vollzugriff)" +docker exec -it mosquitto-mqtt mosquitto_passwd -b /mosquitto/config/passwords.txt "$MQTT_ADMIN_USERNAME" "$MQTT_ADMIN_PASSWORD" +echo " ✅ User: $MQTT_ADMIN_USERNAME erstellt" + +# Panel User für Web UI +echo "➡️ Erstelle Panel User (für Web Dashboard)" +docker exec -it mosquitto-mqtt mosquitto_passwd -b /mosquitto/config/passwords.txt "$MQTT_PANEL_USERNAME" "$MQTT_PANEL_PASSWORD" +echo " ✅ User: $MQTT_PANEL_USERNAME erstellt" + +# Test User +echo "➡️ Erstelle Test User" +docker exec -it mosquitto-mqtt mosquitto_passwd -b /mosquitto/config/passwords.txt "$MQTT_TESTUSER_USERNAME" "$MQTT_TESTUSER_PASSWORD" +echo " ✅ User: $MQTT_TESTUSER_USERNAME erstellt" + +# Device User +echo "➡️ Erstelle Device1 User" +docker exec -it mosquitto-mqtt mosquitto_passwd -b /mosquitto/config/passwords.txt "$MQTT_DEVICE1_USERNAME" "$MQTT_DEVICE1_PASSWORD" +echo " ✅ User: $MQTT_DEVICE1_USERNAME erstellt" + +echo "➡️ Erstelle Device2 User" +docker exec -it mosquitto-mqtt mosquitto_passwd -b /mosquitto/config/passwords.txt "$MQTT_DEVICE2_USERNAME" "$MQTT_DEVICE2_PASSWORD" +echo " ✅ User: $MQTT_DEVICE2_USERNAME erstellt" + +# Monitor User (Read-Only) +echo "➡️ Erstelle Monitor User (Read-Only)" +docker exec -it mosquitto-mqtt mosquitto_passwd -b /mosquitto/config/passwords.txt "$MQTT_MONITOR_USERNAME" "$MQTT_MONITOR_PASSWORD" +echo " ✅ User: $MQTT_MONITOR_USERNAME erstellt" + +echo "" +echo "================================================" +echo "✅ Setup abgeschlossen!" +echo "================================================" +echo "" +echo "Erstellte User:" +echo " - $MQTT_ADMIN_USERNAME (Vollzugriff)" +echo " - $MQTT_PANEL_USERNAME (für Web Dashboard)" +echo " - $MQTT_TESTUSER_USERNAME (normaler User)" +echo " - $MQTT_DEVICE1_USERNAME (IoT Device 1)" +echo " - $MQTT_DEVICE2_USERNAME (IoT Device 2)" +echo " - $MQTT_MONITOR_USERNAME (Read-Only)" +echo "" +echo "⚠️ Passwörter sind in der .env Datei definiert" +echo "" +echo "Mosquitto neu laden..." +docker exec mosquitto-mqtt mosquitto -c /mosquitto/config/mosquitto.conf & + +echo "" +echo "🚀 MQTT Broker läuft auf:" +echo " - MQTT: localhost:1883" +echo " - WebSocket: ws://localhost:9001" +echo " - Web Dashboard: http://localhost:8080" +echo "" +echo "📡 Öffentliches Topic ohne Authentifizierung:" +echo " - public/*" +echo "" diff --git a/test-mqtt.sh b/test-mqtt.sh new file mode 100644 index 0000000..cc123d5 --- /dev/null +++ b/test-mqtt.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +# MQTT Test Script - Sendet Test-Nachrichten an verschiedene Topics +# =================================================================== + +echo "================================================" +echo "MQTT Server Test" +echo "================================================" +echo "" + +# Prüfe ob Container läuft +if ! docker ps | grep -q mosquitto-mqtt; then + echo "❌ Fehler: Mosquitto Container läuft nicht!" + echo " Starte mit: docker-compose up -d" + exit 1 +fi + +echo "📡 Sende Test-Nachrichten..." +echo "" + +# Test 1: Öffentliches Topic (OHNE Authentifizierung) +echo "1️⃣ Öffentliches Topic (ohne Auth): public/message" +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "public/message" -m "Hallo von public!" +echo " ✅ Gesendet" +echo "" + +# Test 2: Temperature Sensor (MIT Authentifizierung) +echo "2️⃣ Temperature Sensor: sensors/temperature" +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "sensors/temperature" -m "22.5" -u admin -P admin123 +echo " ✅ Gesendet: 22.5°C" +echo "" + +# Test 3: Humidity Sensor +echo "3️⃣ Humidity Sensor: sensors/humidity" +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "sensors/humidity" -m "65" -u admin -P admin123 +echo " ✅ Gesendet: 65%" +echo "" + +# Test 4: CPU Usage +echo "4️⃣ CPU Usage: system/cpu" +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "system/cpu" -m "45" -u admin -P admin123 +echo " ✅ Gesendet: 45%" +echo "" + +# Test 5: Device Power Toggle +echo "5️⃣ Device Power: devices/device1/power" +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "devices/device1/power" -m "ON" -u admin -P admin123 +echo " ✅ Gesendet: ON" +echo "" + +# Test 6: Device Brightness +echo "6️⃣ Device Brightness: devices/device1/brightness" +docker exec mosquitto-mqtt mosquitto_pub -h localhost -t "devices/device1/brightness" -m "75" -u admin -P admin123 +echo " ✅ Gesendet: 75%" +echo "" + +echo "================================================" +echo "✅ Test abgeschlossen!" +echo "================================================" +echo "" +echo "🌐 Öffne das Dashboard: http://localhost:8080" +echo " Die Test-Daten sollten jetzt in den Widgets sichtbar sein." +echo "" +echo "📊 Subscribe auf alle Topics:" +echo " docker exec mosquitto-mqtt mosquitto_sub -h localhost -t '#' -v -u admin -P admin123" +echo "" +echo "📡 Subscribe auf öffentliche Topics (ohne Auth):" +echo " docker exec mosquitto-mqtt mosquitto_sub -h localhost -t 'public/#' -v" +echo ""