SonarQube can be installed in multiple ways. I prefer Docker Compose because it allows you to run multiple containers easily. It uses Docker, so there is no need to install and maintain versions of packages/libraries. Below is a sample docker-compose.yaml

services:
  sonarqube:
    image: sonarqube:community
    read_only: true
    volumes:
      - sonarqube_data:/opt/sonarqube/data
      - sonarqube_extensions:/opt/sonarqube/extensions
      - sonarqube_logs:/opt/sonarqube/logs
      - sonarqube_temp:/opt/sonarqube/temp
    ports:
      - "9000:9000"
    networks:
      - sonar-network
    environment:
      SONAR_JDBC_URL: jdbc:{database-url}  
      SONAR_JDBC_USERNAME: XXXXXXXXXX
      SONAR_JDBC_PASSWORD: "XXXXXXXX"
      SONAR_WEB_PORT: 9000
      SONAR_AUTH_JWTBASE64HS256SECRET: "XXXXXXXXXXXXXXXXXXXXX"
      VIRTUAL_HOST: sonarqube.yourdomain.com
      VIRTUAL_PORT: 9000
      LETSENCRYPT_HOST: sonarqube.yourdomain.com

  proxy:
    image: nginxproxy/nginx-proxy:1.6
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - certs:/etc/nginx/certs:ro
      - html:/usr/share/nginx/html
      - conf:/etc/nginx/conf.d
    environment:
      VIRTUAL_HOST: sonarqube.yourdomain.com
      VIRTUAL_PORT: 9000
    networks:
      - sonar-network
      - sonar-public

  acme-companion:
    image: nginxproxy/acme-companion
    container_name: nginx-proxy-acme
    environment:
      - DEFAULT_EMAIL=dev@yourdomain.co
    volumes_from:
      - proxy
    volumes:
      - certs:/etc/nginx/certs:rw
      - acme:/etc/acme.sh
      - /var/run/docker.sock:/var/run/docker.sock:ro
    networks:
    - sonar-public

volumes:
  sonarqube_data:
  sonarqube_extensions:
  sonarqube_logs:
  sonarqube_temp:
  certs:
  html:
  conf:
  acme:

networks:
  sonar-network:
    ipam:
      driver: default
      config:
        - subnet: 172.28.2.0/24
  sonar-public:
    driver: bridge

This configuration uses an external database (such as GCP Cloud SQL or AWS RDS) and allows you to access SonarQube using HTTPS. The acme-companion service handles auto-renewal of the SSL certificates using Let's Encrypt.

AWS IoT core uses MQTT over TLS. This ensures encrypted data is sent between your devices or applications and the cloud. We need to use the certificates to establish the TLS connection. If you look in the config file of the library, you will find the following lines

// The TLS settings used for the connection. Must match the specified port.
'tls' => [
    'enabled' => env('MQTT_TLS_ENABLED', false),
    'allow_self_signed_certificate' => env('MQTT_TLS_ALLOW_SELF_SIGNED_CERT', false),
    'verify_peer' => env('MQTT_TLS_VERIFY_PEER', true),
    'verify_peer_name' => env('MQTT_TLS_VERIFY_PEER_NAME', true),
    'ca_file' => env('MQTT_TLS_CA_FILE'),
    'ca_path' => env('MQTT_TLS_CA_PATH'),
    'client_certificate_file' => env('MQTT_TLS_CLIENT_CERT_FILE'),
    'client_certificate_key_file' => env('MQTT_TLS_CLIENT_CERT_KEY_FILE'),
    'client_certificate_key_passphrase' => env('MQTT_TLS_CLIENT_CERT_KEY_PASSPHRASE'),
],

We must provide the path to the certificates so the library can use them when connecting to the cloud. The certificates should be stored in a directory where your application has read access. Also, do not commit the certificates to your repository as it can pose a security risk. You should upload them to the server manually or add a step to your CI to upload the certificates to your servers. Add the following lines to your .env file.

MQTT_TLS_ENABLED=true
MQTT_TLS_CA_FILE=/path-to/AmazonRootCA1.pem 
MQTT_TLS_CLIENT_CERT_FILE=/path-to/device_monitor.pem.crt
MQTT_TLS_CLIENT_CERT_KEY_FILE=/path-to/device_monitor-private.pem.key

We also need to know the host and the port of the MQTT broker. Navigate to AWS IoT > Settings page to find the MQTT host for your account.

There are multiple ways to connect to IoT Core as shown in the table below. Since we are using X.509 client certificate and MQTT, we will use port 8883

The table was taken from https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html

We also specified in the device policy that the client ID should be the same as the thing name. The following lines should be added to the .env file

MQTT_HOST=xxxxxxxxxxxxxxxxxxxxx.amazonaws.com
MQTT_PORT=8883
MQTT_CLIENT_ID=device_monitor

Subscribing to a topic

We can use the code from my previous article to subscribe to a topic. We can only subscribe to topics that were defined in the policy. IoT core will close the connection if we attempt to subscribe to topics, not in the device policy.

<?php

namespace App\Console\Commands;

use Illuminate\Console\Command;
use PhpMqtt\Client\Facades\MQTT;

class SubscribeToTopic extends Command
{
    /**
     * The name and signature of the console command.
     *
     * @var string
     */
    protected $signature = 'mqtt:subscribe';

    /**
     * The console command description.
     *
     * @var string
     */
    protected $description = 'Subscribe To MQTT topic';

    /**
     * Execute the console command.
     *
     * @return int
     */
    public function handle()
    {
        $mqtt = MQTT::connection();
        $mqtt->subscribe('devices/+/status', function(string $topic, string $message) {
            echo sprintf('Received message on topic [%s]: %s',$topic, $message);
        });

        $mqtt->loop(true);
        return Command::SUCCESS;
    }
}

Run the php artisan mqtt:subscribe command in your terminal then, navigate to AWS IoT > MQTT test client and click on the Publish to a topic tab. Use devices/001/status for the topic, enter any message you want as the payload and click the publish button.

Publishing a message

Let's create a command to query the devices for their status

<?php

namespace App\Console\Commands;

use Illuminate\Console\Command;
use PhpMqtt\Client\Facades\MQTT;

class QueryStatus extends Command
{
    /**
     * The name and signature of the console command.
     *
     * @var string
     */
    protected $signature = 'mqtt:query-status';

    /**
     * The console command description.
     *
     * @var string
     */
    protected $description = 'Query device status';

    /**
     * Execute the console command.
     */
    public function handle()
    {
        $command = [
            'cmd' => 'status'
        ];

        $mqtt = MQTT::connection();

        $mqtt->publish(
            'devices/002/query',
            json_encode($command)
        );
    }
}

To test this, navigate to AWS IoT > MQTT test client and click the Subscribe to a topic tab. Subscribe to the topic devices/+/query and run php artisan mqtt:query-status in your terminal.

Note that, publishing to a topic not in the policy will cause IoT core to terminate the connection.

Unlike other MQTT brokers such as Mosquitto, IoT Core requires that you define the topics that devices would be allowed to subscribe, publish messages to and receive data from. This is called a policy. A policy is associated with a thing and gives it the permissions defined in the policy document. We will use two topics in our policy. A topic to send commands to the device and another to receive data from the device.

One thing to note is that the AWS IoT core has a different notation when specifying wildcards in your MQTT topic. You can read more about this here. To summarise, you should use * and ? for wildcards instead of + and #.

Before connecting to IoT Core over MQTT, we must create a policy and a thing.

Create a policy

1. Log in to your AWS console and search for IoT Core in the search bar at the top right.

1. Navigate to Manage > Security > Policies and click the Create Policy button.

1. Give your policy a name. I will be using DevicePolicy. In the policy statement section below, select the JSON view and paste the JSON below into the text box.

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": "iot:Connect",
          "Resource": "arn:aws:iot:us-east-1:*:client/${iot:Connection.Thing.ThingName}"
        },
        {
          "Effect": "Allow",
          "Action": "iot:Subscribe",
          "Resource": "arn:aws:iot:us-east-1:*:topicfilter/devices/*/status"
        },
        {
          "Effect": "Allow",
          "Action": "iot:Publish",
          "Resource": "arn:aws:iot:us-east-1:*:topic/devices/*/query"
        },
        {
          "Effect": "Allow",
          "Action": "iot:Receive",
          "Resource": "arn:aws:iot:us-east-1:*:topic/devices/*/status"
        }
      ]
    }
   

   

   

   The iot:Connect action allows devices to connect to the MQTT broker. Two devices with the same client ID cannot connect to the broker simultaneously. The variable iot:Connection.Thing.ThingName is a placeholder for the client ID. You must use the thing name when connecting to the MQTT broker. You can find a breakdown of all the IoT core policy actions here and example policies here.

2. Click on the Create button on your bottom left to save the policy.

If you ever encounter the error The action failed because the input is not valid. Policy cannot be created - size exceeds hard limit (2048), which means you have too many topics. You have to consolidate some of your topics into one or create an extra policy to handle some of your topics.

Create a thing

1. Navigate to Manage > All Devices > Things and click the Create Things button.

   

2. Select Create Single Thing and click on the Next button.

   

3. Give the thing a name. I will be using device_monitor. Then, scroll down and click on the Next button.

   

4. Select Auto-generate a new certificate and click on the Next button.

   

5. Select DevicePolicy from the list of policies and click on the Create Thing button.

   

6. Download the device certificate, public key, private key, and the Amazon Root Certificate CA 1

   

   You must download the device certificates at this step. You will not be able to download them after you close the pop-up.

In Part 2, I go over how to use the device certificates to connect a laravel application to AWS IoT core over MQTT.

When I started programming STM32 microcontrollers, I got introduced to using a hardware debugger and the experience was surreal. The ability to step through my code line-by-line and see the values of registers and variables change in real-time made debugging a better experience. Most microcontroller platforms have some kind of hardware debugger that you can use. ESP32s have ESP-PROG, and STM32s have ST-LINK. If you have never tried using a hardware debugger before, I encourage you to treat yourself.

If you don't know where to get these programmers, you can read my previous article on how I source components in Ghana

I installed Mosquitto, a popular MQTT broker and MQTTX, an easy-to-use GUI MQTT client. I found a PHP library called PHP-MQTT that makes integrating MQTT into your Laravel project easy. The code I used to get data from the MQTT broker is quite simple.

<?php

namespace App\Console\Commands;

use Illuminate\Console\Command;
use PhpMqtt\Client\Facades\MQTT;

class SubscribeToTopic extends Command
{
    /**
     * The name and signature of the console command.
     *
     * @var string
     */
    protected $signature = 'mqtt:subscribe';

    /**
     * The console command description.
     *
     * @var string
     */
    protected $description = 'Subscribe To MQTT topic';

    /**
     * Execute the console command.
     *
     * @return int
     */
    public function handle()
    {
        $mqtt = MQTT::connection();
        $mqtt->subscribe('devices/+/status', function(string $topic, string $message) {
            echo sprintf('Received message on topic [%s]: %s',$topic, $message);
        });

        $mqtt->loop(true);
        return Command::SUCCESS;
    }
}

The code worked well locally, but I started thinking about how to run the command when deploying the project to production. My initial idea was to create a command and run it with Laravel's scheduler, but this approach did not work well.

The issue is that the command runs an infinite loop, causing the function to never return. Consequently, the scheduler creates multiple processes, all subscribed to the same topic. The code that runs when new data is received (e.g., storing the data in a database) will be executed multiple times, with the exact number depending on the number of processes created. To solve this problem, you can use a process monitor, such as supervisor, to run the command in the background and restart it if it crashes. I copied the configuration example for running the queue worker command from the Laravel documentation and edited it as follows:

[program:laravel-mqtt-subscriber]
process_name=%(program_name)s_%(process_num)02d
command=php /home/forge/app.com/artisan mqtt:subscribe
autostart=true
autorestart=true
stopasgroup=true
killasgroup=true
user=forge
numprocs=1
redirect_stderr=true
stdout_logfile=/home/forge/app.com/worker.log
stopwaitsecs=3600

The main point to note is that I changed the value of numprocs to 1 to prevent multiple processes from running the same command, which resolved the issue.

Arduino is a great platform to learn about electronics but I realised that it abstracted a lot of the details away and I wanted to learn about those more in-depth things that were hidden. The resources below helped me learn more about the inner workings of microcontrollers and they are beginner-friendly too

• Make: AVR Programming
  This book goes into the details of AVR microcontrollers and shows you how the peripherals like UART, I²C, etc. After completing this book, you will have a better understanding of the abstractions provided by Arduino

• Programming with STM32: Getting Started with the Nucleo Board and C/C++ by Donald Norris
  This book teaches you how about the STM32 family of microcontrollers. These microcontrollers are based on ARM Cortex-M and have a more complicated architecture than AVR microcontrollers. You can get the Nucleo boards from Aliexpress or if that is too expensive, you can follow along using the Bluepill STM32F103 which you can get locally in Ghana from
  Nauvitel Electronics
  OkuElectronics

I hope you enjoy your journey of learning the inner workings of microcontrollers as I did.

• Okuelectronics
• Geekelectronics
• AnyComponentLab
• Nauvitel Electronics

Although the shops above usually had the parts that I needed, I sometimes had to buy some parts from outside Ghana especially when I wanted to work on projects that used surface mount components. The main thing I looked for was cheap shipping since I don't buy in high volume and the site delivers products to Ghana. I found two sites that work for me

• LCSC
• Aliexpress

Note: You can sometimes order parts from Aliexpress that don't work. You should make sure to compare prices on Aliexpress to other sites and read the comments.