first commit
This commit is contained in:
48
config/acl.conf
Normal file
48
config/acl.conf
Normal file
@@ -0,0 +1,48 @@
|
||||
# Mosquitto ACL (Access Control List) Konfiguration
|
||||
# ===========================================
|
||||
|
||||
# ÖFFENTLICHES TOPIC OHNE ANMELDUNG
|
||||
# Anonymous User haben Zugriff auf public/* Topics
|
||||
user anonymous
|
||||
topic read public/#
|
||||
topic write public/#
|
||||
# Erlaube anonymous Lesezugriff auf $SYS/# für Healthchecks und Monitoring
|
||||
topic read $SYS/#
|
||||
|
||||
# ADMINISTRATOR MIT VOLLZUGRIFF
|
||||
# Admin kann alles lesen und schreiben
|
||||
user admin
|
||||
topic readwrite #
|
||||
|
||||
# MQTT-PANEL USER (für Web UI)
|
||||
# Panel kann alles lesen/schreiben für Dashboard
|
||||
user panel
|
||||
topic readwrite #
|
||||
|
||||
# BEISPIEL: Normale authentifizierte User
|
||||
# User können ihre eigenen Topics lesen/schreiben
|
||||
user testuser
|
||||
topic readwrite user/testuser/#
|
||||
topic read public/#
|
||||
topic write public/#
|
||||
|
||||
# BEISPIEL: IoT Devices mit eingeschränktem Zugriff
|
||||
# Device kann nur an seinem eigenen Topic schreiben und Status lesen
|
||||
user device1
|
||||
topic write devices/device1/#
|
||||
topic read devices/device1/status
|
||||
topic read public/#
|
||||
|
||||
user device2
|
||||
topic write devices/device2/#
|
||||
topic read devices/device2/status
|
||||
topic read public/#
|
||||
|
||||
# BEISPIEL: Read-Only User für Monitoring
|
||||
user monitor
|
||||
topic read #
|
||||
|
||||
# Pattern für User-spezifische Topics (optional)
|
||||
# %u wird durch den Username ersetzt
|
||||
# pattern read sensor/%u/#
|
||||
# pattern write sensor/%u/#
|
||||
53
config/mosquitto.conf
Normal file
53
config/mosquitto.conf
Normal file
@@ -0,0 +1,53 @@
|
||||
# Mosquitto MQTT Broker Konfiguration
|
||||
# ===========================================
|
||||
|
||||
# Listener auf Port 1883 (Standard MQTT Port)
|
||||
listener 1883
|
||||
protocol mqtt
|
||||
|
||||
# WebSocket Support auf Port 9001 (für Browser-Clients und mqtt-panel)
|
||||
listener 9001
|
||||
protocol websockets
|
||||
|
||||
# Logging
|
||||
log_dest stdout
|
||||
log_dest file /mosquitto/log/mosquitto.log
|
||||
log_type error
|
||||
log_type warning
|
||||
log_type notice
|
||||
log_type information
|
||||
log_timestamp true
|
||||
log_timestamp_format %Y-%m-%dT%H:%M:%S
|
||||
|
||||
# Connection Logging
|
||||
connection_messages true
|
||||
|
||||
# Persistenz aktivieren
|
||||
persistence true
|
||||
persistence_location /mosquitto/data/
|
||||
persistence_file mosquitto.db
|
||||
|
||||
# Authentifizierung aktivieren
|
||||
# allow_anonymous true ermöglicht anonyme Verbindungen, ACL regelt die Rechte
|
||||
# Anonymous User haben nur Zugriff auf public/# und $SYS/# (siehe acl.conf)
|
||||
allow_anonymous true
|
||||
|
||||
# Passwort-Datei
|
||||
password_file /mosquitto/config/passwords.txt
|
||||
|
||||
# ACL (Access Control List) aktivieren
|
||||
acl_file /mosquitto/config/acl.conf
|
||||
|
||||
# Maximale Verbindungen
|
||||
max_connections -1
|
||||
|
||||
# Message Limits
|
||||
message_size_limit 0
|
||||
max_inflight_messages 20
|
||||
max_queued_messages 1000
|
||||
|
||||
# Keepalive
|
||||
max_keepalive 65535
|
||||
|
||||
# QoS Settings
|
||||
upgrade_outgoing_qos false
|
||||
Reference in New Issue
Block a user