i have created a Mosquitto docker image using mosquitto 2.0.11 image, i have a Node-RED instance which is also deployed as a docker, now i want to restrict the users who can connect to the broker. one way is to create a username and password and allow only applications which have valid username/password to connect to Mosquitto broker, but i am looking at a way in the mosquitto.conf file where we can mention the host names of the application (in this case Node-RED), and allow only those applications to connect to the broker without having to authenticate.
as of now my conf file looks as below
listener 1883
allow_anonymous true
i want to remove the allow_anonymous true from my conf file and mention the host names of the applications whom i want to connect to the mosquitto broker. is there a way to do it?
thanks.
There is currently not a built in way to do access control based on source IP address built into mosquitto, the usual approach is to use a username/password for each client that wants to connect.
Mosquitto provides a built in text file based system for supplying username/passwords and ACLs. It also provides a way to set up dynamic user/acl creation using MQTT messages.
The dynamic security setup is documented here. Details of the password file and acl file are in the mosquitto.conf man page
If you want to do IP address based access control then you probably need to look at things like iptables and inetd hosts.allow/hosts.deny