Differences

This shows you the differences between two versions of the page.

--- wiki:user:nelgin [2020/04/05 02:11] – nelgin
+++ wiki:user:nelgin [2026/02/16 21:51] (current) – Small update nelgin
@@ Line 1: / Line 1: @@
+===== Nelgin - End Of The Line BBS =====
 Nelgin was born in England and moved to the US in 1996. He's fluent in both English English and American English :)
@@ Line 7: / Line 8: @@
 He plays keyboards, guitar, and drums for fun.
-His aim is to visit all 50 states. He's visited 33 so far.
+His aim is to visit all 50 states. He's visited <del>36</del> 37 so far.
 End Of The Line BBS is run by Nelgin
@@ Line 15: / Line 16: @@
 telnet://endofthelinebbs.com
+[[ssh://endofthelinebbs.com]]
+[[rlogin://endofthelinebbs.com]]
+Point a viewdata emulator at endofthelinebbs.com port 6502 to try the experimental interface.
 {{:person:guitar.png}}
+I may have contributed a line or two to Synchronet.
+===== Mosquitto, Synchronet and TLS With Self-Signed Certs =====
+This works for me. It might not work for you. It's easier to do all this as root and then chown/chmod files as necessary to secure them. This works on Ubuntu.
+First I created a dns entry mqtt.endofthelinebbs.com to point to my server IP address. You could probably use your regular dns name or something else, I'm not sure. I just know this works for me.
+Obviously, don't use endofthelinebbs.com but your own domain name throughout. Your certs are not going to work on my mqtt server!
+Next, I decided to create a password for my bbs user for extra security.
+In /etc/mosquitto create a pwfile file with a username:password line
+    bbs:mypasswd
+Now, convert the file
+    mosquitto_passwd -U pwfile
+This will upgrade the file and hash the plain text password. Never run -U on an already hashed password file or it'll rehash the hashed password!
+In your /etc/mosquitto/certs directory:
+Create your CA
+    openssl genrsa -des3 -out ca.key 2048
+Enter a passphrase you'll remember. You'll need this to sign your certs.
+Now create your ca.crt
+    openssl req -new -x509 -days 36500  -key ca.key -out ca.crt
+For Common Name, I just entered the domain, endofthelinebbs.com
+Create a server.key
+    openssl genrsa -out server.key 2048
+Now the csr
+    openssl req -new -out server.csr -key server.key
+Here I use mqtt.endofthelinebbs.com as the Common Name. This is what we'll use to connect to the mqtt service.
+Now create the crt
+    openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 36500
+Create /etc/mosquitto/conf.d/sbbs.conf
+    allow_anonymous false
+    password_file /etc/mosquitto/pwfile
+    log_type debug
+    # mqtt protocol standard port
+    listener 1883
+    # mqtt protocol ssl port
+    listener 8883
+    tls_version tlsv1.2
+    cafile /etc/mosquitto/certs/ca.crt
+    certfile /etc/mosquitto/certs/server.crt
+    keyfile /etc/mosquitto/certs/server.key
+    require_certificate true
+    use_identity_as_username false
+    # websocket protocol standard port
+    listener 1884
+    protocol websockets
+    socket_domain ipv4
+    # websocket protocol ssl port
+    listener 8884
+    protocol websockets
+    socket_domain ipv4
+    cafile /etc/mosquitto/certs/ca.crt
+    certfile /etc/mosquitto/certs/server.crt
+    keyfile /etc/mosquitto/certs/server.key
+    require_certificate true
+    use_identity_as_username false
+chown mosquitto. /etc/mosquitto/certs/* /etc/mosquitto/conf.d/sbbs.conf /etc/mosquitto/pwfile
+chmod 640 /sbbs/mosquitto/certs/* /etc/mosquitto/pwfile
+Now start or restart your mosquitto service
+    systemctl restart mosquitto
+    or
+    systemctl start mosquitto
+Check /var/log/mosquitto/mosquitto.log to see if its running
+    1702534680: mosquitto version 2.0.11 starting
+    1702534680: Config loaded from /etc/mosquitto/mosquitto.conf.
+    1702534680: Opening ipv4 listen socket on port 1883.
+    1702534680: Opening ipv6 listen socket on port 1883.
+    1702534680: Opening ipv4 listen socket on port 8883.
+    1702534680: Opening ipv6 listen socket on port 8883.
+    1702534680: Opening websockets listen socket on port 1884.
+    1702534680: Opening websockets listen socket on port 8884.
+    1702534680: mosquitto version 2.0.11 running
+If all is good you can now make your sbbs certs.
+Create your key
+    cd /etc/mosquitto/certs
+    openssl genrsa -out  sbbs_mqtt.key 2048
+Create your csr
+    openssl req -new -out sbbs_mqtt.csr -key  sbbs_mqtt.key
+For Common Name, I use the BBS hostname, bbs.endofthelinebbs.com
+Create your crt
+    openssl x509 -req -in sbbs_mqtt.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out  sbbs_mqtt.crt  -days 36500
+copy the /etc/mosquitto/certs/ca.crt file and move the sbbs_mqtt files to /sbbs/ctrl
+    cp /etc/mosquitto/certs/ca.crt /sbbs/ctrl
+    mv /etc/mosquitto/certs/sbbs_mqtt.* /sbbs/ctrl
+    cd /sbbs/ctrl
+    chown bbsuser:bbsgroup ca.crt sbbs_mqtt.*
+Replacing bbsuser and bbsgroup with the username/group of your bbs user.
+use scfg to configure your MTQQ accordingly, use port 8883, hostname is mqtt.endofthelinebbs.com and select TLS.
+<code>
+[MQTT]
+Enabled=true
+Verbose=true
+Broker_addr=mqtt.endofthelinebbs.com
+Broker_port=8883
+Protocol_version=5
+Keepalive=11
+Publish_QOS=0
+Subscribe_QOS=2
+Username=bbs
+Password=xxxxxxxxx
+LogLevel=Debugging
+TLS_mode=1
+TLS_cafile=/sbbs/ctrl/ca.crt
+TLS_certfile=/sbbs/ctrl/sbbs_mqtt.crt
+TLS_keyfile=/sbbs/ctrl/sbbs_mqtt.key
+TLS_keypass=
+TLS_psk=
+TLS_identity=
+</code>
+You'll need to restart sbbs. I found that if it's already connected to port 1883 then it won't establish a new connection.
+If you're lucky, your logfile will show sbbs connected:
+    1702583738: New client connected from 192.138.210.158:59382 as sbbs-EOTLBBS-bbs.endofthelinebbs.com-web (p5, c1, k11, u'bbs').
+This is a very rough draft of what worked for me on my Ubuntu 22.04.3 with the latest build of Synchronet.

Trace:

Differences

Navigation

Search

Toolbox