Mosquitto is a free, open-source, and lightweight server implementation of the MQTT protocol. It is designed for all devices, from low-power single-board computers to full servers. MQTT works on top of the TCP/IP protocol and uses your existing Internet home network to send messages to your IoT devices and respond to those messages. It is written in C language which makes it fast and more efficient than other MQTT brokers.
This post will show you how to install the Mosquitto server on Ubuntu 22.04.
Prerequisites
- A server running Ubuntu 22.04.
- A root password is configured on your server.
Install Required Dependencies
Before starting, it is recommended to update and upgrade all system packages to the updated version. You can update them by running the following command:
apt update -y
apt upgrade -y
After upgrading all the packages, run the following command to install the other required packages:
apt-get install curl gnupg2 wget git apt-transport-https ca-certificates -y
Once all the required packages are installed, you can proceed to the next step.
Install Mosquitto Server
By default, the Mosquitto package is not available in the Ubuntu 22.04 default repo. So you will need to add Mosquitto’s official repository to the APT. You can add it with the following command:
add-apt-repository ppa:mosquitto-dev/mosquitto-ppa -y
Once the repository is added to APT, you can install it with the following command:
apt install mosquitto mosquitto-clients -y
Once the installation has been completed, you can verify the Mosquitto status with the following command:
systemctl status mosquitto
You should see the following output:
? mosquitto.service - Mosquitto MQTT Broker
Loaded: loaded (/lib/systemd/system/mosquitto.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-12-06 04:50:33 UTC; 8s ago
Docs: man:mosquitto.conf(5)
man:mosquitto(8)
Process: 5491 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 5492 ExecStartPre=/bin/chown mosquitto:mosquitto /var/log/mosquitto (code=exited, status=0/SUCCESS)
Process: 5493 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto (code=exited, status=0/SUCCESS)
Process: 5494 ExecStartPre=/bin/chown mosquitto:mosquitto /run/mosquitto (code=exited, status=0/SUCCESS)
Main PID: 5495 (mosquitto)
Tasks: 1 (limit: 2242)
Memory: 1.3M
CPU: 23ms
CGroup: /system.slice/mosquitto.service
??5495 /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
Dec 06 04:50:32 ubuntu2204 systemd[1]: Starting Mosquitto MQTT Broker...
Dec 06 04:50:33 ubuntu2204 systemd[1]: Started Mosquitto MQTT Broker.
Create MQTT Administrative Password
For security reasons, it is recommended to configure password authentication for MQTT.
Let’s set up an admin user and password with the following command:
mosquitto_passwd -c /etc/mosquitto/passwd hitesh
Set a password as shown below:
Password: Reenter password:
Next, edit the MQTT configuration file and define the port and password file.
nano /etc/mosquitto/conf.d/default.conf
Add the following lines:
listener 1883 password_file /etc/mosquitto/passwd
Save and close the file then restart the Mosquitto service to apply the changes.
systemctl restart mosquitto
How to Use MQTT to Send and Receive Message
You will need to use the Mosquitto client to connect to the Mosquitto server and then send and receive messages on different topics.
Before sending and receiving messages, you will need to subscribe to a topic. You can use one of the following topics in home automation applications.
- home/lights/sitting_room
- home/lights/kitchen
- home/lights/master_bedroom
- home/lights/kids_bedroom
Let’s run the following command to subscribe to the home/lights/kids_bedroom topic.
mosquitto_sub -u hitesh -P password -t "home/lights/kids_bedroom"
Next, open the new terminal interface and publish a message to the home/lights/kids_bedroom topic with the following command.
mosquitto_pub -u hitesh -P password -m "ON" -t "home/lights/kids_bedroom"
On the first terminal, you will get ON payload:
ON
Now, go to the second terminal and send the OFF message on the same topic.
mosquitto_pub -u hitesh -P password -m "OFF" -t "home/lights/kids_bedroom"
You should see the following message on the first terminal:
ON OFF
Once you are done, you can proceed to the next step.
Secure Mosquitto with Let’s Encrypt SSL
To secure Mosquitto with SSL, you will need to install the Certbot client package to your server.
First, install the Snap package manager using the following command:
apt install snapd
Next, update the Snap package using the following command:
snap install core
snap refresh core
Next, install the Certbot package with the following command:
snap install --classic certbot
Next, create a symbolic link of the Certbot binary to the system location.
ln -s /snap/bin/certbot /usr/bin/certbot
Next, run the following command to generate an SSL certificate.
certbot certonly --standalone --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d mosquitto.linuxbuz.com
You should see the following output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Requesting a certificate for mosquitto.linuxbuz.com Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/mosquitto.linuxbuz.com/fullchain.pem Key is saved at: /etc/letsencrypt/live/mosquitto.linuxbuz.com/privkey.pem This certificate expires on 2023-03-06. These files will be updated when the certificate renews. Certbot has set up a scheduled task to automatically renew this certificate in the background. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - If you like Certbot, please consider supporting our work by: * Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate * Donating to EFF: https://eff.org/donate-le - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You can see all generated certificate files using the following command:
ls /etc/letsencrypt/live/mosquitto.linuxbuz.com/
You will get the following output:
cert.pem chain.pem fullchain.pem privkey.pem README
Next, generate Diffie-Hellman certificate using the following command:
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Once you are finished, you can proceed to the next step.
Configure MQTT to Use Let’s Encrypt SSL
First, copy all generated certificates to the Mosquitto directory using the following command:
cp /etc/letsencrypt/live/mosquitto.linuxbuz.com/fullchain.pem /etc/mosquitto/certs/server.pem
cp /etc/letsencrypt/live/mosquitto.linuxbuz.com/privkey.pem /etc/mosquitto/certs/server.key
Next, set proper ownership to the Mosquitto certificate.
chown -R mosquitto: /etc/mosquitto/certs
Next, edit the Mosquitto configuration file and define the Let’s Encrypt SSL.
nano /etc/mosquitto/conf.d/default.conf
Add the following lines:
listener 8883 certfile /etc/mosquitto/certs/server.pem cafile /etc/ssl/certs/ISRG_Root_X1.pem keyfile /etc/mosquitto/certs/server.key dhparamfile /etc/ssl/certs/dhparam.pem
Save and close the file then restart the Mosquitto service to apply the changes.
systemctl restart mosquitto
Next, verify the Mosquitto connection using the following command:
mosquitto_pub -h mosquitto.linuxbuz.com -t "home/lights/kids_bedroom" -m "hello" -p 8883 --capath /etc/ssl/certs/ -u hitesh -P password
Once you are done, you can proceed to test the Mosquitto connection via web browser.
Configure Mosquitto Websockets
Next, you will need to configure Websockets to use the MQTT protocol from within browsers. You can enable it by editing the Mosquitto default configuration file:
nano /etc/mosquitto/conf.d/default.conf
Add the following lines:
listener 8083 protocol websockets certfile /etc/mosquitto/certs/server.pem cafile /etc/ssl/certs/ISRG_Root_X1.pem keyfile /etc/mosquitto/certs/server.key dhparamfile /etc/ssl/certs/dhparam.pem
Save and close the file then restart the Mosquitto service to apply the changes.
systemctl restart mosquitto
Next, open your terminal interface and run the following command:
mosquitto_sub -u hitesh -P password -t "home/lights/kids_bedroom"
Now, open your web browser and use the browser-based MQTT client to test the WebSockets functionality. You should see the following screen:
Provide your Mosquitto server host, port, username, password, and click on the Connect button. You should see the following screen:
Now, type any topic, message then click on the Publish button.
Next, go back to the terminal interface. You should see your published message in the following output:
Hi
Conclusion
In this post, we explained how to install the Mosquitto server and secure it with Let’s Encrypt SSL on Ubuntu 22.04. We also test the Mosquitto via a browser-based client. Feel free to ask me if you have any questions.
