Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable secure connections #295

Open
wants to merge 3 commits into
base: beta
Choose a base branch
from
Open

Enable secure connections #295

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cd1f26d
Refactor to fix TLS
miguelangel-nubla Feb 27, 2023
d9c2b6b
Refactor to fix TLS
miguelangel-nubla Feb 27, 2023
6065222
Refactor to fix TLS
miguelangel-nubla Feb 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 13 additions & 6 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -280,21 +280,28 @@ token:
```yaml
# enable mqtt subscribing and publishing (default: shown below)
mqtt:
protocol: mqtt
host:
port: 1883
username:
password:
client_id:

# only used when secure protocols such as mqtts (uses port 8883 by default) are used
tls:
# cert chains in PEM format: /path/to/client.crt
cert:
# private keys in PEM format: /path/to/client.key
key:
# optionally override the trusted CA certificates: /path/to/ca.crt
# list of trusted CA certificates: /path/to/ca.crt
ca:
# if true the server will reject any connection which is not authorized with the list of supplied CAs
# double-take will reject any connection to a server which is
# identified with a certificate not found on the supplied CAs list.
# set this to disable it, MitM risk, use only for testing.
reject_unauthorized: false

# only needed for tls client authentication, cert chain in PEM format: /path/to/client.crt
cert:
# only needed for tls client authentication, private key in PEM format: /path/to/client.key
key:


topics:
# mqtt topic for frigate message subscription
frigate: frigate/events
Expand Down
2 changes: 2 additions & 0 deletions api/src/constants/defaults.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,8 @@ module.exports = {
min_area: 0,
},
mqtt: {
protocol: 'mqtt',
port: 1883,
tls: {
reject_unauthorized: false,
},
Expand Down
8 changes: 6 additions & 2 deletions api/src/util/mqtt.util.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,15 +88,19 @@ module.exports.connect = () => {
if (!MQTT || !MQTT.HOST) return;

try {
CLIENT = mqtt.connect(`mqtt://${MQTT.HOST}`, {
CLIENT = mqtt.connect({
reconnectPeriod: 10000,
protocol: MQTT.PROTOCOL,
host: MQTT.HOST,
port: MQTT.PORT,
username: MQTT.USERNAME || MQTT.USER,
password: MQTT.PASSWORD || MQTT.PASS,
clientId: MQTT.CLIENT_ID || `double-take-${Math.random().toString(16).substr(2, 8)}`,
key: MQTT.TLS.KEY ? filesystem.readFileSync(MQTT.TLS.KEY) : null,
cert: MQTT.TLS.CERT ? filesystem.readFileSync(MQTT.TLS.CERT) : null,
ca: MQTT.TLS.CA ? filesystem.readFileSync(MQTT.TLS.CA) : null,
rejectUnauthorized: MQTT.TLS.REJECT_UNAUTHORIZED === true,
// The CA list will be used to determine if server is authorized
ca: MQTT.TLS.CA ? filesystem.readFileSync(MQTT.TLS.CA) : null,
});

CLIENT.on('connect', () => {
Expand Down