Synchronet v3.19b-Win32 (install) has been released (Jan-2022).

You can donate to the Synchronet project using PayPal.

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
wiki:user:nelgin [2024/09/03 11:05] – [Mosquitto, Synchronet and TLS With Self-Signed Certs] Update to change permissions on pw file nelginwiki:user:nelgin [2024/09/03 11:22] (current) – [Mosquitto, Synchronet and TLS With Self-Signed Certs] nelgin
Line 26: Line 26:
 ===== Mosquitto, Synchronet and TLS With Self-Signed Certs ===== ===== Mosquitto, Synchronet and TLS With Self-Signed Certs =====
  
-This works for me. It might not work for you.+This works for me. It might not work for you. It's easier to do all this as root and then chown/chmod files as necessary to secure them. This works on Ubuntu.
  
 First I created a dns entry mqtt.endofthelinebbs.com to point to my server IP address. You could probably use your regular dns name or something else, I'm not sure. I just know this works for me. First I created a dns entry mqtt.endofthelinebbs.com to point to my server IP address. You could probably use your regular dns name or something else, I'm not sure. I just know this works for me.
Line 39: Line 39:
 Now, convert the file Now, convert the file
     mosquitto_passwd -U pwfile     mosquitto_passwd -U pwfile
-    chmod 700 pwfile+    
 This will upgrade the file and hash the plain text password. Never run -U on an already hashed password file or it'll rehash the hashed password! This will upgrade the file and hash the plain text password. Never run -U on an already hashed password file or it'll rehash the hashed password!
  
Line 95: Line 95:
     use_identity_as_username false     use_identity_as_username false
          
-chown mosquitto. /etc/mosquitto/certs/* /etc/mosquitto/conf.d/sbbs.conf +chown mosquitto. /etc/mosquitto/certs/* /etc/mosquitto/conf.d/sbbs.conf /etc/mosquitto/pwfile 
-chmod 640 /sbbs/mosquitto/certs/*+chmod 640 /sbbs/mosquitto/certs//etc/mosquitto/pwfile
          
 Now start or restart your mosquitto service Now start or restart your mosquitto service
Line 118: Line 118:
 If all is good you can now make your sbbs certs. If all is good you can now make your sbbs certs.
  
-cd /sbbs/ctrl+
 Create your key Create your key
 +    cd /etc/mosquitto/certs
     openssl genrsa -out  sbbs_mqtt.key 2048     openssl genrsa -out  sbbs_mqtt.key 2048
 Create your csr Create your csr
Line 127: Line 128:
     openssl x509 -req -in sbbs_mqtt.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out  sbbs_mqtt.crt  -days 36500     openssl x509 -req -in sbbs_mqtt.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out  sbbs_mqtt.crt  -days 36500
          
-copy the /etc/mosquitto/certs/ca.crt file to /sbbs/ctrl+copy the /etc/mosquitto/certs/ca.crt file and move the sbbs_mqtt files to /sbbs/ctrl 
 + 
 +    cp /etc/mosquitto/certs/ca.crt /sbbs/ctrl 
 +    mv /etc/mosquitto/certs/sbbs_mqtt.* /sbbs/ctrl 
 +    cd /sbbs/ctrl
     chown bbsuser:bbsgroup ca.crt sbbs_mqtt.*     chown bbsuser:bbsgroup ca.crt sbbs_mqtt.*
 Replacing bbsuser and bbsgroup with the username/group of your bbs user. Replacing bbsuser and bbsgroup with the username/group of your bbs user.