Versuchsaufbau

Der Mosquitto Broker

Installation

• sudo apt install mosquitto mosquitto-clients

Passwot setzen

• sudo mosquitto_passwd -c /etc/mosquitto/passwd xinux

Grundkonfiguration

• sudo cat /etc/mosquitto/conf.d/default.conf

allow_anonymous false
password_file /etc/mosquitto/passwd
bind_address 0.0.0.0
log_type all
log_type debug

Restarten des Brokers

• sudo systemctl restart mosquitto.service

Verbindung

• Wir verbinden uns über WLAN(Smartphone mit dem Shelly.

Wlan Client

Unsichere Verbindnung

Schalten über die Konsole

An

• mosquitto_pub -h 172.26.255.100 -u xinux -P 123Start$ -t "shellyplus1-255/rpc" -m '{"id":1,"src":"user","method":"Switch.Set","params":{"id":0,"on":true}}'

Aus

• mosquitto_pub -h 172.26.255.100 -u xinux -P 123Start$ -t "shellyplus1-255/rpc" -m '{"id":1,"src":"user","method":"Switch.Set","params":{"id":0,"on":false}}'

Verschlüsseln

Voraussetzungen

• Funktionierendes DNS Konzept
• CA
• Signiertes CERT und ein passender KEY

Zertifikat einbauen

• cp mqtt.lab.int.crt mqtt.lab.int.key ca.crt /etc/mosquitto/
• cd /etc/mosquitto/
• chown mosquitto:mosquitto mqtt.lab.int.crt mqtt.lab.int.key ca.crt

Konfigutaionsdatei

• cat /etc/mosquitto/conf.d/default.conf

allow_anonymous false
password_file /etc/mosquitto/passwd
listener 8883 0.0.0.0
log_type all
log_type debug
listener 8883 0.0.0.0
cafile /etc/mosquitto/ca.crt
certfile /etc/mosquitto/mqtt.lab.int.crt
keyfile /etc/mosquitto/mqtt.lab.int.key
require_certificate false

Restart und Checken

• systemctl restart mosquitto.service
• tail -f /var/log/mosquitto/mosquitto.log

Einbau in das Shelly-Relais

CA Stammzertifikat hochladen

Shelly auf TLS stellen.

Client

Anschalten

• mosquitto_pub --cafile ca.crt -h mqtt.lab.int -u xinux -P 123Start$ -t "shellyplus1-255/rpc" -m '{"id":1,"src":"user","method":"Switch.Set","params":{"id":0,"on":true}}'

Ausschalten

• mosquitto_pub --cafile ca.crt -h mqtt.lab.int -u xinux -P 123Start$ -t "shellyplus1-255/rpc" -m '{"id":1,"src":"user","method":"Switch.Set","params":{"id":0,"on":false}}'