sunet-cdn/cdn-ops
2
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
cdn-ops/global/overlay/etc/puppet/modules/cdn/templates/mqtt/cdn.conf.erb
Patrik Lundin 0461a8f0b8
mqtt: fix certfile usage 
Use fullchain.pem instead of cert.pem which fixes "certificate signed by
unknown authority" problems.
Also point cafile to correct root cert.
2024-11-05 14:39:13 +01:00

20 lines
623 B
Plaintext
Raw Blame History

listener 8883
cafile /usr/local/share/ca-certificates/step_ca_root.crt
certfile /etc/mosquitto/certs/fullchain.pem
keyfile /etc/mosquitto/certs/privkey.pem
require_certificate true
use_identity_as_username true
acl_file /etc/mosquitto/aclfile
log_type all
<% @bridges.each do |remote_dc, bridge_config| -%>
connection <%= @dc %>-to-<%= remote_dc %>
address <%= bridge_config['address'] %>:<%= bridge_config['port'] %>
topic cdn/<%= @dc %>/purge out 1
bridge_cafile /usr/local/share/ca-certificates/step_ca_root.crt
bridge_certfile /etc/mosquitto/certs/cert.pem
bridge_keyfile /etc/mosquitto/certs/privkey.pem
<% end -%>
Reference in a new issue View git blame Copy permalink