Versions Compared

Old Version 21

changes.mady.by.user Gill Houghton

Saved on

compared with

New Version Current

changes.mady.by.user Gill Houghton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
http://<server-url>:8080

The default When installed on Linux, Windows or deployed via Azure Marketplace, the default User login credentials are:

Code Block
username: admin
password: password

When deployed via AWS Marketplace, the default User login credentials are:

Code Block
username: admin
password: EC instance ID for example: i-0049ac1e13e558b70


The Chariot MQTT Server Web UI provides multiple configuration pages on the left navigation panel.

...

  • Username
    • A unique username for the Chariot User (required).
  • Password
    • A secure password for the Chariot User that will be used to log into the Chariot Web UI (required).
  • Email
    • An email address associated with the Chariot User (optional).
  • First Name
    • A first name associated with the Chariot User (optional).
  • Last Name
    • A last name associated with the Chariot User (optional).
  • Roles
    • A list of Chariot Roles associated with the Chariot User.
Note
By default, a User with the Username admin and Password password will be created

The "Add" button in the bottom right of the form can be clicked to create the User.

...

  • Username
    • A unique username that an MQTT client will use when connecting.
  • Password
    • A secure password that an MQTT client will use when connecting.
  • Publish Topics
    • A list of MQTT topic filters that the client is allowed to publish on (wildcards may be used).
  • Subscribe Topics
    • A list of MQTT topic filters that the client is allowed to subscribe on (wildcards may be used).
Note

By default, two default MQTT Credentials are created:

Username admin Password changeme

Username anonymous Password changeme 


The "Add" button in the bottom right of the form can be clicked to create the Credential.

...

The "Update" button in the bottom right can be clicked to update the Credential once all changes have been made.


Anchor
MQTT Server Configuration
MQTT Server Configuration

MQTT Server

The MQTT Server page contains two tabs: Configuration and Bridging.

Anchor
MQTTServerConfiguration
MQTTServerConfiguration
Configuration

The configuration tab is a simple form used to configure the MQTT Server.Image Added

Image Removed

The form contains the following fields:

  • Enable Non-secure
    • Whether to enable non-secure client connections over plain TCP.
  • Non-secure Port
    • The port that the MQTT Server will listen on for non-secure connections.
  • Enable Secure
    • Whether to enable Secure client connections over SSL/TLS.
  • Secure Port
    • The port that the MQTT Server will listen on for secure connections.
  • Enable WebSocket
    • Whether to enable non-secure client connections over WebSockets.
  • WebSocket Port
    • The port that the MQTT Server will listen on for non-secure WebSocket connections.
  • Enable Secure WebSocket
    • Whether to enable secure client connections over WebSockets.
  • Secure WebSocket Port
    • The port that the MQTT Server will listen on for secure WebSocket connections.
  • Bind Address
    • The address that the MQTT Server will listen on for MQTT connections.
  • Allow Anonymous
    • Whether to allow anonymous connections (no username and password).
  • Anonymous MQTT CredentialsBind Address
    • The address that the MQTT Server will listen on for MQTT connections.MQTT Credentials to use for anonymous client's ACLs

The "Update" button in the bottom right can be clicked to update the MQTT Server configuration once all changes have been made.  An update will restart the MQTT server.

Anchor
MQTTServerBridging
MQTTServerBridging
Bridging

Info
titleWarning

Note MQTT bridging is not compatible with Sparkplug. Bridging should only be used for non-Sparkplug related MQTT messages.

A Bridge Client allows you to connect Chariot to another MQTT Server to share messages between the two servers. The shared messages can be restricted by topic filters to only share a subset of messages flowing through either of the servers.

A common usage is to connect edge MQTT brokers to a central or remote broker.

When enabled on Chariot, the Bridge Client becomes an MQTT client to the other MQTT Server. This client publishes messages, flowing through Chariot, to the other broker. It also subscribes on topics with the other broker to receive messages and deliver them to subscribed clients connected to Chariot.

Note
Bridging is supported in release 2.3.0 forward

Image Added

To edit an existing bridge client, select the client from the UI. To add a new bridge client , select Add Bridge Client.

Image Added

The form contains the following fields:

  • Name
    • A unique name for the bridge connection.
  • Enabled
    • Sets the enable state of the bridge connection.
  • Username
    • Optional username for connecting to the server.
  • Address
    • The server address.
  • Port
    • The server port.
  • Use TLS
      • Whether the bridge connection will be using SSL/TLS.
    Note

    By default Chariot comes with an empty truststore file clientcerts.jks which overrides the JVM cacerts truststore. If TLS is enabled, the following lines will need to be removed from the <Chariot_install_directory>/conf/com.cirruslink.chariot.system config file:

    • trustStoreFile="security/clientcerts.jks"
    • trustStorePassword="secretpassword"

    If the signer of the SSL/TLS cert installed on the remote MQTT Server is an external, commercial CA (e.g., DigiCert) the bridge client should successfully connect over TLS once you update the config file and restart Chariot.

    If the signer of the SSL/TLS cert installed on the remote MQTT Server is an internal, non-commercial, you will need to add your Root CA cert to the JVMs cacerts trust store and restart Chariot.


  • Client ID
    • The MQTT client ID to use for connecting to the server.
  • Keep Alive
    • The MQTT keep alive time in seconds.
  • Clean Session
    • Whether to connect with a clean session.
  • Allow Retained
    • Whether the retained message flag is allowed on messages published to the server.
  • Try Private
    • Whether the client should attempt to indicate to the server that it is a bridge client.
    • This feature helps to detect message loopback, but is only supported by some MQTT servers and may need to be disabled in order to connect.
  • Sub Topics
    • The topics filters that will be subscribed on by the bridge client.
    • The topic filters are of the form <topic>:<qos> or just <topic>.
  • Pub Topics
    • The topics filters that will be published on by the bridge client. These are used to restrict/filter which messages (flowing through Chariot) are published to the remote server,
    • The topic filters are of the form <topic>:<qos> or just <topic>.

The "Update" button in the bottom right can be clicked to update the MQTT Server Bridging configuration once all changes have been made

Anchor
License Configuration
License Configuration

...

The License page allows for adding, activating, and/or deactivating a Chariot License. A detailed tutorial for licensing Chariot can be found here Licensing Procedure.

Note
If you have deployed Chariot through AWS Marketplace or Azure Marketplace, then no additional steps are required - your license is already installed and activated.

Upload License

A Chariot License is represented by a text file which contains a license key.  The file can either be dragged/dropped into the "Upload License" form, or the license text can be pasted directly into the form.

...

The System page allows for the configuration of the Chariot MQTT Server's system settings as well as enabling secure (SSL/TLS) connections and uploading certificates.  A detailed tutorial for setting up SSL/TLS can be found here: Securing Chariot® MQTT Server

Configuration

The System page uses the following form to configure the system settings:

...

The certificates tab provides the means to upload the necessary certificates and keys for setting up SSL/TLS.

Warning
Self-signed certificates should not be used in a production environment on a public network.

The Certificates tab contains the following fields:

...