v3.24

pvtom · Jun 1, 2024 · 5dd43df · 5dd43df
1 parent 78ffb36
commit 5dd43df
Show file tree

Hide file tree

Showing 8 changed files with 286 additions and 35 deletions.
diff --git a/DOCKER.md b/DOCKER.md
@@ -17,3 +17,24 @@ docker run -e TZ=Europe/Berlin --rm -v /path/to/your/.config:/opt/rscp2mqtt/.con
 ```
 docker run -e TZ=Europe/Berlin --rm -v /path/to/your/.config:/opt/rscp2mqtt/.config pvtom/rscp2mqtt:latest-with-influxdb
 ```
+
+### Start the docker container with TLS to connect the MQTT broker
+
+Depending on the configuration of your TLS environment, adopt your .config file.
+
+Example:
+```
+MQTT_TLS=true
+MQTT_TLS_CAFILE=tls/ca.crt
+MQTT_TLS_CERTFILE=tls/client.crt
+MQTT_TLS_KEYFILE=tls/client.key
+```
+
+Start with
+```
+docker run -e TZ=Europe/Berlin --rm -v /path/to/your/.config:/opt/rscp2mqtt/.config -v /path/to/your/tls:/opt/rscp2mqtt/tls pvtom/rscp2mqtt:latest
+```
+or with InfluxDB support
+```
+docker run -e TZ=Europe/Berlin --rm -v /path/to/your/.config:/opt/rscp2mqtt/.config -v /path/to/your/tls:/opt/rscp2mqtt/tls pvtom/rscp2mqtt:latest-with-influxdb
+```
diff --git a/INFLUXDB.md b/INFLUXDB.md
@@ -63,3 +63,17 @@ INFLUXDB_2_TOKEN=<my_token>
 ```
 
 Please use the web admin tool of the InfluxDB v2.x to configure the bucket, the orga and the token.
+
+### TLS encryption
+
+rscp2mqtt uses the library libcurl for the connection to InfluxDB. To establish a TLS connection, please use the following configuration parameters.
+```
+CURL_HTTPS=true
+CURL_OPT_SSL_VERIFYPEER=true
+CURL_OPT_SSL_VERIFYHOST=true
+CURL_OPT_CAINFO=
+CURL_OPT_SSLCERT=
+CURL_OPT_SSLKEY=
+```
+
+For the configuration of the database look at the official InfluxDB documentation.
diff --git a/MQTT_TLS.md b/MQTT_TLS.md
@@ -0,0 +1,99 @@
+## MQTT with TLS
+
+rscp2mqtt can connect the MQTT broker using TLS.
+
+### Configuration
+
+Add these lines to the .config file and adjust the values according to your environment:
+
+```
+MQTT_TLS=true
+MQTT_TLS_CAFILE=/home/pi/ca.crt
+MQTT_TLS_CERTFILE=/home/pi/client.crt
+MQTT_TLS_KEYFILE=/home/pi/client.key
+```
+
+### Certificates and broker configuration
+
+Please follow these commands to create an example environment on your computer with a running Mosquitto broker:
+
+Switch to root
+```
+sudo -i
+```
+
+Create server key file and certificate
+```
+cd /etc/mosquitto/ca_certificates
+
+openssl genrsa -des3 -out ca.key 2048
+openssl req -new -x509 -days 1826 -key ca.key -out ca.crt
+
+cd /etc/mosquitto/certs
+
+openssl genrsa -out mosquitto.key 2048
+openssl req -new -out mosquitto.csr -key mosquitto.key
+
+# Common Name = ip address of the server
+
+openssl x509 -req -in mosquitto.csr -CA /etc/mosquitto/ca_certificates/ca.crt -CAkey /etc/mosquitto/ca_certificates/ca.key -CAcreateserial -out mosquitto.crt
+```
+
+Create client key file and certificate
+```
+cd /etc/mosquitto/certs
+
+openssl genrsa -out client.key 2048
+openssl req -new -out client.csr -key client.key
+
+# Common Name = ip address of the server
+
+openssl x509 -req -in client.csr -CA /etc/mosquitto/ca_certificates/ca.crt -CAkey /etc/mosquitto/ca_certificates/ca.key -CAcreateserial -out client.crt
+
+chmod a+r *
+```
+
+### Broker configuration
+```
+cd /etc/mosquitto/conf.d
+
+nano 010-listener-with-tls.conf
+```
+
+Please insert the following lines into 010-listener-with-tls.conf
+```
+listener 8883
+certfile /etc/mosquitto/certs/mosquitto.crt
+keyfile /etc/mosquitto/certs/mosquitto.key
+cafile /etc/mosquitto/ca_certificates/ca.crt
+require_certificate true
+```
+
+Restart the MQTT broker
+```
+systemctl restart mosquitto.service
+```
+
+### Prepare client 
+
+Copy client key and certificate
+```
+cd /home/pi
+sudo mv /etc/mosquitto/certs/client.* .
+sudo chown pi.pi client.*
+cp /etc/mosquitto/ca_certificates/ca.crt .
+```
+
+Adjust .config to the ip address (according to the certificate definition) and the new port number
+```
+MQTT_HOST=192.168.178.123
+MQTT_PORT=8883
+```
+
+Start rscp2mqtt
+
+Subscribe to the MQTT broker
+```
+# use the ip address of the server
+mosquitto_sub -h 192.168.178.123 -p 8883 -t "#" --cafile /home/pi/ca.crt --cert /home/pi/client.crt --key /home/pi/client.key
+```
diff --git a/README.md b/README.md
@@ -46,6 +46,7 @@ For continuous provision of values, you can configure several topics that are pu
 - Query of historical daily values
 - Multiple power meters
 - Switch between wallboxes
+- TLS connections ([MQTT broker](MQTT_TLS.md), InfluxDB)
 
 Please also take a look at the [release notes](RELEASE.md).
 
@@ -152,19 +153,19 @@ or to show the help page
 If everything works properly, you will see something like this:
 
 ```
-rscp2mqtt [3.23]
+rscp2mqtt [3.24]
 E3DC system >192.168.178.111:5033< user: >your E3DC user<
-MQTT broker >localhost:1883< qos = >0< retain = >false< client id >✗< prefix >e3dc<
+MQTT broker >localhost:1883< qos = >0< retain = >false< tls >✗< client id >✗< prefix >e3dc<
 Fetching data every second.
 Requesting PVI ✓ | PM (0) | DCB ✓ (1 battery string) | Wallbox (0) ✗ | Autorefresh ✓
-Log level = 0
+Log Level = 2 (BUFFERED)
 Stdout to terminal
 
-[2024-05-12 19:00:00] pid=30230 ppid=1 RscpMqttMain.cpp(2952) Connecting to server 192.168.178.111:5033
-[2024-05-12 19:00:00] pid=30230 ppid=1 RscpMqttMain.cpp(2959) Success: E3DC connected.
-[2024-05-12 19:00:00] pid=30230 ppid=1 RscpMqttMain.cpp(1896) RSCP authentication level 10
-[2024-05-12 19:00:00] pid=30230 ppid=1 RscpMqttMain.cpp(2428) Connecting to broker localhost:1883
-[2024-05-12 19:00:00] pid=30230 ppid=1 RscpMqttMain.cpp(2440) Success: MQTT broker connected.
+[2024-06-01 09:00:00] pid=30240 ppid=1 RscpMqttMain.cpp(3022) Connecting to server 192.168.178.111:5033
+[2024-06-01 09:00:00] pid=30240 ppid=1 RscpMqttMain.cpp(3029) Success: E3DC connected.
+[2024-06-01 09:00:00] pid=30240 ppid=1 RscpMqttMain.cpp(1903) RSCP authentication level 10
+[2024-06-01 09:00:00] pid=30240 ppid=1 RscpMqttMain.cpp(2435) Connecting to broker localhost:1883
+[2024-06-01 09:00:00] pid=30240 ppid=1 RscpMqttMain.cpp(2456) Success: MQTT broker connected.
 ```
 
 Check the configuration if the connections are not established.

diff --git a/RELEASE.md b/RELEASE.md
@@ -1,5 +1,14 @@
 ## Release Notes
 
+### Release v3.24 (01.06.2024)
+
+Bug fixes:
+- Prevention of a program crash when reconnecting to the MQTT broker
+
+Features:
+- MQTT with TLS support
+- InfluxDB with https
+
 ### Release v3.23 (12.05.2024)
 
 Bug fixes:

diff --git a/RscpMqttConfig.h b/RscpMqttConfig.h
@@ -16,6 +16,12 @@ typedef struct _config_t {
     char mqtt_user[128];
     char mqtt_password[128];
     bool mqtt_auth;
+    char *mqtt_tls_cafile;
+    char *mqtt_tls_capath;
+    char *mqtt_tls_certfile;
+    char *mqtt_tls_keyfile;
+    char *mqtt_tls_password;
+    bool mqtt_tls;
     int mqtt_qos;
     bool mqtt_retain;
     char mqtt_client_id[128];
@@ -32,6 +38,13 @@ typedef struct _config_t {
     char influxdb_orga[128];
     char influxdb_bucket[128];
     char influxdb_token[128];
+    bool curl_https;
+    char *curl_protocol;
+    bool curl_opt_ssl_verifypeer;
+    bool curl_opt_ssl_verifyhost;
+    char *curl_opt_cainfo;
+    char *curl_opt_sslcert;
+    char *curl_opt_sslkey;
 #endif
     char prefix[25];
     int history_start_year;