简介:
在Centos上安装EMQX。
安装环境及版本:
系统环境:CentOS Linux release 7.5.1804 (Core)
EMQ版本:v4.3.2
1 环境准备
1.1 关闭防火墙
关闭防火墙并设置为disable
[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
1.2 关闭SELINUX
设置SELINUX=disabled
[root@localhost ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
1.3 端口使用情况
安装组件
[root@localhost ~]# yum install net-tools
Loaded plugins: fastestmirror, product-id, search-disabled-repos, subscription-manager
…………………………..
Installed:
net-tools.x86_64 0:2.0-0.25.20131004git.el7
Complete!
查看端口使用情况
[root@localhost ~]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 899/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1134/master
tcp6 0 0 :::22 :::* LISTEN 899/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1134/master
2 安装Docker
2.1 安装
[root@localhost ~]# yum -y install docker
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
。。。。。。。。。。。。。。。。。。。。。。
libsepol.x86_64 0:2.5-10.el7 libxml2.x86_64 0:2.9.1-6.el7.5 policycoreutils.x86_64 0:2.5-34.el7 selinux-policy.noarch 0:3.13.1-268.el7_9.2 selinux-policy-targeted.noarch 0:3.13.1-268.el7_9.2
Complete!
[root@localhost ~]#.
2.2 自启动
[root@localhost ~]# systemctl start docker
[root@localhost ~]# systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
[root@localhost ~]# systemctl status docker
3 Docker操作
3.1 下载镜像
https://www.emqx.cn/downloads#broker
[root@localhost ~]# docker pull emqx/emqx:4.3.5
Trying to pull repository docker.io/emqx/emqx ...
4.3.5: Pulling from docker.io/emqx/emqx
339de151aab4: Pull complete
a8c774f539bc: Pull complete
9f627e639d29: Pull complete
bd780370e278: Pull complete
77a85ead129f: Pull complete
acdb5fa40cba: Pull complete
41dc22c5ed57: Pull complete
Digest: sha256:6546bf2ba46666ce721d5496cb75eb033298e3f1d76b89c44843cce11e0c2696
Status: Downloaded newer image for docker.io/emqx/emqx:4.3.5
查看下载的镜像
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/emqx/emqx 4.3.5 03b65cd2d825 3 weeks ago 154 MB
3.2 容器基本操作
3.2.1 创建并启动容器
启动容器
[root@localhost ~]# docker run -d --name emqx -p 1883:1883 -p 8081:8081 -p 8083:8083 -p 8084:8084 -p 8883:8883 -p 18083:18083 emqx/emqx:4.3.5
ea330bb58319044e7ace78fd707e4965369ed9774c4f6e5753baaaad4b56d57a
[root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ea330bb58319 emqx/emqx:4.3.5 "/usr/bin/docker-e..." 5 seconds ago Up 2 seconds 4369-4370/tcp, 5369/tcp, 0.0.0.0:1883->1883/tcp, 0.0.0.0:8081->8081/tcp, 0.0.0.0:8083-8084->8083-8084/tcp, 6369-6370/tcp, 0.0.0.0:8883->8883/tcp, 0.0.0.0:18083->18083/tcp, 11883/tcp emqx
查看端口,此时端口已被映射
[root@localhost ~]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 899/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1134/master
tcp6 0 0 :::18083 :::* LISTEN 2323/docker-proxy-c
tcp6 0 0 :::8081 :::* LISTEN 2378/docker-proxy-c
tcp6 0 0 :::8083 :::* LISTEN 2364/docker-proxy-c
tcp6 0 0 :::8883 :::* LISTEN 2337/docker-proxy-c
tcp6 0 0 :::8084 :::* LISTEN 2351/docker-proxy-c
tcp6 0 0 :::22 :::* LISTEN 899/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1134/master
tcp6 0 0 :::1883 :::* LISTEN 2390/docker-proxy-c
3.2.2 停止容器
[root@localhost ~]# docker stop ea330bb58319
ea330bb58319
3.2.3 启动容器
[root@localhost ~]# docker start ea330bb58319
ea330bb58319
3.2.4 容器中执行命令
[root@localhost ~]# docker exec -it ea330bb58319 bash
bash-5.0$ emqx_ctl status
3.3 Mnesia 认证
https://docs.emqx.cn/broker/v4.3/advanced/auth-mnesia.html
3.3.1 准备
进入容器执行命令
[root@localhost ~]# docker exec -it ea330bb58319 bash
bash-5.0$
查看当前路径及内容
bash-5.0$ pwd
/opt/emqx
bash-5.0$ ls -l
total 4
drwxrwxr-x 1 emqx emqx 301 Jun 28 06:57 bin
drwxrwxr-x 6 emqx emqx 109 Jul 19 10:31 data
drwxrwxr-x 1 emqx emqx 17 Jun 28 06:57 erts-11.1.8
drwxrwxr-x 5 emqx emqx 135 Jul 19 10:31 etc
drwxrwxr-x 1 emqx emqx 4096 Jun 28 06:57 lib
drwxrwxr-x 2 emqx emqx 6 Jul 19 10:31 log
drwxrwxr-x 1 emqx emqx 74 Jun 28 06:57 releases
3.3.2 配置文件
bash-5.0$ vi etc/plugins/emqx_auth_mnesia.conf
4: auth.mnesia.password_hash = sha256
25:auth.user.1.username = pyrk
26:auth.user.1.password = pyrk-0811
3.3.3 加载插件
bash-5.0$ vi data/loaded_plugins
bash-5.0$ cat data/loaded_plugins
{emqx_management, true}.
{emqx_dashboard, true}.
{emqx_modules, false}.
{emqx_recon, true}.
{emqx_retainer, true}.
{emqx_telemetry, true}.
{emqx_rule_engine, true}.
{emqx_bridge_mqtt, false}.
{emqx_auth_mnesia, true}.
3.3.4 重启
bash-5.0$ emqx restart
3.3.5 查看插件状态
[root@localhost ~]# docker start ea330bb58319
ea330bb58319
[root@localhost ~]# docker exec -it ea330bb58319 bash
bash-5.0$ emqx_ctl status
Node 'ea330bb58319@172.17.0.2' 4.3.5 is started
3.4 EMQX配置
3.4.1 基础配置
bash-5.0$ vi etc/emqx.conf
187:node.name = emqx@127.0.0.1
594:allow_anonymous = false
648:mqtt.max_packet_size = 1KB
1076:listener.tcp.external.acceptors = 1024
1313:listener.ssl.external.acceptors = 1024
3.4.2 SSL
拷贝证书
[root@localhost ~]# docker cp /root/cacert-20191215/key.pem ea330bb58319:/opt/emqx/etc/certs
[root@localhost ~]# docker cp /root/cacert-20191215/cert.pem ea330bb58319:/opt/emqx/etc/certs
[root@localhost ~]# docker cp /root/cacert-20191215/cacert.pem ea330bb58319:/opt/emqx/etc/certs
修改配置文件
bash-5.0$ vi etc/emqx.conf
1387:listener.ssl.external.keyfile = etc/certs/key.pem
1394:listener.ssl.external.certfile = etc/certs/cert.pem
1400: listener.ssl.external.cacertfile = etc/certs/cacert.pem
4 制作镜像文件
4.1 创建镜像
[root@localhost ~]# docker commit ea330bb58319 emqx_img
sha256:afd3a2982c076f8ac31cf4a77c00cd57ab518f5f33cef32bb9ddfc1da0f55e5b
[root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
emqx_img latest afd3a2982c07 4 seconds ago 154 MB
docker.io/emqx/emqx 4.3.5 03b65cd2d825 3 weeks ago 154 MB
4.2 保存文件
[root@localhost ~]# docker save -o emqx_20210719 emqx_img
[root@localhost ~]# ls
anaconda-ks.cfg cacert-20191215 emqx_20210719