Mosquitto

Mosquitto is an open source MQTT message broker written in C. It also provides the tools mosquitto_sub and mosquitto_pub for subscription and publication.


License

All relevant legal information can be found here

Prerequisites

If you want to use Mosquitto with a custom domain you need to set it up first:

[isabell@stardust ~]$ uberspace web domain list
isabell.uber.space
[isabell@stardust ~]$

Installation

Luckily, Mosquitto is preinstalled on Uberspace hosts. We just need to configure it (see below).

Configuration

We’re setting up the broker to be reachable via a dedicated TCP port (as opposed to MQTT over WebSockets). The communication will be secured using TLS encryption and password authentication.

Copy default config

Copy the default (preinstalled) configuration to ~/etc/mosquitto.

[isabell@stardust ~]$ mkdir -p ~/etc/mosquitto/
[isabell@stardust ~]$ cp /etc/mosquitto/mosquitto.conf ~/etc/mosquitto/
[isabell@stardust ~]$

Open firewall port

To make the application accessible from the outside, open a port in the firewall:

[isabell@stardust ~]$ uberspace port add
Port 40132 will be open for TCP and UDP traffic in a few minutes.
[isabell@stardust ~]$

Update config

Uncomment and update the following configuration values in ~/etc/mosquitto/mosquitto.conf. Update certfile and keyfile to match the domain certificates you want to use Mosquitto with. The last two values ensure that only registered users are allowed.

cafile /etc/ssl/certs/ca-bundle.crt
certfile /home/isabell/etc/certificates/isabell.uber.space.crt
keyfile /home/isabell/etc/certificates/isabell.uber.space.key
port 40132
allow_anonymous false
password_file /home/isabell/etc/mosquitto/passwd

Create user(s)

Create a password file for the first user. To add more users, omit -c, which creates (overwrites) the given file.

[isabell@stardust ~]$ mosquitto_passwd -c ~/etc/mosquitto/passwd isabell
Password: [hidden]
Reenter password: [hidden]
[isabell@stardust ~]$

Finishing installation

Setup daemon

Create the file ~/etc/services.d/mosquitto.ini with the following content:

[program:mosquitto]
command=mosquitto -c %(ENV_HOME)s/etc/mosquitto/mosquitto.conf
autostart=yes
autorestart=yes
startsecs=30 ; prevent broken service from looping

After creating the configuration, tell supervisord to refresh its configuration and start the service:

[isabell@stardust ~]$ supervisorctl reread
SERVICE: available
[isabell@stardust ~]$ supervisorctl update
SERVICE: added process group
[isabell@stardust ~]$ supervisorctl status
SERVICE                            RUNNING   pid 26020, uptime 0:03:14
[isabell@stardust ~]$

Automate certificate reloading

To ensure Mosquitto uses the latest certificates, restart the service monthly, e.g. by creating a cron job via crontab -e.

@monthly supervisorctl restart mosquitto > /dev/null

Test

Note

Note that the following commands expose your password to anyone who can view running processes, so use only with test data!

Subscription

After successful subscription, incoming messages as well as pings are printed to the command line. Quit with CTRL+C.

[isabell@stardust ~]$ mosquitto_sub --host isabell.uber.space --port 40132 --topic isabellstesttopic --tls-version tlsv1.2 --cafile /etc/ssl/certs/ca-bundle.crt --username isabell --pw yoursecretpassword --debug
Client mosq-XXXXXXXXXXXXXXXXXX sending CONNECT
Client mosq-XXXXXXXXXXXXXXXXXX received CONNACK (0)
Client mosq-XXXXXXXXXXXXXXXXXX sending SUBSCRIBE (Mid: 1, Topic: isabellstesttopic/, QoS: 0, Options: 0x00)
Client mosq-XXXXXXXXXXXXXXXXXX received SUBACK
Subscribed (mid: 1): 0
Client mosq-XXXXXXXXXXXXXXXXXX sending PINGREQ
Client mosq-XXXXXXXXXXXXXXXXXX received PINGRESP
^C
[isabell@stardust ~]$

Publication

[isabell@stardust ~]$ mosquitto_pub --message "Hello world" --host isabell.uber.space --port 40132 --topic isabellstesttopic --tls-version tlsv1.2 --cafile /etc/ssl/certs/ca-bundle.crt --username isabell --pw yoursecretpassword --debug
Client mosq-XXXXXXXXXXXXXXXXXX sending CONNECT
Client mosq-XXXXXXXXXXXXXXXXXX received CONNACK (0)
Client mosq-XXXXXXXXXXXXXXXXXX sending PUBLISH (d0, q0, r0, m1, 'isabellstesttopic/', ... (11 bytes))
Client mosq-XXXXXXXXXXXXXXXXXX sending DISCONNECT
[isabell@stardust ~]$

Tested with Mosquitto 1.6.10, Uberspace 7.7.9.0

Written by: André Birke <https://github.com/abirke>, Tim Hetkämper <https://github.com/transistortim>