我想设置一个代理,该代理既可以使用TLS接受“开放/公共”连接又可以接受“私有”连接。 为此,我已将服务器设置为接受TLS连接,但仍然嗅探端口1883(处于打开状态)的人仍会收到围绕8888(基于TLS)发送的主题。 该如何解决?
我的配置文件(位于/etc/mosquitto/conf.d/mosquitto.conf):
port 1883
# MQTT over TLS/SSL
listener 8883
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
tls_version tlsv1
# End of MQTT over TLS/SLL configuration
listener 9001
protocol websockets
# WebSockets over TLS/SSL
listener 9883
protocol websockets
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
答案 0 :(得分:0)
这按设计工作。
添加侦听器不会创建单独的主题空间。如果要限制无TLS侦听器,则可以将IP地址添加到设置中。您还可以使用bind_address来更改默认的监听器
例如将打开的侦听器限制为本地主机,您只能执行以下操作:
port 1883
bind_address 127.0.0.1
# MQTT over TLS/SSL
listener 8883 0.0.0.0
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
tls_version tlsv1
# End of MQTT over TLS/SLL configuration
listener 9001 127.0.0.1
protocol websockets
# WebSockets over TLS/SSL
listener 9883 0.0.0.0
protocol websockets
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key