search

sapcc / mosquitto-exporter

Prometheus metrics exporter for the Mosquitto message broker
Apache License 2.0
130 stars 60 forks source link

Dockerfile does not support TLS connections #30

Open jnovack opened 4 years ago

jnovack commented 4 years ago

FROM scratch does not include any ca-certificates, so it will fail to connect to any TLS-enabled MQTT broker.

❯ docker pull sapcc/mosquitto-exporter:0.6.0
0.6.0: Pulling from sapcc/mosquitto-exporter
257963aec3e6: Pull complete 
Digest: sha256:109e3fbbf99943eacc66a57a6e535ea43878fc63c328d1e27a928e6e69c72ddb
Status: Downloaded newer image for sapcc/mosquitto-exporter:0.6.0
docker.io/sapcc/mosquitto-exporter:0.6.0
❯ docker run -e BROKER_ENDPOINT=tls://test.mosquitto.org:8883 -p 9234:9234 sapcc/mosquitto-exporter:0.6.0 
2020/06/20 19:06:52 Starting mosquitto_broker 0.6.0 (0ac92b5), go1.12.3
2020/06/20 19:06:52 Error: Failed to connect to broker: Network Error : x509: certificate signed by unknown authority
jnovack commented 4 years ago

Needs the following in the Dockerfile.

FROM scratch
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
tvojacek commented 1 year ago

certs are secrets should not be part of image. mount certificate files using docker volume