baetyl-broker Module
Last Updated:2021-05-18
Introduction
baetyl-broker is developed based on the Golang language, and it is a stand-alone message subscription and release center. It adopts the MQTT3.1.1 protocol and can provide a reliable message transfer service in low bandwidth and unreliable network. As the message middleware on the baetyl framework end side, it has message-driven interconnection capability for all services.
At present, it supports four access modes: TCP, SSL (TCP+SSL), WS (Websocket), and WSS (Websocket+SSL), and the support of MQTT protocol is as follows:
- Support the functions such as
Connect,Disconnect,Subscribe,Publish,UnsubscribeandPing. - Support the message release and subscription with QoS level 0 and 1.
- Support
Retain,WillandClean Session - Support the subscription of the topics with wildcards, such as
+and# - Support the checksum of ClientID and Payload in accordance with the convention.
- Support the authentication, uses the TLS certificate for two-way authentication at the transport layer, and support the ACL access control at the application layer.
- Do not support the Keep Alive feature of the Client and the release and subscription with QoS level 2 temporarily.
Configuration
The following gives the complete configuration files of baetyl-broker and explains the configuration field correspondingly:
listeners: # [Required] Monitoring address, for example:
- address: tcp://0.0.0.0:1883 # tcp connection
- address: ssl://0.0.0.0:1884 # ssl connection, ssl connection must be configured with a certificate
ca: example/var/lib/baetyl/testcert/ca.crt # Server's CA certificate path
key: example/var/lib/baetyl/testcert/server.key # Server's server private key path
cert: xample/var/lib/baetyl/testcert/server.crt # Server's server public key path
anonymous: true # true # If anonymous is true, the server will not perform ACL verification on the port
- address: ws://0.0.0.0:8883/mqtt # ws connection
- address: wss://0.0.0.0:8884/mqtt # wss connection, wss connection must be configured with a certificate
ca: example/var/lib/baetyl/testcert/ca.crt # Server's CA certificate path
key: example/var/lib/baetyl/testcert/server.key # Server's server private key path
cert: example/var/lib/baetyl/testcert/server.crt # Server's server public key path
anonymous: false # If anonymous is true, the server will not perform ACL verification on the port
principals: # ACL permission control, support account password and certificate authentication
- username: test # username
password: hahaha # password
permissions: # Access control
- action: pub # pub Privilege
permit: ["test"] # Allowed topic, supports wildcard
- action: sub # pub Privilege
permit: ["test"] # Allowed topic, supports wildcard
- username: client # If the password is empty, the username represents the common name of the client certificate, which is used for the ACL verification of the client connecting to the certificate
permissions: # Access control
- action: pub # pub Privilege
permit: ["#"] # Allowed topic, supports wildcard
- action: sub # pub Privilege
permit: ["#"] # Allowed topic, supports wildcard
session: # Client session related settings
maxClients: 0 # The maximum number of client connections on the server, if it is 0 or a negative number, there is no limit
maxMessagePayloadSize: 32768 # The maximum message length that can be transmitted, the default is 32768 bytes (32K), the maximum is 268,435,455 bytes (approximately 256MB)-1
maxInflightQOS0Messages: 100 # QOS0 message flying window
maxInflightQOS1Messages: 20 # QOS1 message flying window
resendInterval: 20s # Message retransmission interval. If the client does not reply to an acknowledgment (ack) within the message retransmission interval, the message will be retransmitted until the client replies confirmation or the session is closed
persistence: # Message persistence related configuration
store: # Underlying storage plugin configuration
driver: boltdb # Low-level storage plugin, default boltdb
source: var/lib/baetyl/broker.db # Storage file path
queue: # Storage
batchSize: 10 # Message channel buffer size
expireTime: 24h # Message expiration time interval. The messages released before this interval will be cleaned up the next time.
cleanInterval: 1h # Message cleaning interval, the background will periodically clean up expired messages according to this interval
writeTimeout: 100ms # Batch write timeout interval. Write operations are performed according to this interval. If the buffer is full within the interval, the write operation will also be triggered
deleteTimeout: 500ms # The timeout interval for batch deletion of confirmed messages. Delete confirmed messages according to this interval. If the confirmed message cache is full within the interval, the delete operation will also be triggered
sysTopics: ["$link", "$baidu"] # System theme
logger: # Log
level: info # Log levelThe following provides a configuration demo, which can access to the broker quickly:
listeners:
- address: tcp://0.0.0.0:1883
principals:
- username: test
password: hahaha
permissions:
- action: pub
permit: ["test"]
- action: sub
permit: ["test"]
logger:
level: infoUsers can configure the user name, password, and address through the MqttBox software to connect with the broker shown in the figure below:
You can send the message to the test topics and subscribe to the test topics message.
Note: The broker will load the system certificate issued on the end side by default and listen to the 50010 port. Users shall avoid using this port.