MQTT Proxy Authentication #20
Comments
|
Hi We can use the Cluster module for performance The proxy acts as a HTTP proxy, which forwards HTTP request to one of the GLPI instances, defined in a config.js file. See these resources: mosquittohttps://github.com/jpmens/mosquitto-auth-plug (readme.md about HTTP auth bachkend) emqhttps://github.com/emqtt/emq-auth-http There are 3 types of requests
The 1st one is t he trickiest because when a device authenticates, we cannot detect which GLPI instance. For now we must send the authentication request to all GLPI instances. If one of them succeeds then the proxy must answer HTTP 200 OK. If all fails then the proxy must answer 403 (any 40x is possible, but 403 means : forbidden) The last one is the easiest: The 2nd request : it seems we must implement it. For now, we don't need it. Return HTTP 403. Finally! we need to avoit sending a request to all GLPI instances in the 1st type of request. I think we will need to define a username prefix MQTT Accounts of devices, like we are doing for topics. This way, you can detect by the username which GLPI instance to request and not request ALL (and I can also implement some kind of namespace of usernames. This is safer and will avoid username collisions). Here is in a nutshell the need. |
Hi, @btry
Could you describe here the information related to design the gateway in Nodejs?
Thank you in advance.
The text was updated successfully, but these errors were encountered: