Hi All
We like to secure VerneMQ using authentication and authorization to control client to publish and subscribe
Here is our requirement
-
2000 unique Clients (1900 client run on Edge devices and 100 client on Premise) register to publish and subscribe to VerneMQ Broker Cluster Docker containers running on Premise
-
Unique Client Id has the following format
<service_type>uuid
where service_type = trafficcontrol, cav, adaptive, sensor, cornerstone,tco, basicconsumer,
advancecomsumer
for example trafficcontrol219517053241900
cav219517053241936
adaptive21951705324131
sensor219517053241900
cornerstone219517053241931
tco219517053241536
basicconsumer219518053241538
advancecomsumer219535053241515 -
Service_type publish and subscribe access Roles
service_type = trafficcontrol can publish sp/prod/bc/tcu/rt-veh/# and subscribe sp/prod/#
service_type = cav can publish sp/prod/req/tcu/cav/# and subscribe sp/prod/#
service_type = adaptive can publish sp/prod/req/tcu/adaptive/# and subscribe sp/prod/#
service_type = sensor can publish sp/prod/bc/sdd/rt-veh/#
service_type = adaptive can publish sp/prod/req/tcu/adaptive/# and subscribe sp/prod/#
service_type = cornerstone can publish sp/prod/rep/cts/# and subscribe sp/prod/#
service_type = tco can publish sp/prod/req/tco/# and subscribe sp/prod/rep/tco/#
service_type = basicconsumer can subscribe sp/prod/bc/sdd/rt-veh/#
service_type = advancecomsumer can subscribe sp/prod/#where req = Request action, rep = Reply/Response/ action, bc = broadcast or notification actions
-
We more then 100 customers world wide
Can you please advise best practice to setup secure VerneMQ Broker cluster using authentication and authorization with ACL either by Database or file base on our requirement.
I looked at links Auth using files - VerneMQ and Auth using a database - VerneMQ
but I do not understand how to configre authorization with ACL using database or file
For authentication, I was think to generate Client Certificates using openssl with Certificate Authority (CA)
Thank you for your help and support
Regards, Bao