jeans/home-assistant.io
jeans/home-assistant.io
1
0
Fork 0
mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-07-16 13:56:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Explain an explicit ACL is now required; update example. (#8965)

Browse Source 
* Explain an explicit ACL is now required; update example.

The issue explained in https://github.com/home-assistant/hassio-addons/issues/545 outlines how an explicit ACL is now required for mosquitto to accept any traffic.

* Add formatting

* Make it bold
This commit is contained in:
hcooper 2019-03-17 01:45:16 -07:00 committed by Fabian Affolter
parent f9119f7299
commit e96d3c6cba
1 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
source/_addons/mosquitto.markdown
View File

@ -28,7 +28,7 @@ Set up [Mosquitto](https://mosquitto.org/) as MQTT broker.
``` ```
<p class='warning note'> <p class='warning note'>
Make sure you use logins and disable anonymous access if you want to secure the system. Since version 4.1 of the addon, an explicit ACL definition is now required, [see these instructions](https://www.home-assistant.io/addons/mosquitto/#access-control-lists-acls).
</p> </p>
{% configuration %} {% configuration %}
@ -63,7 +63,7 @@ To use the Mosquitto as [broker](/docs/mqtt/broker/#run-your-own), go to the int
3. Once back on-line, return to `Configuration > Integrations` and select configure next to `MQTT`. 3. Once back on-line, return to `Configuration > Integrations` and select configure next to `MQTT`.
``` ```text
Broker: YOUR_HASSIO_IP_ADDRESS Broker: YOUR_HASSIO_IP_ADDRESS
Port: 1883 Port: 1883
Username: MQTT_USERNAME Username: MQTT_USERNAME
@ -86,13 +86,24 @@ See the following links for more information:
* [Mosquitto topic restrictions](http://www.steves-internet-guide.com/topic-restriction-mosquitto-configuration/) * [Mosquitto topic restrictions](http://www.steves-internet-guide.com/topic-restriction-mosquitto-configuration/)
* [Mosquitto.conf man page](https://mosquitto.org/man/mosquitto-conf-5.html) * [Mosquitto.conf man page](https://mosquitto.org/man/mosquitto-conf-5.html)
Add the following configuration to enable ACLs: Add the following configuration to enable **unrestricted** access to all topics.
1. Set the `active` flag within the `customize` section to `true` in your configuration. 1. Enable the customize flag
2. Create a file in `/share/mosquitto` named `acl.conf` with the following contents: ```json
"customize": {
"active": true,
"folder": "mosquitto"
},
```
2. Create `/share/mosquitto/acl.conf` with the contents:
```text ```text
acl_file /share/mosquitto/accesscontrollist acl_file /share/mosquitto/accesscontrollist
``` ```
3. Create a file in `/share/mosquitto` named `accesscontrollist` and add contents according to your requirements.
The `/share` folder can be found on the host filesystem under `/usr/share/hassio/share`, or via the `Share` folder through SMB (Samba). 3. Create `/share/mosquitto/accesscontrollist` with the contents:
```text
topic readwrite #
```
The `/share` folder can be accessed via SMB, or on the host filesystem under `/usr/share/hassio/share`.