acl.config文件定义了可订阅$SYS主题的权限。
{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
%%%{deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
{allow, all}.
acl.config文件第三行默认是禁止客户端订阅$SYS/#主题。我们把它注释掉。开启一个客户端,订阅$SYS/#主题,消息如下:
module(emqttd_broker)这个模块,它会每秒钟publish消息,主题关键字有uptime和datetime等。
module(emqttd_stats)这个模块,它会每60秒钟publish消息,把Ets表mqtt_stats的信息发出来。
module(emqttd_metrics)这个模块,它的原理同上。
eg:
$SYS/brokers/[email protected]/uptime: qos=0
$SYS/brokers/[email protected]/sysdescr: qos=0
打开文件vm.args,把节点名称修改为:
#-name [email protected]
-name [email protected]
eg:
$SYS/brokers/[email protected]/uptime: qos=0
$SYS/brokers/[email protected]/sysdescr: qos=0
订阅客户端上下线的主题
具体某个节点的某个clientId方式的主题是:
$SYS/brokers/(node)/clients/(clientId)/connected
$SYS/brokers/[email protected]/clients/861694030142478/connected
$SYS/brokers/[email protected]/clients/861694030142478/disconnected
通配方式的主题是:
$SYS/brokers/+/clients/+/connected
$SYS/brokers/+/clients/+/disconnected
$SYS/brokers/+/clients/#
出于安全起见,我们把acl.config文件修改为:
允许客户端订阅"$SYS/brokers/+/clients/#"主题,但是禁止订阅"$SYS/#"主题。
{allow, {user, "dashboard"}, subscribe, ["$SYS/#"]}.
{allow, {ipaddr, "127.0.0.1"}, pubsub, ["$SYS/#", "#"]}.
{allow, all, subscribe, ["$SYS/brokers/+/clients/#"]}.
{deny, all, subscribe, ["$SYS/#", {eq, "#"}]}.
{allow, all}.