Mosquitto
Mosquitto is an open source MQTT message broker written in C. It also provides the tools mosquitto_sub
and mosquitto_pub
for subscription and publication.
License
All relevant legal information can be found here
Prerequisites
If you want to use Mosquitto with a custom domain you need to set it up first:
[isabell@stardust ~]$ uberspace web domain list
isabell.uber.space
[isabell@stardust ~]$
Installation
Luckily, Mosquitto is preinstalled on Uberspace hosts. We just need to configure it (see below).
Configuration
We’re setting up the broker to be reachable via a dedicated TCP port (as opposed to MQTT over WebSockets). The communication will be secured using TLS encryption and password authentication.
Copy default config
Copy the default (preinstalled) configuration to ~/etc/mosquitto
.
[isabell@stardust ~]$ mkdir -p ~/etc/mosquitto/
[isabell@stardust ~]$ cp /etc/mosquitto/mosquitto.conf ~/etc/mosquitto/
[isabell@stardust ~]$
Open firewall port
To make the application accessible from the outside, open a port in the firewall:
[isabell@stardust ~]$ uberspace port add
Port 40132 will be open for TCP and UDP traffic in a few minutes.
[isabell@stardust ~]$
Update config
Uncomment and update the following configuration values in ~/etc/mosquitto/mosquitto.conf
.
Update certfile
and keyfile
to match the domain certificates you want to use Mosquitto with.
The last two values ensure that only registered users are allowed.
cafile /etc/ssl/certs/ca-bundle.crt
certfile /home/isabell/etc/certificates/isabell.uber.space.crt
keyfile /home/isabell/etc/certificates/isabell.uber.space.key
port 40132
allow_anonymous false
password_file /home/isabell/etc/mosquitto/passwd
Create user(s)
Create a password file for the first user. To add more users, omit -c
, which creates (overwrites) the given file.
[isabell@stardust ~]$ mosquitto_passwd -c ~/etc/mosquitto/passwd isabell
Password: [hidden]
Reenter password: [hidden]
[isabell@stardust ~]$
Finishing installation
Setup daemon
Create the file ~/etc/services.d/mosquitto.ini
with the following content:
[program:mosquitto]
command=mosquitto -c %(ENV_HOME)s/etc/mosquitto/mosquitto.conf
autostart=yes
autorestart=yes
startsecs=30 ; prevent broken service from looping
After creating the configuration, tell supervisord to refresh its configuration and start the service:
[isabell@stardust ~]$ supervisorctl reread
SERVICE: available
[isabell@stardust ~]$ supervisorctl update
SERVICE: added process group
[isabell@stardust ~]$ supervisorctl status
SERVICE RUNNING pid 26020, uptime 0:03:14
[isabell@stardust ~]$
Automate certificate reloading
To ensure Mosquitto uses the latest certificates, restart the service monthly, e.g. by creating a cron job via crontab -e
.
@monthly supervisorctl restart mosquitto > /dev/null
Test
Note
Note that the following commands expose your password to anyone who can view running processes, so use only with test data!
Subscription
After successful subscription, incoming messages as well as pings are printed to the command line. Quit with CTRL+C
.
[isabell@stardust ~]$ mosquitto_sub --host isabell.uber.space --port 40132 --topic isabellstesttopic --tls-version tlsv1.2 --cafile /etc/ssl/certs/ca-bundle.crt --username isabell --pw yoursecretpassword --debug
Client mosq-XXXXXXXXXXXXXXXXXX sending CONNECT
Client mosq-XXXXXXXXXXXXXXXXXX received CONNACK (0)
Client mosq-XXXXXXXXXXXXXXXXXX sending SUBSCRIBE (Mid: 1, Topic: isabellstesttopic/, QoS: 0, Options: 0x00)
Client mosq-XXXXXXXXXXXXXXXXXX received SUBACK
Subscribed (mid: 1): 0
Client mosq-XXXXXXXXXXXXXXXXXX sending PINGREQ
Client mosq-XXXXXXXXXXXXXXXXXX received PINGRESP
^C
[isabell@stardust ~]$
Publication
[isabell@stardust ~]$ mosquitto_pub --message "Hello world" --host isabell.uber.space --port 40132 --topic isabellstesttopic --tls-version tlsv1.2 --cafile /etc/ssl/certs/ca-bundle.crt --username isabell --pw yoursecretpassword --debug
Client mosq-XXXXXXXXXXXXXXXXXX sending CONNECT
Client mosq-XXXXXXXXXXXXXXXXXX received CONNACK (0)
Client mosq-XXXXXXXXXXXXXXXXXX sending PUBLISH (d0, q0, r0, m1, 'isabellstesttopic/', ... (11 bytes))
Client mosq-XXXXXXXXXXXXXXXXXX sending DISCONNECT
[isabell@stardust ~]$
Tested with Mosquitto 1.6.10, Uberspace 7.7.9.0
Written by: André Birke <https://github.com/abirke>, Tim Hetkämper <https://github.com/transistortim>