update mosquitto tls

mosquitto/Dockerfile

@@ -5,7 +5,7 @@
 FROM alpine
 MAINTAINER kev <noreply@easypi.pro>
 
-RUN apk add --no-cache mosquitto
+RUN apk add --no-cache ca-certificates mosquitto
 
 VOLUME /etc/mosquitto
 EXPOSE 1883 8883

mosquitto/README.md

@@ -24,27 +24,33 @@ mosquitto:
 
 ## mosquitto.conf
 
-```
+```ini
-port 8883
+port 1883
 log_dest stdout
+allow_anonymous false
 password_file /etc/mosquitto/pwfile
 persistence true
 persistence_location /var/lib/mosquitto
-cafile /var/lib/mosquitto/ca.crt
+
-certfile /var/lib/mosquitto/server.crt
+###### ENABLE TLS ######
-keyfile /var/lib/mosquitto/server.key
+listener 8883
+protocol mqtt
+capath /etc/ssl/certs
+certfile /var/lib/mosquitto/fullchain.pem
+keyfile /var/lib/mosquitto/privkey.pem
 require_certificate false
 ```
 
 - `pwfile` is managed by [mosquitto_passwd][3].
-- TLS keys are generated by [openssl][2].
+- Two methods to support TLS:
+  - You can get free TLS certificates from letsencrypt, `capath` is needed.
+  - Self-signed TLS keys can be generated by [openssl][2], `cafile` is needed.
 
-> It is important to use different certificate subject parameters for your CA,
+> It is important to use different certificate subject parameters for your self-signed CA, server and clients.
-> server and clients.
 
 ## server
 
-```
+```bash
 $ mkdir -p data
 $ touch data/mosquitto.conf data/pwfile
 $ docker-compose up -d

mosquitto/arm/Dockerfile

@@ -5,7 +5,7 @@
 FROM easypi/alpine-arm
 MAINTAINER EasyPi Software Foundation
 
-RUN apk add --no-cache mosquitto
+RUN apk add --no-cache ca-certificates mosquitto
 
 VOLUME /etc/mosquitto
 EXPOSE 1883 8883

mosquitto/arm/data/mosquitto.conf

@@ -12,7 +12,7 @@ persistence_location /var/lib/mosquitto
 ###### ENABLE WS ######
 #listener 8080
 #protocol websockets
-#cafile /var/lib/mosquitto/DST_Root_CA_X3.pem
+#capath /etc/ssl/certs
 #certfile /var/lib/mosquitto/fullchain.pem
 #keyfile /var/lib/mosquitto/privkey.pem
 #require_certificate false
@@ -20,7 +20,7 @@ persistence_location /var/lib/mosquitto
 ###### ENABLE TLS ######
 #listener 8883
 #protocol mqtt
-#cafile /var/lib/mosquitto/DST_Root_CA_X3.pem
+#capath /etc/ssl/certs
 #certfile /var/lib/mosquitto/fullchain.pem
 #keyfile /var/lib/mosquitto/privkey.pem
 #require_certificate false

mosquitto/data/mosquitto.conf

@@ -12,7 +12,7 @@ persistence_location /var/lib/mosquitto
 ###### ENABLE WS ######
 #listener 8080
 #protocol websockets
-#cafile /var/lib/mosquitto/DST_Root_CA_X3.pem
+#capath /etc/ssl/certs
 #certfile /var/lib/mosquitto/fullchain.pem
 #keyfile /var/lib/mosquitto/privkey.pem
 #require_certificate false
@@ -20,7 +20,7 @@ persistence_location /var/lib/mosquitto
 ###### ENABLE TLS ######
 #listener 8883
 #protocol mqtt
-#cafile /var/lib/mosquitto/DST_Root_CA_X3.pem
+#capath /etc/ssl/certs
 #certfile /var/lib/mosquitto/fullchain.pem
 #keyfile /var/lib/mosquitto/privkey.pem
 #require_certificate false

netdata/arm/Dockerfile

@@ -2,48 +2,36 @@
 # Dockerfile for netdata-arm
 #
 
-FROM resin/rpi-raspbian:jessie
+FROM easypi/alpine-arm
 MAINTAINER EasyPi Software Foundation
 
-ENV NETDATA_VER 1.6.0
+ENV NETDATA_VERSION 1.6.0
-ENV NETDATA_URL https://github.com/firehol/netdata/releases/download/v${NETDATA_VER}/netdata-${NETDATA_VER}.tar.gz
-ENV NETDATA_DEB netdata_${NETDATA_VER}_armhf.deb
-
-WORKDIR /usr/src
 
 RUN set -xe \
-    && apt-get update \
+    && apk add --no-cache autoconf \
-    && apt-get -y install autoconf \
-                          autoconf-archive \
-                          autogen \
                           automake \
-                          build-essential \
+                          bash \
+                          build-base \
                           curl \
-                          debhelper \
+                          libmnl \
-                          dh-autoreconf \
-                          dh-systemd \
-                          fakeroot \
                           libmnl-dev \
-                          pkg-config \
+                          libuuid \
-                          uuid-dev \
+                          util-linux-dev \
-                          zlib1g-dev \
+                          zlib-dev \
-    && curl -sSL ${NETDATA_URL} | tar xz \
+    && addgroup -g 1000 netdata \
-    && cd netdata-${NETDATA_VER} \
+    && adduser -D -H -u 1000 -G netdata netdata \
-    && ln -s contrib/debian \
+    && curl -sSL https://github.com/firehol/netdata/releases/download/v$NETDATA_VERSION/netdata-$NETDATA_VERSION.tar.gz | tar xz \
-    && dpkg-buildpackage -us -uc -rfakeroot \
+    && cd netdata-$NETDATA_VERSION \
+    && ./netdata-installer.sh --dont-wait \
     && cd .. \
-    && dpkg -i ${NETDATA_DEB} \
+    && rm -rf netdata-$NETDATA_VERSION \
-    && apt-get remove -y autoconf \
+    && apk del autoconf \
-                         autoconf-archive \
-                         autogen \
                automake \
-                         build-essential \
+               build-base \
                curl \
-                         debhelper \
+               libmnl-dev \
-                         dh-autoreconf \
+               util-linux-dev \
-                         dh-systemd \
+               zlib-dev
-                         pkg-config \
-    && rm -rf netdata-${NETDATA_VER} /var/lib/apt/lists/*
 
 VOLUME /etc/netdata