Differences

This shows you the differences between two versions of the page.

--- blocks:server:advanced_server_configuration:mqtt [2025-01-09 13:05]
mattias [Security]
+++ blocks:server:advanced_server_configuration:mqtt [2025-01-13 12:03] (current)
mattias [Blocks Server Configuration File]
@@ Line 120: / Line 120: @@
 The following commands assume you're logged into the terminal as the pixi-admin user. If not use the //su pixi-admin// command to switch to that user, as described above.
+Make sure we have a password file to store the users (this will not overwrite if the file already exist:
-Create a user in mosquitto, the example command adds a user named blocks to an existing password file, the dialog o will prompt for a password.
 <code>
-sudo mosquitto_passwd  /etc/mosquitto/conf.d/pixi-pwd blocks
+sudo touch  /etc/mosquitto/conf.d/pixi-pwd
 </code>
-If this command fail, this may be the initial user so a new password file must be created along the initial user.
-:!: Use with caution, this command will overwrite any existing file and clear any user credentials stored!
+Set file ownership and restrictive permissions for the password file:
 <code>
-sudo mosquitto_passwd  -c /etc/mosquitto/conf.d/pixi-pwd blocks
+sudo chmod 400 /etc/mosquitto/conf.d/pixi-pwd
+sudo chown mosquitto:mosquitto /etc/mosquitto/conf.d/pixi-pwd
 </code>
+Create a user in mosquitto, the example command adds a user named blocks to an existing password file, the dialog o will prompt for a password.
-Set file ownership and restrictive permissions for the password file:
 <code>
-sudo chmod 400 /etc/mosquitto/conf.d/pixi-pwd
+sudo mosquitto_passwd  /etc/mosquitto/conf.d/pixi-pwd blocks
-sudo chown mosquitto:mosquitto pixi-pwd
 </code>
-mosquitto_password will throw a warning when adding user while the password file is owned by mosquitto, with this permissions and ownership only root and mosquitto can read the file and mosquitto cannot modify it. It is possible but currently not necessary to temporary change ownership back to root:root while adding new users to mosquitto.
+Read the manual for mosquitto_password to find out other options such as delete a user etc. Note, if the -c option is being used the existing file is overwritten and the file permissions must reset as mosquitto runs with limited permissions for security reasons.
+mosquitto_password will throw a warning when adding user while the password file is owned by mosquitto, with this permissions and ownership only root and mosquitto can read the file and mosquitto cannot modify it. It is possible but currently not necessary to temporary change ownership back to root:root while adding new users to mosquitto.
 Change the broker configuration and add the line that specifies a password file and turn off the option to use the broker as anonymous user.
@@ Line 174: / Line 172: @@
 If this section is missing in the config file, default settings is assumed for the broker.
 <code>
 mqtt:
   defaultBroker:
     address: localhost  # Default is localhost
-    username: pixi   # Default is no username and password
+    username: blocks  # Replace blocks with the username you have configured in the broker, leave empty if anonymous user is allowed.
-    password: pixi
+    password: pixi  # Replace pixi with the password setup with your user.
     encryption: false  # Set to true if secure connection (tls) is available.
     port: 1883 # Default is 1883 if non-encypted and 8883 if encrypted