Using Mutual TLS for Agents

You can configure protocol-mapper agents to use mutual TLS (mTLS) for secure communication with Connectware. In the following example setup, the agent connects via MQTT over a secure TLS connection (port 8883), requiring both client and CA certificates for mutual authentication. This approach ensures that both the server and the client verify each other's identities, adding an extra layer of security.

Additionally, the control plane connection will use mTLS, requiring a change to CYBUS_CONTROLPLANE_URI, using the nats:// scheme as well as port 4222.

The example shows how to configure environment variables such as CYBUS_CONTROLPLANE_URI, CYBUS_MQTT_SCHEME, CYBUS_MQTT_PORT, and USE_MUTUAL_TLS. It also explains how to mount certificates using Docker volumes to ensure secure communication between the agent and the server.

version: '2.0'
services:
    protocol-mapper-agent:
        image: registry.cybus.io/cybus/protocol-mapper:${IMAGE_TAG}
        environment:
            CYBUS_AGENT_MODE: distributed
            CYBUS_AGENT_NAME: myAgent
            CYBUS_MQTT_SCHEME: mqtts
            CYBUS_MQTT_HOST: 10.11.12.13
            CYBUS_MQTT_PORT: '8883'
            CYBUS_CONTROLPLANE_URI: nats://10.11.12.13:4222
            USE_MUTUAL_TLS: true
        volumes:
            - protocol-mapper-agent:/data
            - /mycerts:/connectware/certs/client
            - /myca:/connectware/certs/ca
        restart: unless-stopped
        network_mode: host
        hostname: <some-suitable-hostname>
volumes:
    protocol-mapper-agent:

PreviousInstalling Agents via Kubernetes NextRegistering Agents in Connectware

Last updated 22 days ago

Was this helpful?