12 063
правки
(Новая страница: «Run the command '''service nginx restart''' to update the configuration.») |
(Новая страница: «Getting messages from the "test" topic on the example.com server») |
||
(не показаны 23 промежуточные версии этого же участника) | |||
Строка 249: | Строка 249: | ||
Run the command '''service nginx restart''' to update the configuration. | Run the command '''service nginx restart''' to update the configuration. | ||
Now, when you access http on the local port 8080, encrypted requests with authentication information will be sent to the server example.com | |||
<pre> | <pre> | ||
Строка 261: | Строка 260: | ||
</pre> | </pre> | ||
== | == Openvpn configuration == | ||
First, install the package: | |||
<pre> | <pre> | ||
Строка 269: | Строка 268: | ||
</pre> | </pre> | ||
Create file named req.cnf - we need it to make a server certificate. | |||
<pre> | <pre> | ||
[ v3_req ] | [ v3_req ] | ||
Строка 277: | Строка 276: | ||
</pre> | </pre> | ||
The openvpn server also needs a file with DH parameters, let's make it. | |||
<pre> | <pre> | ||
openssl dhparam -out dh2048.pem 2048 | openssl dhparam -out dh2048.pem 2048 | ||
</pre> | </pre> | ||
It may take a few minutes to create this file. | |||
Next, make a private key of our server and request a certificate. We assume, for example, that | |||
server has name example.com: | |||
<pre> | <pre> | ||
Строка 293: | Строка 292: | ||
</pre> | </pre> | ||
Sign the request in our certification authority: | |||
<pre> | <pre> | ||
Строка 299: | Строка 298: | ||
</pre> | </pre> | ||
Now let's start setting up openvpn server on the machine example.com | |||
Copy the file '''ca.crt''', '''example.crt''', '''example.key''' and '''dh2048.pem''' and edit the openvpn server configuration file. | |||
By default, the configuration file is in /etc/openvpn/server.conf | |||
<pre> | <pre> | ||
Строка 328: | Строка 327: | ||
</pre> | </pre> | ||
Add the openvpn user to the i2c group to access the crypto device: | |||
<pre> | <pre> | ||
Строка 334: | Строка 333: | ||
</pre> | </pre> | ||
after that, start the server with the command | |||
service openvpn start. | service openvpn start. | ||
Next, create a client configuration file on the controller: | |||
client.ovpn: | client.ovpn: | ||
<pre> | <pre> | ||
Строка 359: | Строка 358: | ||
------------------------------------------------------------------------- | ------------------------------------------------------------------------- | ||
</pre> | </pre> | ||
Note the line group i2c. It is necessary to work with the crypto device. | |||
Then run the client: | |||
<pre> | <pre> | ||
Строка 367: | Строка 366: | ||
</pre> | </pre> | ||
If all is well, then the system should appear tun0 interface with the address from the subnet 10.8.0.0/24: | |||
<pre> | <pre> | ||
Строка 380: | Строка 379: | ||
</pre> | </pre> | ||
To check the performance run ping: | |||
<pre> | <pre> | ||
Строка 389: | Строка 388: | ||
</pre> | </pre> | ||
== | == Mosquitto settings == | ||
UPD: | UPD: | ||
Строка 469: | Строка 468: | ||
Generate a private key and certificate request: | |||
<pre> | <pre> | ||
Строка 481: | Строка 480: | ||
</pre> | </pre> | ||
Copy the file '''ca.crt''', '''mosquitto.crt''', '''mosquitto.key''' to the server and edit the configuration file '''/etc/mosquito/conf.d/server.conf''' | |||
<pre> | <pre> | ||
Строка 491: | Строка 490: | ||
</pre> | </pre> | ||
Start service: | |||
<pre> | <pre> | ||
service mosquitto start | service mosquitto start | ||
</pre> | </pre> | ||
Also, if required, you can make the local mosquitto server on the controller | |||
forwarder some topics on a remote server. To do this, create a bridge file: '''/etc/mosquitto/bridge.conf''' | |||
<pre> | <pre> | ||
Строка 509: | Строка 508: | ||
</pre> | </pre> | ||
After restarting the local service mosquito topics /test/.. will be sent to the remote server example.com | |||
secure ssl channel. | |||
Examples of client mosquitto commands. | |||
Sending a message to the "test" topic on the example.com server | |||
<pre> | <pre> | ||
Строка 519: | Строка 518: | ||
</pre> | </pre> | ||
Getting messages from the "test" topic on the example.com server | |||
<pre> | <pre> | ||
mosquitto_sub -h example.com --cert device_AP6V5MDG.crt --key 'engine:ateccx08:ATECCx08:00:04:C0:00' -t "test" --cafile ca.crt | mosquitto_sub -h example.com --cert device_AP6V5MDG.crt --key 'engine:ateccx08:ATECCx08:00:04:C0:00' -t "test" --cafile ca.crt | ||
</pre> | </pre> |
правки