diff --git a/application/src/main/resources/thingsboard.yml b/application/src/main/resources/thingsboard.yml index 79e8d9e1d3..2609be7d75 100644 --- a/application/src/main/resources/thingsboard.yml +++ b/application/src/main/resources/thingsboard.yml @@ -595,6 +595,10 @@ transport: ssl: # Enable/disable SSL support enabled: "${MQTT_SSL_ENABLED:false}" + # MQTT SSL bind address + bind_address: "${MQTT_SSL_BIND_ADDRESS:0.0.0.0}" + # MQTT SSL bind port + bind_port: "${MQTT_SSL_BIND_PORT:8883}" # SSL protocol: See http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext protocol: "${MQTT_SSL_PROTOCOL:TLSv1.2}" # Path to the key store that holds the SSL certificate diff --git a/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java b/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java index 7771509c37..f61553bd22 100644 --- a/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java +++ b/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttSslHandlerProvider.java @@ -73,7 +73,16 @@ public class MqttSslHandlerProvider { @Autowired private TransportService transportService; + private SslHandler sslHandler; + public SslHandler getSslHandler() { + if (sslHandler == null) { + sslHandler = createSslHandler(); + } + return sslHandler; + } + + private SslHandler createSslHandler() { try { TrustManagerFactory tmFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); KeyStore trustStore = KeyStore.getInstance(keyStoreType); diff --git a/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportServerInitializer.java b/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportServerInitializer.java index bbe382163b..386c2a8dd6 100644 --- a/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportServerInitializer.java +++ b/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportServerInitializer.java @@ -28,16 +28,18 @@ import io.netty.handler.ssl.SslHandler; public class MqttTransportServerInitializer extends ChannelInitializer { private final MqttTransportContext context; + private final boolean sslEnabled; - public MqttTransportServerInitializer(MqttTransportContext context) { + public MqttTransportServerInitializer(MqttTransportContext context, boolean sslEnabled) { this.context = context; + this.sslEnabled = sslEnabled; } @Override public void initChannel(SocketChannel ch) { ChannelPipeline pipeline = ch.pipeline(); SslHandler sslHandler = null; - if (context.getSslHandlerProvider() != null) { + if (sslEnabled && context.getSslHandlerProvider() != null) { sslHandler = context.getSslHandlerProvider().getSslHandler(); pipeline.addLast(sslHandler); } diff --git a/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportService.java b/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportService.java index 3e53dec227..5498752151 100644 --- a/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportService.java +++ b/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportService.java @@ -46,6 +46,14 @@ public class MqttTransportService implements TbTransportService { @Value("${transport.mqtt.bind_port}") private Integer port; + @Value("${transport.mqtt.ssl.enabled}") + private boolean sslEnabled; + + @Value("${transport.mqtt.ssl.bind_address}") + private String sslHost; + @Value("${transport.mqtt.ssl.bind_port}") + private Integer sslPort; + @Value("${transport.mqtt.netty.leak_detector_level}") private String leakDetectorLevel; @Value("${transport.mqtt.netty.boss_group_thread_count}") @@ -59,6 +67,7 @@ public class MqttTransportService implements TbTransportService { private MqttTransportContext context; private Channel serverChannel; + private Channel sslServerChannel; private EventLoopGroup bossGroup; private EventLoopGroup workerGroup; @@ -73,10 +82,18 @@ public class MqttTransportService implements TbTransportService { ServerBootstrap b = new ServerBootstrap(); b.group(bossGroup, workerGroup) .channel(NioServerSocketChannel.class) - .childHandler(new MqttTransportServerInitializer(context)) + .childHandler(new MqttTransportServerInitializer(context, false)) .childOption(ChannelOption.SO_KEEPALIVE, keepAlive); serverChannel = b.bind(host, port).sync().channel(); + if (sslEnabled) { + b = new ServerBootstrap(); + b.group(bossGroup, workerGroup) + .channel(NioServerSocketChannel.class) + .childHandler(new MqttTransportServerInitializer(context, true)) + .childOption(ChannelOption.SO_KEEPALIVE, keepAlive); + sslServerChannel = b.bind(sslHost, sslPort).sync().channel(); + } log.info("Mqtt transport started!"); } @@ -85,6 +102,9 @@ public class MqttTransportService implements TbTransportService { log.info("Stopping MQTT transport!"); try { serverChannel.close().sync(); + if (sslEnabled) { + sslServerChannel.close().sync(); + } } finally { workerGroup.shutdownGracefully(); bossGroup.shutdownGracefully(); diff --git a/transport/mqtt/src/main/resources/tb-mqtt-transport.yml b/transport/mqtt/src/main/resources/tb-mqtt-transport.yml index 6dbbb99311..f748bd872d 100644 --- a/transport/mqtt/src/main/resources/tb-mqtt-transport.yml +++ b/transport/mqtt/src/main/resources/tb-mqtt-transport.yml @@ -99,6 +99,10 @@ transport: ssl: # Enable/disable SSL support enabled: "${MQTT_SSL_ENABLED:false}" + # MQTT SSL bind address + bind_address: "${MQTT_SSL_BIND_ADDRESS:0.0.0.0}" + # MQTT SSL bind port + bind_port: "${MQTT_SSL_BIND_PORT:8883}" # SSL protocol: See http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext protocol: "${MQTT_SSL_PROTOCOL:TLSv1.2}" # Path to the key store that holds the SSL certificate @@ -298,4 +302,4 @@ management: web: exposure: # Expose metrics endpoint (use value 'prometheus' to enable prometheus metrics). - include: '${METRICS_ENDPOINTS_EXPOSE:info}' \ No newline at end of file + include: '${METRICS_ENDPOINTS_EXPOSE:info}'