HTTP Authorization Configuration
HTTP Authorization provides yet another method for authorization. NanoMQ will send an HTTP POST request in the format as configured to the target HTTP server when receiving CONNECT
packets from MQTT clients, and relies on the return code of HTTP POST for the client's authorization. It enables extensive authorization with external HTTP service.
TIP
For now, HTTP Authorization only supports MQTT CONNECT
, will add support for PUBLISH
& SUBSCRIBE
in the future. Please post an issue if you need further support urgently.
Configuration Example
If you need to use http_auth
, you can modify it in the format of the following example, and then put the configuration of http_auth
into the auth {}
configuration. The relevant settings will take effect after NanoMQ is restarted.
auth {
...
http_auth = {
auth_req {
url = "http://127.0.0.1:80/mqtt/auth"
method = post
headers.content-type = "application/x-www-form-urlencoded"
params = {clientid = "%c", username = "%u", password = "%P"}
}
super_req {
url = "http://127.0.0.1:80/mqtt/superuser"
method = "post"
headers.content-type = "application/x-www-form-urlencoded"
params = {clientid = "%c", username = "%u", password = "%P"}
}
acl_req {
url = "http://127.0.0.1:8991/mqtt/acl"
method = "post"
headers.content-type = "application/x-www-form-urlencoded"
params = {clientid = "%c", username = "%u", access = "%A", ipaddr = "%a", topic = "%t", mountpoint = "%m"}
}
timeout = 5s
connect_timeout = 5s
pool_size = 32
}
...
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Users wishing to use the KV configuration format can refer to the following structure and write their configurations into the nanomq_old.conf
file. The relevant settings will take effect after NanoMQ is restarted.
auth.http.enable=<Your Value>
auth.http.auth_req.url="http://127.0.0.1:80/mqtt/auth"
auth.http.auth_req.method="post"
auth.http.auth_req.headers.<Any>=<Your Value>
auth.http.auth_req.params.clientid="%c"
auth.http.auth_req.params.username="%u"
auth.http.auth_req.params.password="%p"
auth.http.super_req.url="http://127.0.0.1:80/mqtt/superuser"
auth.http.super_req.method="post"
auth.http.super_req.headers.<Any>=<Your Value>
auth.http.super_req.params.clientid="%c"
auth.http.super_req.params.username="%u"
auth.http.super_req.params.password="%p"
auth.http.acl_req.url="http://127.0.0.1:8991/mqtt/acl"
auth.http.acl_req.method="post"
auth.http.acl_req.headers.<Any>=<Your Value>
auth.http.acl_req.params.clientid="%c"
auth.http.acl_req.params.username="%u"
auth.http.acl_req.params.access="%A"
auth.http.acl_req.params.ipaddr="%a"
auth.http.acl_req.params.topic="%t"
auth.http.acl_req.params.mountpoint="%m"
auth.http.timeout="5s"
auth.http.connect_timeout="5s"
auth.http.ssl.cacertfile=<Your Value>
auth.http.ssl.certfile=<Your Value>
auth.http.ssl.keyfile=<Your Value>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Start NanoMQ
Start NanoMQ and specify the path to the configuration path.
$ nanomq start --conf path/to/nanomq.conf
1
If you are using the KV format, start NanoMQ with the command below:
$ nanomq start --old_conf path/to/nanomq_old.conf
1