How to access MQTT through OpenShift TLS route.
- Deploy a mqtt image to openshift
- quay.io/kboone/mosquitto-ephemeral:latest
- Create a route
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: mosquitto-ephemeral-tls
spec:
host: mqtt.xxxx.xxxx
port:
targetPort: 8883
tls:
termination: passthrough
to:
kind: Service
name: mosquitto-ephemeral-tls
weight: 100
wildcardPolicy: None
Add a CNAME to provider (eg GoDaddy) matching the status.ingress.routerCanonicalHostname on the route
Type Name Value TTL Actions
cname mqtt elb.b9ad.pro-us-east-1.openshiftapps.com 1 Hour
- Generate ca.key + csr
- Generate server.key + csr
- Generate extfile with commonName and subjectAltName DNS
- Generate x509 server.crt
- Create tls secrets for server.crt/key and ca.crt/key
- Mount secrets and ensure mosquitto.conf is updated
- Use
mosquitto_passwd
to create a password file, mount from secret - Generate der server.pem
openssl x509 -inform pem -in server.crt -outform der -out server.pem
- What was done with the pem from here?
- does not look to be loaded anywhere in the code
- it is checked in under res/raw/server.pem
- it may have also been manually added as a User Certificate on the test device
- https://stackoverflow.com/a/68641725
- https://developer.android.com/training/articles/security-config.html
- https://www.hivemq.com/blog/mqtt-essentials-part-5-mqtt-topics-best-practices
- https://kotlinlang.org/docs/serialization.html#example-json-serialization
- https://gis.stackexchange.com/a/8674
- https://developers.arcgis.com/android/