Update mosquitto to version 2.1.2 (#4871)

2026-03-18 12:32:50 +01:00 · 2026-03-18 12:32:50 +01:00 · d7c93503a5
commit d7c93503a5
parent 15e500f928
5 changed files with 131 additions and 13 deletions
--- a/mosquitto/data/config/mosquitto.conf
+++ b/mosquitto/data/config/mosquitto.conf
@ -7,7 +7,6 @@ listener 1883
 # websockets listener (including webserver)
 listener 9001
 protocol websockets
-http_dir /mosquitto/www

 # security
 allow_anonymous true
--- a/mosquitto/data/nginx/default.conf
+++ b/mosquitto/data/nginx/default.conf
@ -0,0 +1,36 @@
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
+map $http_upgrade $upgrade_request {
+    default 1;
+    '' 0;
+}
+
+server {
+    listen 80;
+    server_name _;
+    root /usr/share/nginx/html;
+    index index.html;
+
+    location / {
+        error_page 418 = @websocket;
+
+        if ($upgrade_request = 1) {
+            return 418;
+        }
+
+        try_files $uri $uri/ /index.html;
+    }
+
+    location @websocket {
+        proxy_pass http://broker:9001;
+        proxy_http_version 1.1;
+        proxy_read_timeout 1d;
+        proxy_send_timeout 1d;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+}
--- a/mosquitto/docker-compose.yml
+++ b/mosquitto/docker-compose.yml
@ -2,11 +2,11 @@ services:

  app_proxy:
    environment:
-      APP_HOST: mosquitto_broker_1
-      APP_PORT: 9001
+      APP_HOST: mosquitto_web_1
+      APP_PORT: 80

  broker:
-    image: eclipse-mosquitto:2.0.22@sha256:75042dd2dd262dff9eb29c47da26d8ee57211a7bc6fc51bae55badc5fc9f6724
+    image: eclipse-mosquitto:2.1.2-alpine@sha256:9cfdd46ad59f3e3e5f592f6baf57ab23e1ad00605509d0f5c1e9b179c5314d87
    restart: on-failure
    ports:
      - '1883:1883'
@ -14,5 +14,13 @@ services:
      - ${APP_DATA_DIR}/data/config:/mosquitto/config:rw
      - ${APP_DATA_DIR}/data/mosquitto:/mosquitto/data:rw
      - ${APP_DATA_DIR}/data/log:/mosquitto/log:rw
-      - ${APP_DATA_DIR}/data/www:/mosquitto/www:r
    user: "1000:1000"
+
+  web:
+    image: nginx:1.27@sha256:124b44bfc9ccd1f3cedf4b592d4d1e8bddb78b51ec2ed5056c52d3692baebc19
+    restart: on-failure
+    depends_on:
+      - broker
+    volumes:
+      - ${APP_DATA_DIR}/data/www:/usr/share/nginx/html:ro
+      - ${APP_DATA_DIR}/data/nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
--- a/mosquitto/hooks/pre-start
+++ b/mosquitto/hooks/pre-start
@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+APP_DIR="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")/..")"
+APP_DATA_DIR="${APP_DIR}/data"
+
+NGINX_CONFIG_DIR="${APP_DATA_DIR}/nginx"
+NGINX_CONFIG_FILE="${NGINX_CONFIG_DIR}/default.conf"
+MOSQUITTO_CONFIG_FILE="${APP_DATA_DIR}/config/mosquitto.conf"
+
+NGINX_MARKER_REGEX='^# Umbrel Mosquitto canonical nginx.conf 17-Mar-2026$'
+LEGACY_HTTP_DIR_LINE='http_dir /mosquitto/www'
+
+mkdir -p "${NGINX_CONFIG_DIR}"
+
+if [[ ! -f "${NGINX_CONFIG_FILE}" ]] || ! grep -qx "${NGINX_MARKER_REGEX}" "${NGINX_CONFIG_FILE}"; then
+  echo "Updating nginx configuration file for Mosquitto."
+  cat >"${NGINX_CONFIG_FILE}" <<'EOF'
+# Umbrel Mosquitto canonical nginx.conf 17-Mar-2026
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
+map $http_upgrade $upgrade_request {
+    default 1;
+    '' 0;
+}
+
+server {
+    listen 80;
+    server_name _;
+    root /usr/share/nginx/html;
+    index index.html;
+
+    location / {
+        error_page 418 = @websocket;
+
+        if ($upgrade_request = 1) {
+            return 418;
+        }
+
+        try_files $uri $uri/ /index.html;
+    }
+
+    location @websocket {
+        proxy_pass http://broker:9001;
+        proxy_http_version 1.1;
+        proxy_read_timeout 1d;
+        proxy_send_timeout 1d;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+    }
+}
+EOF
+fi
+
+if [[ -f "${MOSQUITTO_CONFIG_FILE}" ]] && grep -qxF "${LEGACY_HTTP_DIR_LINE}" "${MOSQUITTO_CONFIG_FILE}"; then
+  echo "Removing legacy http_dir configuration from mosquitto.conf."
+  sed -i '\|^http_dir /mosquitto/www$|d' "${MOSQUITTO_CONFIG_FILE}"
+fi
--- a/mosquitto/umbrel-app.yml
+++ b/mosquitto/umbrel-app.yml
@ -1,9 +1,9 @@
-manifestVersion: 1
+manifestVersion: 1.1
 id: mosquitto
 name: Mosquitto
 tagline: An open source MQTT broker
 category: automation
-version: "2.0.22"
+version: "2.1.2"
 port: 9021
 description: >-
  Eclipse Mosquitto is an open source (EPL/EDL licensed) message broker that implements the MQTT protocol versions 5.0, 3.1.1 and 3.1. Mosquitto is lightweight and is suitable for use on all devices from low power single board computers to full servers.
@ -24,12 +24,25 @@ gallery:
  - 2.jpg
  - 3.jpg
 releaseNotes: >-
-  This update includes several bug fixes and improvements:
-    - Improved bridge functionality and idle timeout handling
-    - Fixed problems with message queuing and client disconnections
-    - Resolved compilation and linking issues on various platforms
-    - Enhanced websockets support, including secure websockets
-    - Improved memory management and error handling
+  This is a major new release with many new features and improvements:
+    - Added built-in WebSockets support that no longer requires libwebsockets
+    - Added support for PROXY protocol v1 and v2
+    - Added broker-created topic aliases for MQTT v5
+    - Added new `global_plugin`, `global_max_clients`, and `global_max_connections` options
+    - Added `accept_protocol_versions` option to limit which MQTT versions are allowed per listener
+    - Added `--test-config` option to validate configuration before going live
+    - Added support for PUID/PGID environment variables for setting user/group privileges
+    - Added `bridge_receive_maximum` and `bridge_session_expiry_interval` options for MQTT v5 bridges
+    - Improved idle performance by reducing unnecessary process wakeups
+    - Added new acl-file, password-file, persist-sqlite, and sparkplug-aware plugins
+    - Dynamic security plugin now generates an initial configuration if none is present
+    - ⚠️ `max_packet_size` now defaults to 2,000,000 bytes instead of 256MB - update your config if you use large payloads
+    - ⚠️ The `acl_file` and `password_file` options are deprecated in favour of the new plugins
+    - ⚠️ Support for TLS v1.1 has been removed
+    - ⚠️ Support for OpenSSL versions older than 3.0 has been removed
+    - Fixed PUID/PGID checking for Docker
+    - Fixed persistence plugin conflict when used alongside `persistence true`
+    - Various build fixes including missing libedit in Docker builds


  Full release notes can be found at https://mosquitto.org/blog/