Eclipse Mosquitto is a free, open-source, and lightweight server implementation of the MQTT protocol. It caters to a range of devices, from low-power single-board computers to full servers. Operating on top of the TCP/IP protocol, MQTT efficiently utilizes your existing Internet home network to communicate with IoT devices and handle their messages. Written in C, Mosquitto is known for its speed and efficiency compared to other MQTT brokers.
This guide will walk you through the process of installing the Mosquitto server on Ubuntu 22.04.
Prerequisites
- A server running Ubuntu 22.04.
- A root password configured on your server.
Install Required Dependencies
Before proceeding, it is advisable to update and upgrade all system packages to their latest versions. Use the following command to update your system:
apt update -y apt upgrade -y
After upgrading, install the necessary packages with:
apt-get install curl gnupg2 wget git apt-transport-https ca-certificates -y
With all dependencies installed, proceed to the next step.
Install Mosquitto Server
The Mosquitto package is not available in the default Ubuntu 22.04 repositories. Therefore, you’ll need to add Mosquitto’s official repository using this command:
add-apt-repository ppa:mosquitto-dev/mosquitto-ppa -y
After adding the repository, install Mosquitto with:
apt install mosquitto mosquitto-clients -y
Verify the installation by checking the service status:
systemctl status mosquitto
You should see output similar to:
? mosquitto.service - Mosquitto MQTT Broker
Loaded: loaded (/lib/systemd/system/mosquitto.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-12-06 04:50:33 UTC; 8s ago
...
Create MQTT Administrative Password
For enhanced security, configure password authentication for MQTT.
Create an admin user and password:
mosquitto_passwd -c /etc/mosquitto/passwd admin
Enter a password as prompted.
Edit the MQTT configuration file to define the port and password file:
nano /etc/mosquitto/conf.d/default.conf
Add these lines:
listener 1883
password_file /etc/mosquitto/passwd
Save and close the file, then restart the Mosquitto service:
systemctl restart mosquitto
Using MQTT to Send and Receive Messages
Utilize the Mosquitto client to connect to the server for message transactions on various topics.
Subscribe to a topic, such as home/lights/kids_bedroom:
mosquitto_sub -u admin -P password -t "home/lights/kids_bedroom"
In a new terminal, publish a message to the same topic with:
mosquitto_pub -u admin -P password -m "ON" -t "home/lights/kids_bedroom"
The first terminal displays:
ON
Send another message:
mosquitto_pub -u admin -P password -m "OFF" -t "home/lights/kids_bedroom"
The terminal output updates to:
ON OFF
Secure Mosquitto with Let’s Encrypt SSL
To secure Mosquitto with SSL, install the Certbot client on your server.
First, install Snap:
apt install snapd
Update Snap core:
snap install core snap refresh core
Then, install Certbot:
snap install --classic certbot
Create a symlink to the Certbot binary:
ln -s /snap/bin/certbot /usr/bin/certbot
Generate an SSL certificate:
certbot certonly --standalone --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m your-email@example.com -d mosquitto.example.com
Confirm generation with:
ls /etc/letsencrypt/live/mosquitto.example.com/
Generate a Diffie-Hellman certificate:
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Configure MQTT to Use Let’s Encrypt SSL
Copy all certificates to the Mosquitto directory:
cp /etc/letsencrypt/live/mosquitto.example.com/fullchain.pem /etc/mosquitto/certs/server.pem cp /etc/letsencrypt/live/mosquitto.example.com/privkey.pem /etc/mosquitto/certs/server.key
Set appropriate certificate ownership:
chown -R mosquitto: /etc/mosquitto/certs
Edit the Mosquitto configuration file to include:
nano /etc/mosquitto/conf.d/default.conf
Add these lines:
listener 8883
certfile /etc/mosquitto/certs/server.pem
cafile /etc/ssl/certs/ISRG_Root_X1.pem
keyfile /etc/mosquitto/certs/server.key
dhparamfile /etc/ssl/certs/dhparam.pem
Restart Mosquitto:
systemctl restart mosquitto
Test the Mosquitto connection:
mosquitto_pub -h mosquitto.example.com -t "home/lights/kids_bedroom" -m "hello" -p 8883 --capath /etc/ssl/certs/ -u admin -P password
Configure Mosquitto Websockets
Enable Websockets by editing the default configuration:
nano /etc/mosquitto/conf.d/default.conf
Include the following:
listener 8083
protocol websockets
certfile /etc/mosquitto/certs/server.pem
cafile /etc/ssl/certs/ISRG_Root_X1.pem
keyfile /etc/mosquitto/certs/server.key
dhparamfile /etc/ssl/certs/dhparam.pem
Restart the service:
systemctl restart mosquitto
In your terminal, subscribe to a topic:
mosquitto_sub -u admin -P password -t "home/lights/kids_bedroom"
Use a browser-based MQTT client to test Websockets. You should see a screen like this:
Provide your Mosquitto server details and click Connect:
Publish a message and see it reflected in your terminal.
Hi
Conclusion
This guide covered the installation of the Mosquitto server and securing it with Let’s Encrypt SSL on Ubuntu 22.04, followed by testing Mosquitto using a browser-based client. For further queries, feel free to reach out.
FAQ
What is Mosquitto?
Mosquitto is an open-source, lightweight MQTT broker suitable for devices ranging from low-power computers to full servers.
Why use SSL with Mosquitto?
SSL ensures encrypted communication, enhancing the security of data transmitted between clients and the Mosquitto server.
How can I test MQTT messages?
Use the Mosquitto client for testing, by subscribing and publishing messages to specific topics.
Can Mosquitto work with web browsers?
Yes, with WebSockets configured, Mosquitto can send and receive messages from web-based MQTT clients.