Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add support for MQTT TLS #241

Merged
merged 6 commits into from
Oct 20, 2022
Merged

feat: add support for MQTT TLS #241

merged 6 commits into from
Oct 20, 2022

Conversation

konturn
Copy link
Contributor

@konturn konturn commented Sep 16, 2022

My use-case involves an MQTT broker that uses TLS to communicate--this PR will make this possible.

@jakowenko
Copy link
Owner

Thank you for this! I will take a look tonight or tomorrow and get it merged in.

@jakowenko jakowenko self-requested a review September 20, 2022 17:57
@jakowenko
Copy link
Owner

I'm going to close and reopen to see if I can get the diff to update. Right now it's showing old files from beta branch.

@jakowenko jakowenko closed this Sep 20, 2022
@jakowenko jakowenko reopened this Sep 20, 2022
@jakowenko jakowenko changed the base branch from beta to master September 20, 2022 19:29
@jakowenko jakowenko changed the base branch from master to beta September 20, 2022 19:29
@jakowenko
Copy link
Owner

jakowenko commented Sep 20, 2022

@konturn were you able to test this? I don't see the options for the cert files in the docs for the mqtt package that is being used. Just wanted to confirm this is accurate.

https://github.com/mqttjs/MQTT.js#mqttclientstreambuilder-options

@konturn
Copy link
Contributor Author

konturn commented Sep 21, 2022

@konturn were you able to test this? I don't see the options for the cert files in the docs for the mqtt package that is being used. Just wanted to confirm this is accurate.

https://github.com/mqttjs/MQTT.js#mqttclientstreambuilder-options

I was able to test on my infrastructure and everything works (you can see the relevant config files in my Infrastructure-as-Code repo here and here). After working with it a bit I realized I didn't need to use client certificates, so my config doesn't specify anything but mqtt.tls.enabled.

The docs you linked mention that when MQTT over TLS is used, then the options object is passed through to tls.connect. I did screw up the names for the key and cert options though, so I've pushed up a fix for that. Also, since client certificates aren't necessarily required, I dropped the one error message I had in place. After I pushed the fix, I tested the ca, key, and cert locally and everything seems to work.

@jakowenko
Copy link
Owner

@konturn should we support the ability to pass the key and certs as file paths or were you thinking you would just save the full contents of those into the config?

@konturn
Copy link
Contributor Author

konturn commented Sep 27, 2022

@jakowenko would preferably want to pass them as paths and load the data into the vars. I'm seeing now that I'd have to make a further update to allow this, since the tls.connect function takes the file contents. Should I add a function to fs.util.js that allows reading from files?

@jakowenko
Copy link
Owner

jakowenko commented Oct 18, 2022

Hey @konturn, sorry for the delay. I refactored the code slightly and updated it to read in the file with fs.

You should be able to pass the path of the cert and key now like this. Let me know what you think, and I'll get this built into a beta build this week.

mqtt:
  host: localhost
  tls:
    cert: ./client.crt
    key: ./client.key

@jakowenko jakowenko merged commit 7f37b78 into jakowenko:beta Oct 20, 2022
jakowenko added a commit that referenced this pull request Oct 20, 2022
## [1.13.0-beta.2](v1.13.0-beta.1...v1.13.0-beta.2) (2022-10-20)

### Features

* support for MQTT TLS ([#241](#241)) ([7f37b78](7f37b78))
@jakowenko
Copy link
Owner

🎉 This PR is included in version 1.13.0-beta.2 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

jakowenko added a commit that referenced this pull request Oct 21, 2022
## [1.13.0](v1.12.1...v1.13.0) (2022-10-21)

### Features

* frigate matches below an area target ([3365bc7](3365bc7))
* **mqtt & api:** total count for person, match, miss, and unknown ([#223](#223)) ([2bf4406](2bf4406))
* support for MQTT TLS ([#241](#241)) ([7f37b78](7f37b78))

### Bug Fixes

* remove non alphanumeric characters from MQTT topic names ([#239](#239)) ([885d8a1](885d8a1))
@jakowenko
Copy link
Owner

🎉 This PR is included in version 1.13.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

jakowenko added a commit that referenced this pull request Oct 26, 2022
## [1.13.0](v1.12.1...v1.13.0) (2022-10-21)

### Features

* frigate matches below an area target ([3365bc7](3365bc7))
* **mqtt & api:** total count for person, match, miss, and unknown ([#223](#223)) ([2bf4406](2bf4406))
* support for MQTT TLS ([#241](#241)) ([7f37b78](7f37b78))

### Bug Fixes

* remove non alphanumeric characters from MQTT topic names ([#239](#239)) ([885d8a1](885d8a1))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants