chore(security): broker with tls config + cloud env
This commit is contained in:
Leandro Antônio Farias Machado
parent
3953a0d09f
commit
228fef7d21
1
backend/services/controller/.gitignore
vendored
1
backend/services/controller/.gitignore
vendored
|
|
@ -1 +1,2 @@
|
||||||
/.env.local
|
/.env.local
|
||||||
|
run.prod.sh
|
||||||
1
backend/services/controller/run.sh
Normal file
1
backend/services/controller/run.sh
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
go run cmd/oktopus/main.go -u root -P root -mongo mongodb://172.16.238.3:27017/
|
||||||
2
backend/services/mochi/.gitignore
vendored
2
backend/services/mochi/.gitignore
vendored
|
|
@ -1,3 +1,5 @@
|
||||||
cmd/mqtt
|
cmd/mqtt
|
||||||
.DS_Store
|
.DS_Store
|
||||||
*.db
|
*.db
|
||||||
|
auth.prod.json
|
||||||
|
run.prod.sh
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,11 @@ package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
|
"crypto/tls"
|
||||||
"flag"
|
"flag"
|
||||||
"github.com/mochi-co/mqtt/v2/packets"
|
"github.com/mochi-co/mqtt/v2/packets"
|
||||||
"github.com/rs/zerolog"
|
"github.com/rs/zerolog"
|
||||||
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"os/signal"
|
"os/signal"
|
||||||
|
|
@ -23,35 +25,35 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
testCertificate = []byte(`-----BEGIN CERTIFICATE-----
|
// testCertificate = []byte(`-----BEGIN CERTIFICATE-----
|
||||||
MIIB/zCCAWgCCQDm3jV+lSF1AzANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJB
|
//MIIB/zCCAWgCCQDm3jV+lSF1AzANBgkqhkiG9w0BAQsFADBEMQswCQYDVQQGEwJB
|
||||||
VTETMBEGA1UECAwKU29tZS1TdGF0ZTERMA8GA1UECgwITW9jaGkgQ28xDTALBgNV
|
//VTETMBEGA1UECAwKU29tZS1TdGF0ZTERMA8GA1UECgwITW9jaGkgQ28xDTALBgNV
|
||||||
BAsMBE1RVFQwHhcNMjAwMTA0MjAzMzQyWhcNMjEwMTAzMjAzMzQyWjBEMQswCQYD
|
//BAsMBE1RVFQwHhcNMjAwMTA0MjAzMzQyWhcNMjEwMTAzMjAzMzQyWjBEMQswCQYD
|
||||||
VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTERMA8GA1UECgwITW9jaGkgQ28x
|
//VQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTERMA8GA1UECgwITW9jaGkgQ28x
|
||||||
DTALBgNVBAsMBE1RVFQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKz2bUz3
|
//DTALBgNVBAsMBE1RVFQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKz2bUz3
|
||||||
AOymssVLuvSOEbQ/sF8C/Ill8nRTd7sX9WBIxHJZf+gVn8lQ4BTQ0NchLDRIlpbi
|
//AOymssVLuvSOEbQ/sF8C/Ill8nRTd7sX9WBIxHJZf+gVn8lQ4BTQ0NchLDRIlpbi
|
||||||
OuZgktpd6ba8sIfVM4jbVprctky5tGsyHRFwL/GAycCtKwvuXkvcwSwLvB8b29EI
|
//OuZgktpd6ba8sIfVM4jbVprctky5tGsyHRFwL/GAycCtKwvuXkvcwSwLvB8b29EI
|
||||||
MLQ/3vNnYuC3eZ4qqxlODJgRsfQ7mUNB8zkLAgMBAAEwDQYJKoZIhvcNAQELBQAD
|
//MLQ/3vNnYuC3eZ4qqxlODJgRsfQ7mUNB8zkLAgMBAAEwDQYJKoZIhvcNAQELBQAD
|
||||||
gYEAiMoKnQaD0F/J332arGvcmtbHmF2XZp/rGy3dooPug8+OPUSAJY9vTfxJwOsQ
|
//gYEAiMoKnQaD0F/J332arGvcmtbHmF2XZp/rGy3dooPug8+OPUSAJY9vTfxJwOsQ
|
||||||
qN1EcI+kIgrGxzA3VRfVYV8gr7IX+fUYfVCaPGcDCfPvo/Ihu757afJRVvpafWgy
|
//qN1EcI+kIgrGxzA3VRfVYV8gr7IX+fUYfVCaPGcDCfPvo/Ihu757afJRVvpafWgy
|
||||||
zSpDZYu6C62h3KSzMJxffDjy7/2t8oYbTzkLSamsHJJjLZw=
|
//zSpDZYu6C62h3KSzMJxffDjy7/2t8oYbTzkLSamsHJJjLZw=
|
||||||
-----END CERTIFICATE-----`)
|
//-----END CERTIFICATE-----`)
|
||||||
|
//
|
||||||
testPrivateKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
|
// testPrivateKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
|
||||||
MIICXAIBAAKBgQCs9m1M9wDsprLFS7r0jhG0P7BfAvyJZfJ0U3e7F/VgSMRyWX/o
|
//MIICXAIBAAKBgQCs9m1M9wDsprLFS7r0jhG0P7BfAvyJZfJ0U3e7F/VgSMRyWX/o
|
||||||
FZ/JUOAU0NDXISw0SJaW4jrmYJLaXem2vLCH1TOI21aa3LZMubRrMh0RcC/xgMnA
|
//FZ/JUOAU0NDXISw0SJaW4jrmYJLaXem2vLCH1TOI21aa3LZMubRrMh0RcC/xgMnA
|
||||||
rSsL7l5L3MEsC7wfG9vRCDC0P97zZ2Lgt3meKqsZTgyYEbH0O5lDQfM5CwIDAQAB
|
//rSsL7l5L3MEsC7wfG9vRCDC0P97zZ2Lgt3meKqsZTgyYEbH0O5lDQfM5CwIDAQAB
|
||||||
AoGBAKlmVVirFqmw/qhDaqD4wBg0xI3Zw/Lh+Vu7ICoK5hVeT6DbTW3GOBAY+M8K
|
//AoGBAKlmVVirFqmw/qhDaqD4wBg0xI3Zw/Lh+Vu7ICoK5hVeT6DbTW3GOBAY+M8K
|
||||||
UXBSGhQ+/9ZZTmyyK0JZ9nw2RAG3lONU6wS41pZhB7F4siatZfP/JJfU6p+ohe8m
|
//UXBSGhQ+/9ZZTmyyK0JZ9nw2RAG3lONU6wS41pZhB7F4siatZfP/JJfU6p+ohe8m
|
||||||
n22hTw4brY/8E/tjuki9T5e2GeiUPBhjbdECkkVXMYBPKDZhAkEA5h/b/HBcsIZZ
|
//n22hTw4brY/8E/tjuki9T5e2GeiUPBhjbdECkkVXMYBPKDZhAkEA5h/b/HBcsIZZ
|
||||||
mL2d3dyWkXR/IxngQa4NH3124M8MfBqCYXPLgD7RDI+3oT/uVe+N0vu6+7CSMVx6
|
//mL2d3dyWkXR/IxngQa4NH3124M8MfBqCYXPLgD7RDI+3oT/uVe+N0vu6+7CSMVx6
|
||||||
INM67CuE0QJBAMBpKW54cfMsMya3CM1BfdPEBzDT5kTMqxJ7ez164PHv9CJCnL0Z
|
//INM67CuE0QJBAMBpKW54cfMsMya3CM1BfdPEBzDT5kTMqxJ7ez164PHv9CJCnL0Z
|
||||||
AuWgM/p2WNbAF1yHNxw1eEfNbUWwVX2yhxsCQEtnMQvcPWLSAtWbe/jQaL2scGQt
|
//AuWgM/p2WNbAF1yHNxw1eEfNbUWwVX2yhxsCQEtnMQvcPWLSAtWbe/jQaL2scGQt
|
||||||
/F9JCp/A2oz7Cto3TXVlHc8dxh3ZkY/ShOO/pLb3KOODjcOCy7mpvOrZr6ECQH32
|
///F9JCp/A2oz7Cto3TXVlHc8dxh3ZkY/ShOO/pLb3KOODjcOCy7mpvOrZr6ECQH32
|
||||||
WoFPqImhrfryaHi3H0C7XFnC30S7GGOJIy0kfI7mn9St9x50eUkKj/yv7YjpSGHy
|
//WoFPqImhrfryaHi3H0C7XFnC30S7GGOJIy0kfI7mn9St9x50eUkKj/yv7YjpSGHy
|
||||||
w0lcV9npyleNEOqxLXECQBL3VRGCfZfhfFpL8z+5+HPKXw6FxWr+p5h8o3CZ6Yi3
|
//w0lcV9npyleNEOqxLXECQBL3VRGCfZfhfFpL8z+5+HPKXw6FxWr+p5h8o3CZ6Yi3
|
||||||
OJVN3Mfo6mbz34wswrEdMXn25MzAwbhFQvCVpPZrFwc=
|
//OJVN3Mfo6mbz34wswrEdMXn25MzAwbhFQvCVpPZrFwc=
|
||||||
-----END RSA PRIVATE KEY-----`)
|
//-----END RSA PRIVATE KEY-----`)
|
||||||
|
|
||||||
server = mqtt.New(&mqtt.Options{
|
server = mqtt.New(&mqtt.Options{
|
||||||
//Capabilities: &mqtt.Capabilities{
|
//Capabilities: &mqtt.Capabilities{
|
||||||
|
|
@ -72,6 +74,9 @@ func main() {
|
||||||
wsAddr := flag.String("ws", "", "network address for Websocket listener")
|
wsAddr := flag.String("ws", "", "network address for Websocket listener")
|
||||||
infoAddr := flag.String("info", ":8080", "network address for web info dashboard listener")
|
infoAddr := flag.String("info", ":8080", "network address for web info dashboard listener")
|
||||||
path := flag.String("path", "", "path to data auth file")
|
path := flag.String("path", "", "path to data auth file")
|
||||||
|
fullchain := flag.String("full_chain_path", "", "path to fullchain.pem certificate")
|
||||||
|
privkey := flag.String("private_key_path", "", "path to privkey.pem certificate")
|
||||||
|
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
|
|
||||||
sigs := make(chan os.Signal, 1)
|
sigs := make(chan os.Signal, 1)
|
||||||
|
|
@ -104,25 +109,50 @@ func main() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//cert, err := tls.X509KeyPair(testCertificate, testPrivateKey)
|
if *fullchain != "" && *privkey != "" {
|
||||||
//if err != nil {
|
chain, err := ioutil.ReadFile(*fullchain)
|
||||||
// log.Fatal(err)
|
|
||||||
//}
|
|
||||||
|
|
||||||
// Basic TLS Config
|
|
||||||
//tlsConfig := &tls.Config{
|
|
||||||
// Certificates: []tls.Certificate{cert},
|
|
||||||
//}
|
|
||||||
|
|
||||||
if *tcpAddr != "" {
|
|
||||||
//tcp := listeners.NewTCP("t1", *tcpAddr, &listeners.Config{
|
|
||||||
// TLSConfig: tlsConfig,
|
|
||||||
//})
|
|
||||||
tcp := listeners.NewTCP("t1", *tcpAddr, nil)
|
|
||||||
err := server.AddListener(tcp)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
priv, err := ioutil.ReadFile(*fullchain)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
cert, err := tls.X509KeyPair(chain, priv)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
//Basic TLS Config
|
||||||
|
tlsConfig := &tls.Config{
|
||||||
|
Certificates: []tls.Certificate{cert},
|
||||||
|
}
|
||||||
|
|
||||||
|
if *tcpAddr != "" {
|
||||||
|
tcp := listeners.NewTCP("t1", *tcpAddr, &listeners.Config{
|
||||||
|
TLSConfig: tlsConfig,
|
||||||
|
})
|
||||||
|
err := server.AddListener(tcp)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
log.Println("Mqtt Broker is running with TLS")
|
||||||
|
} else {
|
||||||
|
if *tcpAddr != "" {
|
||||||
|
//tcp := listeners.NewTCP("t1", *tcpAddr, &listeners.Config{
|
||||||
|
// TLSConfig: tlsConfig,
|
||||||
|
//})
|
||||||
|
tcp := listeners.NewTCP("t1", *tcpAddr, nil)
|
||||||
|
err := server.AddListener(tcp)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
log.Println("Mqtt Broker is running without TLS, (it's dangerous)")
|
||||||
}
|
}
|
||||||
|
|
||||||
if *wsAddr != "" {
|
if *wsAddr != "" {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user