We have discussed about Basic MQTT on previous section, now we will continue on MQTT Broker implementation using Mosquitto Broker.
Eclipse Mosquitto is an open source (EPL/EDL licensed) message broker that implements the MQTT protocol versions 5.0, 3.1.1 and 3.1. Mosquitto is lightweight and is suitable for use on all devices from low power single board computers to full servers.
The MQTT protocol provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for Internet of Things messaging such as with low power sensors or mobile devices such as phones, embedded computers or microcontrollers.
Mosquitto installation
pi@raspberry:~ $ sudo apt update pi@raspberry:~ $ sudo apt install -y mosquitto mosquitto-clients pi@raspberry:~ $ sudo systemctl enable mosquitto.service
MQTT Authentication
1. Unauthenticated Access
To configure unauthenticated access, use the allow_anonymous
option:
listener 1883
allow_anonymous true
It is valid to allow anonmous and authenticated access on the same broker. In particular the dynamic security plugin allows you to assign different rights to anonymous users than to authenticated users, which may be useful for read-only access to data for example.
2. Password Files
Password files are a simple mechanism of storing usernames and passwords in a single file. They are good if you have a relatively small number of fairly static users.
To create a password file, use the mosquitto_passwd
utility, use the line below. You will be asked for the password.
Note that -c
means an existing file will be overwritten:
mosquitto_passwd -c <password file> <username>
To add more users to an existing password file, or to change the password for an existing user, leave out the -c
argument:
mosquitto_passwd <password file> <username>
To remove a user from a password file:
mosquitto_passwd -D <password file> <username>
You can also add/update a username and password in a single line, but be aware that this means the password is visible on the command line and in any command history:
mosquitto_passwd <password file> <username> <password>
Configuring the broker
If you are using the per_listener_settings true
option to have separate security settings per listener, you must place the password file option after the listener it is for:
listener 1883
password_file /etc/mosquitto/password_file
Testing Mosquito
Subscribe to test topic
pi@raspberrypi:~ $ mosquitto_sub -d -t test Client mosqsub|1991-raspberryp sending CONNECT Client mosqsub|1991-raspberryp received CONNACK (0) Client mosqsub|1991-raspberryp sending SUBSCRIBE (Mid: 1, Topic: test, QoS: 0) Client mosqsub|1991-raspberryp received SUBACK Subscribed (mid: 1): 0
Publish message to test topic
Open another console to publish the message
pi@raspberrypi:~ $ mosquitto_pub -d -t test -m "Hello World" Client mosqpub|2039-raspberryp sending CONNECT Client mosqpub|2039-raspberryp received CONNACK (0) Client mosqpub|2039-raspberryp sending PUBLISH (d0, q0, r0, m1, 'test', ... (11 bytes)) Client mosqpub|2039-raspberryp sending DISCONNECT
on Subscribe windows you will see the Hello World message
Client mosqsub|2038-raspberryp received PUBLISH (d0, q0, r0, m0, 'test', ... (11 bytes)) Hello World