wirabasalamah/Qris-Soundbox
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Prepare QF100 pilot and Debian app deploy

Browse Source
This commit is contained in:
Wira Basalamah
2026-06-04 11:20:16 +07:00
parent 648e77cee9
commit 8a2e202606
17 changed files with 1135 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
18-mqtt-broker-mosquitto-debian13.md
View File

@ -1,6 +1,6 @@
# MQTT Broker Mosquitto on Debian 13
Panduan operasional untuk menyiapkan broker MQTT awal platform QRIS Soundbox di Debian 13 dengan subdomain `mqtt.iptek.co`.
Panduan operasional untuk menyiapkan broker MQTT awal platform QRIS Soundbox di Debian 13 dengan subdomain `broker.bizone.id`.
Keputusan arsitektur terkait:
- `D-026`: broker MQTT sungguhan ditunda sampai infrastruktur siap; simulator/outbox tetap dipakai selama transisi.
@ -9,7 +9,7 @@ Keputusan arsitektur terkait:
## Target Setup
- Broker: Eclipse Mosquitto.
- Domain: `mqtt.iptek.co`.
- Domain: `broker.bizone.id`.
- MQTT TLS publik: `8883/tcp`.
- MQTT local-only: `1883/tcp` pada `127.0.0.1`.
- TLS: Let's Encrypt.
@ -19,10 +19,10 @@ Keputusan arsitektur terkait:
## DNS dan Paket
Pastikan DNS `mqtt.iptek.co` sudah mengarah ke public IP server.
Pastikan DNS `broker.bizone.id` sudah mengarah ke public IP server.
```bash
dig +short mqtt.iptek.co
dig +short broker.bizone.id
curl -4 ifconfig.me
```
@ -55,7 +55,7 @@ Jangan buka `1883/tcp` ke internet. Listener `1883` hanya untuk localhost/intern
Ambil sertifikat Let's Encrypt:
```bash
sudo certbot certonly --standalone -d mqtt.iptek.co
sudo certbot certonly --standalone -d broker.bizone.id
```
Copy sertifikat ke lokasi yang bisa dibaca Mosquitto:
@ -64,11 +64,11 @@ Copy sertifikat ke lokasi yang bisa dibaca Mosquitto:
sudo install -d -o root -g mosquitto -m 750 /etc/mosquitto/certs
sudo install -o root -g mosquitto -m 640 \
/etc/letsencrypt/live/mqtt.iptek.co/fullchain.pem \
/etc/letsencrypt/live/broker.bizone.id/fullchain.pem \
/etc/mosquitto/certs/fullchain.pem
sudo install -o root -g mosquitto -m 640 \
/etc/letsencrypt/live/mqtt.iptek.co/privkey.pem \
/etc/letsencrypt/live/broker.bizone.id/privkey.pem \
/etc/mosquitto/certs/privkey.pem
```
@ -84,7 +84,7 @@ Isi:
#!/usr/bin/env bash
set -euo pipefail
DOMAIN="mqtt.iptek.co"
DOMAIN="broker.bizone.id"
install -o root -g mosquitto -m 640 \
"/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" \
@ -206,7 +206,7 @@ Terminal 1, subscribe sebagai backend:
```bash
mosquitto_sub \
-h mqtt.iptek.co \
-h broker.bizone.id \
-p 8883 \
-u qris-backend \
-P 'PASSWORD_BACKEND' \
@ -218,7 +218,7 @@ Terminal 2, publish sebagai device:
```bash
mosquitto_pub \
-h mqtt.iptek.co \
-h broker.bizone.id \
-p 8883 \
-u DEVICE_UUID_FROM_PLATFORM \
-P 'PASSWORD_DEVICE' \
@ -230,7 +230,7 @@ Test ACL negatif:
```bash
mosquitto_pub \
-h mqtt.iptek.co \
-h broker.bizone.id \
-p 8883 \
-u DEVICE_UUID_FROM_PLATFORM \
-P 'PASSWORD_DEVICE' \
@ -260,7 +260,7 @@ Saat adapter broker sungguhan dipasang ke platform:
```env
MQTT_PUBLISH_MODE=broker
MQTT_BROKER_URL=mqtts://mqtt.iptek.co:8883
MQTT_BROKER_URL=mqtts://broker.bizone.id:8883
MQTT_USERNAME=qris-backend
MQTT_PASSWORD=...
MQTT_CLIENT_ID=qris-platform-backend