Dockerfile

# Define Mosquitto version, see also .github/workflows/build_and_push_docker_images.yml for
# the automatically built images
ARG MOSQUITTO_VERSION=2.0.19
# Define libwebsocket version
ARG LWS_VERSION=4.3.3

# Use debian:stable-slim as a builder for Mosquitto and dependencies.
FROM debian:stable-slim AS mosquitto_builder
ARG MOSQUITTO_VERSION
ARG LWS_VERSION

# Get mosquitto build dependencies.
RUN set -ex; \
  apt-get update; \
  apt-get install -y wget build-essential cmake libssl-dev libcjson-dev

# Get libwebsocket. Debian's libwebsockets is too old for Mosquitto version > 2.x so it gets built from source.
RUN set -ex; \
  wget https://github.com/warmcat/libwebsockets/archive/v${LWS_VERSION}.tar.gz -O /tmp/lws.tar.gz; \
  mkdir -p /build/lws; \
  tar --strip=1 -xf /tmp/lws.tar.gz -C /build/lws; \
  rm /tmp/lws.tar.gz; \
  cd /build/lws; \
  cmake . \
  -DCMAKE_BUILD_TYPE=MinSizeRel \
  -DCMAKE_INSTALL_PREFIX=/usr \
  -DLWS_IPV6=ON \
  -DLWS_WITHOUT_BUILTIN_GETIFADDRS=ON \
  -DLWS_WITHOUT_CLIENT=ON \
  -DLWS_WITHOUT_EXTENSIONS=ON \
  -DLWS_WITHOUT_TESTAPPS=ON \
  -DLWS_WITH_HTTP2=OFF \
  -DLWS_WITH_SHARED=OFF \
  -DLWS_WITH_ZIP_FOPS=OFF \
  -DLWS_WITH_ZLIB=OFF \
  -DLWS_WITH_EXTERNAL_POLL=ON; \
  make -j "$(nproc)"; \
  rm -rf /root/.cmake

WORKDIR /app

RUN mkdir -p mosquitto/auth mosquitto/conf.d

RUN wget http://mosquitto.org/files/source/mosquitto-${MOSQUITTO_VERSION}.tar.gz

RUN tar xzvf mosquitto-${MOSQUITTO_VERSION}.tar.gz

# Build mosquitto.
RUN set -ex; \
  cd mosquitto-${MOSQUITTO_VERSION}; \
  make CFLAGS="-Wall -O2 -I/build/lws/include" LDFLAGS="-L/build/lws/lib" WITH_WEBSOCKETS=yes; \
  make install;

# Build mosquitto plugins.
RUN set -ex; \
  cd mosquitto-${MOSQUITTO_VERSION}/plugins/dynamic-security; \
  make CFLAGS="-Wall -O2 -I/build/lws/include" LDFLAGS="-L/build/lws/lib"; \
  make install;

# Use golang:latest as a builder for the Mosquitto Go Auth plugin.
FROM --platform=$BUILDPLATFORM golang:latest AS go_auth_builder

ENV CGO_CFLAGS="-I/usr/local/include -fPIC"
ENV CGO_LDFLAGS="-shared -Wl,-unresolved-symbols=ignore-all"
ENV CGO_ENABLED=1

# Bring TARGETPLATFORM to the build scope
ARG TARGETPLATFORM
ARG BUILDPLATFORM

# Install TARGETPLATFORM parser to translate its value to GOOS, GOARCH, and GOARM
COPY --from=tonistiigi/xx:golang / /
RUN go env

# Install needed libc and gcc for target platform.
RUN set -ex; \
  if [ ! -z "$TARGETPLATFORM" ]; then \
  case "$TARGETPLATFORM" in \
  "linux/arm64") \
  apt update && apt install -y gcc-aarch64-linux-gnu libc6-dev-arm64-cross \
  ;; \
  "linux/arm/v7") \
  apt update && apt install -y gcc-arm-linux-gnueabihf libc6-dev-armhf-cross \
  ;; \
  "linux/arm/v6") \
  apt update && apt install -y gcc-arm-linux-gnueabihf libc6-dev-armel-cross libc6-dev-armhf-cross \
  ;; \
  esac \
  fi

WORKDIR /app
COPY --from=mosquitto_builder /usr/local/include/ /usr/local/include/

COPY ./ ./
RUN set -ex; \
  go build -buildmode=c-archive go-auth.go; \
  go build -buildmode=c-shared -o go-auth.so; \
  go build pw-gen/pw.go

#Start from a new image.
FROM debian:stable-slim

RUN set -ex; \
  apt update; \
  apt install -y libc-ares2 openssl uuid tini wget libssl-dev libcjson-dev

RUN mkdir -p /var/lib/mosquitto /var/log/mosquitto
RUN set -ex; \
  groupadd mosquitto; \
  useradd -s /sbin/nologin mosquitto -g mosquitto -d /var/lib/mosquitto; \
  chown -R mosquitto:mosquitto /var/log/mosquitto/; \
  chown -R mosquitto:mosquitto /var/lib/mosquitto/

#Copy confs, plugin so and mosquitto binary.
COPY --from=mosquitto_builder /app/mosquitto/ /mosquitto/
COPY --from=go_auth_builder /app/pw /mosquitto/pw
COPY --from=go_auth_builder /app/go-auth.so /mosquitto/go-auth.so
COPY --from=mosquitto_builder /usr/local/sbin/mosquitto /usr/sbin/mosquitto

COPY --from=mosquitto_builder /usr/local/lib/libmosquitto* /usr/local/lib/
COPY --from=mosquitto_builder /usr/local/lib/mosquitto* /usr/local/lib/

COPY --from=mosquitto_builder /usr/local/bin/mosquitto_ctrl /usr/bin/mosquitto_ctrl
COPY --from=mosquitto_builder /usr/local/bin/mosquitto_passwd /usr/bin/mosquitto_passwd
COPY --from=mosquitto_builder /usr/local/bin/mosquitto_pub /usr/bin/mosquitto_pub
COPY --from=mosquitto_builder /usr/local/bin/mosquitto_rr /usr/bin/mosquitto_rr
COPY --from=mosquitto_builder /usr/local/bin/mosquitto_sub /usr/bin/mosquitto_sub

RUN ldconfig;

EXPOSE 1883 1884

ENTRYPOINT ["/usr/bin/tini", "--"]
CMD [ "/usr/sbin/mosquitto" ,"-c", "/mosquitto/config/mosquitto.conf" ]