Fix broker connectivity: support scoped IPv6 link-local addresses

Add optional broker_ip and broker_tls_name config fields so the TCP dial target can be a scoped IPv6 address (fe80::...%eth0) while TLS certificate verification still uses the broker hostname. Also revert to alpine/static build; CGO was not needed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-10 08:17:30 +02:00
parent d59b3fd0cd
commit 2dcfaeacb7
2 changed files with 17 additions and 2 deletions
--- a/main.go
+++ b/main.go
@@ -49,6 +49,8 @@ type DeviceConfig struct {

 type Config struct {
 	Broker        string         `json:"broker"`
+	BrokerIP      string         `json:"broker_ip"`       // optional: scoped IPv6 dial address (e.g. fe80::1%eth0)
+	BrokerTLSName string         `json:"broker_tls_name"` // optional: TLS ServerName when broker_ip is set
 	Port          int            `json:"port"`
 	ClientID      string         `json:"client_id"`
 	TopicPrefix   string         `json:"topic_prefix"`
@@ -354,8 +356,21 @@ func main() {
 		log.Fatalf("TLS setup: %v", err)
 	}

+	// broker_ip overrides the TCP dial target (needed for IPv6 link-local with scope).
+	// broker_tls_name sets the TLS ServerName so certificate verification still uses the hostname.
+	if cfg.BrokerIP != "" {
+		tlsCfg.ServerName = cfg.BrokerTLSName
+		if tlsCfg.ServerName == "" {
+			tlsCfg.ServerName = cfg.Broker
+		}
+	}
+
 	h := newHandler(cfg)
-	brokerURL := fmt.Sprintf("ssl://%s:%d", cfg.Broker, cfg.Port)
+	dialTarget := cfg.Broker
+	if cfg.BrokerIP != "" {
+		dialTarget = "[" + cfg.BrokerIP + "]"
+	}
+	brokerURL := fmt.Sprintf("ssl://%s:%d", dialTarget, cfg.Port)
 	topic := cfg.TopicPrefix + "/#"

 	opts := mqtt.NewClientOptions().