Mosquitto Message Queuing Telemetry Transport (MQTT) is a robust, open-source message broker that facilitates the implementation of MQTT protocol version 3.1 and version 3.1.1. It is a lightweight application that offers convenient methods of relaying messages via a publish/subscribe model.
The tool is designed for use on different types of IoT devices including low-power, single board machines, and full servers.
This tutorial will help you install and set up Mosquitto MQTT on your Ubuntu 18.04 server.
Before You Start
To implement Mosquitto MQTT flawlessly, you will require the following:
- A unique domain name pointing to the server. This guide will utilize the domain name mqtt.mydomain.com.
- Unused port 80 on your Ubuntu 18.04 server.
Step 1 - Installing MosQuitto MQTT
The first thing when installing this software is to deploy a custom repository that will enable you to install the most recent Certbot version. Execute the command below to accomplish this:
$ sudo add-apt-repository ppa:certbot/certbot
Select ENTER to confirm the installation. Next, run the command below to install Certbot and Mosquitto:
$ sudo apt install certbot mosquitto mosquitto-clients
Step 2 - Getting The SSL Certificate
Once, the software is installed, you can fetch the SSL certificates. But first, run the command below to allow port 80 in the firewall:
$ sudo ufw allow 80
Then, use the command below to instruct Certbot to look for the certificate.
$ sudo certbot certonly --standalone --preferred-challenges http -d mqtt.mydomain.com
Note: Remember to replace mqtt.mydomian.com with your specific domain name.
When prompted to provide your email address, enter your official email and accept the terms. Once that is done, you will receive a message confirming the success of the process. You will also be told where the certificate was stored.
Now, you can proceed with installation and configure Mosquitto MQTT to use the SSL certificates.
Step 3 - Setting Up Mosquitto MQTT
The first thing when configuring Mosquitto MQTT to use the SSL certificate is to create the password file using the mosquitto_passwd command. This file will be located in the directory; /etc/mosquitto/passwd, and it makes it easy for Mosquitto to verify all connections.
$ sudo mosquitto_passwd -c /etc/mosquitto/passwd your-username
Upon request, enter your password twice. Next, run the command below to open the new Mosquitto configuration file:
$ sudo nano /etc/mosquitto/conf.d/default.conf
This file should be empty. Now, add the content below to this file:
allow_anonymousfalse password_file /etc/mosquitto/passwd listener 1883 localhost listener 8883 certfile /etc/letsencrypt/live/mqtt.mydomain.com/cert.pem cafile /etc/letsencrypt/live/mqtt.mydomain.com/chain.pem keyfile /etc/letsencrypt/live/mqtt.mydomain.com/privkey.pem listener 8083 protocol websockets certfile /etc/letsencrypt/live/mqtt.mydomain.com/cert.pem cafile /etc/letsencrypt/live/mqtt.maydomain.com/chain.pem keyfile /etc/letsencrypt/live/mqtt.mydomain.com/privkey.pem
Save and exit the file, then run the command below to restart Mosquitto and allow the changes to take effect.
$ sudo systemctl restart mosquitto
Next, execute the command below to check the status of Mosquitto:
$ sudo systemctl status mosquitto
This will give you an output like the one below:
●mosquitto.service- LSB: mosquittoMQTTv3.1messagebroker Loaded: loaded(/etc/init.d/mosquitto;generated) Active: active(running)sinceMon2018-08-1714:03:42UTC;2min39sago Docs: man:systemd-sysv-generator(8) Process: 6683ExecStop=/etc/init.d/mosquittostop(code=exited,status=0/SUCCESS) Process: 6699ExecStart=/etc/init.d/mosquittostart(code=exited,status=0/SUCCESS) Tasks: 1(limit:1152) CGroup: /system.slice/mosquitto.service └─6705/usr/sbin/mosquitto-c/etc/mosquitto/mosquitto.conf
If Mosquitto is not active (running), check the configuration file, then start the Mosquitto again.
Now, run the command below to view additional information in the Mosquitto’s log file:
$ sudo tail /var/log/mosquitto/mosquitto.log
If everything is okay, run the commands below to allow port 8883 and 8083:
$ sudo ufw allow 8883 $ sudo ufw allow 8083
That is it! Mosquitto is fully configured. However, our installation is not yet complete; we need to set up Certbot to always restart Mosquitto whenever the certificates are renewed.
Step 4 - Setting Up Certibot Renewals
Certbot is designed to renewal SSL certificates prior to their expiration date. However, Certbot is not configured to restart Mosquitto once the certificates are renewed.
Run the command below to open the conf file for Certbot renewal:
$ sudo nano /etc/letsencrypt/renewal/mqtt.mydomain.com.conf
We’ll add a renew_hook to the final line of this configuration file:
renew_hook = systemctl restart mosquitto
Save the file and exit nano. Next, run the command below to check if the syntax is correct:
$ sudo certbot renew --dry-run
If there are no errors, then the setup is okay.
Step 5 - Verifying The MosQuitto MQTT
First, run the command below to subscribe to a test topic on your localhost listener:
$ mosquitto_sub -h localhost -t test -u "your-user" -P "your-password"
Next, publish the test topic with the mosquitto_pub:
$ mosquitto_pub -h localhost -t test -m "hello world" -u "your-user" -P "your-password"
Alternatively, if you want to subscribe via a secured lister on the port 8883, then execute the command below:
$ mosquitto_sub -h mqtt.mydomain.com -t test -p 8883 --capath /etc/ssl/certs/ -u "your-username" -P "your-password"
Next, run the command below to publish:
$ mosquitto_pub -h mqtt.mydomain.com -t test -m "hello world" -p 8883 --capath /etc/ssl/certs/ -u "your-username" -P "your-password"
Enter the details as below:
- Host: Enter the Mosquitto server domain name
- Port: 8083
- ClinetId: Don't change the default value
- Path: Leave it as it is
- Username: Enter the username as provided in step three
- Password: Provide the password created in step three
Leave all the other fields to the default values. Press Connect to content the client to your Ubuntu server, then, use the Subscribe button to subscribe and Publish Message button to publish the message.
That’s all! You have successfully installed and configured Mosquitto MQTT message broker on your Ubuntu 18.04 system. You can now leverage the power of this messaging platform to implement your home automation, IoT, and other similar projects.