-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multi compose #61
Open
rashley-iqt
wants to merge
14
commits into
IQTLabs:main
Choose a base branch
from
rashley-iqt:multi-compose
base: main
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Multi compose #61
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Configure Renovate
… compose` and `container.env` is the environment file passed intoindividual containers.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a fairly significant refactor so buckle up:
The Goal
SkyScan should be able to communicate on the MQTT bus using TLS encryption.
This PR is the first step towards that goal.
How it works
This adds a Certificate Authority(CA) server on the same docker network as the mqtt broker. The CA exists at ca.mqtt.local and the broker can be found at broker.mqtt.local so as not to unnecessarily expose MQTT traffic to external interference. The MQTT broker waits for the CA to become healthy and then bootstraps the CA's root cert (so that it will trust the CA) and then uses certbot to perform an ACME challenge to obtain a certificate. Clients that wish to validate can obtain their own certs in the same fashion. TLS encrypted MQTT (aka MQTTS) is authenticated using a username and password and communicates over port 8883.
Instructions for Use
mqtt
.env
file specify theMQTT_PREFIX
environment variabledocker-compose -f docker-compose.yml -f mqtt/docker-compose.mqtt.yml
Important Notes
.env
file DOES NOT contain environment variables needed by containers; it is the environment provided todocker-compose
. Environment variables required inside of containers should be specified incontainer.env
(though this is not considered ideal as all containers will have identical environments).mqtt
directory is a subtree pointed to https://github.com/IQTLabs/edgetech-mqtt-compose and as such should not be updated from this project.docker-compose.yml
file found at the project root be the first one referenced in a-f
flag as it defines the context under which ALL subsequent compose files will be evaluated, in accordance with the documentation.