Saturday, April 13, 2024
HomeHow toHow to Install Mosquitto MQTT Server on Ubuntu 22.04

How to Install Mosquitto MQTT Server on Ubuntu 22.04

Mosquitto is a free, open-source, and lightweight server implementation of the MQTT protocol. It is designed for all devices, from low-power single-board computers to full servers. MQTT works on top of the TCP/IP protocol and uses your existing Internet home network to send messages to your IoT devices and respond to those messages. It is written in C language which makes it fast and more efficient than other MQTT brokers.

This post will show you how to install the Mosquitto server on Ubuntu 22.04.

Prerequisites

  • A server running Ubuntu 22.04.
  • A root password is configured on your server.

Install Required Dependencies

Before starting, it is recommended to update and upgrade all system packages to the updated version. You can update them by running the following command:

apt update -y
apt upgrade -y

After upgrading all the packages, run the following command to install the other required packages:

apt-get install curl gnupg2 wget git apt-transport-https ca-certificates -y

Once all the required packages are installed, you can proceed to the next step.

Install Mosquitto Server

By default, the Mosquitto package is not available in the Ubuntu 22.04 default repo. So you will need to add Mosquitto’s official repository to the APT. You can add it with the following command:

add-apt-repository ppa:mosquitto-dev/mosquitto-ppa -y

Once the repository is added to APT, you can install it with the following command:

apt install mosquitto mosquitto-clients -y

Once the installation has been completed, you can verify the Mosquitto status with the following command:

systemctl status mosquitto

You should see the following output:

? mosquitto.service - Mosquitto MQTT Broker
     Loaded: loaded (/lib/systemd/system/mosquitto.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-12-06 04:50:33 UTC; 8s ago
       Docs: man:mosquitto.conf(5)
             man:mosquitto(8)
    Process: 5491 ExecStartPre=/bin/mkdir -m 740 -p /var/log/mosquitto (code=exited, status=0/SUCCESS)
    Process: 5492 ExecStartPre=/bin/chown mosquitto:mosquitto /var/log/mosquitto (code=exited, status=0/SUCCESS)
    Process: 5493 ExecStartPre=/bin/mkdir -m 740 -p /run/mosquitto (code=exited, status=0/SUCCESS)
    Process: 5494 ExecStartPre=/bin/chown mosquitto:mosquitto /run/mosquitto (code=exited, status=0/SUCCESS)
   Main PID: 5495 (mosquitto)
      Tasks: 1 (limit: 2242)
     Memory: 1.3M
        CPU: 23ms
     CGroup: /system.slice/mosquitto.service
             ??5495 /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf

Dec 06 04:50:32 ubuntu2204 systemd[1]: Starting Mosquitto MQTT Broker...
Dec 06 04:50:33 ubuntu2204 systemd[1]: Started Mosquitto MQTT Broker.

Create MQTT Administrative Password

For security reasons, it is recommended to configure password authentication for MQTT.

Let’s set up an admin user and password with the following command:

mosquitto_passwd -c /etc/mosquitto/passwd hitesh

Set a password as shown below:

Password: 
Reenter password: 

Next, edit the MQTT configuration file and define the port and password file.

nano /etc/mosquitto/conf.d/default.conf

Add the following lines:

listener 1883
password_file /etc/mosquitto/passwd

Save and close the file then restart the Mosquitto service to apply the changes.

systemctl restart mosquitto

How to Use MQTT to Send and Receive Message

You will need to use the Mosquitto client to connect to the Mosquitto server and then send and receive messages on different topics.

Before sending and receiving messages, you will need to subscribe to a topic. You can use one of the following topics in home automation applications.

  • home/lights/sitting_room
  • home/lights/kitchen
  • home/lights/master_bedroom
  • home/lights/kids_bedroom

Let’s run the following command to subscribe to the home/lights/kids_bedroom topic.

mosquitto_sub -u hitesh -P password -t "home/lights/kids_bedroom"

Next, open the new terminal interface and publish a message to the home/lights/kids_bedroom topic with the following command.

mosquitto_pub -u hitesh -P password -m "ON" -t "home/lights/kids_bedroom"

On the first terminal, you will get ON payload:

ON

Now, go to the second terminal and send the OFF message on the same topic.

mosquitto_pub -u hitesh -P password -m "OFF" -t "home/lights/kids_bedroom"

You should see the following message on the first terminal:

ON
OFF

Once you are done, you can proceed to the next step.

Secure Mosquitto with Let’s Encrypt SSL

To secure Mosquitto with SSL, you will need to install the Certbot client package to your server.

First, install the Snap package manager using the following command:

apt install snapd

Next, update the Snap package using the following command:

snap install core 
snap refresh core

Next, install the Certbot package with the following command:

snap install --classic certbot

Next, create a symbolic link of the Certbot binary to the system location.

ln -s /snap/bin/certbot /usr/bin/certbot

Next, run the following command to generate an SSL certificate.

certbot certonly --standalone --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d mosquitto.linuxbuz.com

You should see the following output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for mosquitto.linuxbuz.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/mosquitto.linuxbuz.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/mosquitto.linuxbuz.com/privkey.pem
This certificate expires on 2023-03-06.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

You can see all generated certificate files using the following command:

ls /etc/letsencrypt/live/mosquitto.linuxbuz.com/

You will get the following output:

cert.pem  chain.pem  fullchain.pem  privkey.pem  README

Next, generate Diffie-Hellman certificate using the following command:

openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Once you are finished, you can proceed to the next step.

Configure MQTT to Use Let’s Encrypt SSL

First, copy all generated certificates to the Mosquitto directory using the following command:

cp /etc/letsencrypt/live/mosquitto.linuxbuz.com/fullchain.pem /etc/mosquitto/certs/server.pem
cp /etc/letsencrypt/live/mosquitto.linuxbuz.com/privkey.pem /etc/mosquitto/certs/server.key

Next, set proper ownership to the Mosquitto certificate.

chown -R mosquitto: /etc/mosquitto/certs

Next, edit the Mosquitto configuration file and define the Let’s Encrypt SSL.

nano /etc/mosquitto/conf.d/default.conf

Add the following lines:

listener 8883
certfile /etc/mosquitto/certs/server.pem
cafile  /etc/ssl/certs/ISRG_Root_X1.pem
keyfile /etc/mosquitto/certs/server.key
dhparamfile /etc/ssl/certs/dhparam.pem

Save and close the file then restart the Mosquitto service to apply the changes.

systemctl restart mosquitto

Next, verify the Mosquitto connection using the following command:

mosquitto_pub -h mosquitto.linuxbuz.com -t "home/lights/kids_bedroom" -m "hello" -p 8883 --capath /etc/ssl/certs/ -u hitesh -P password

Once you are done, you can proceed to test the Mosquitto connection via web browser.

Configure Mosquitto Websockets

Next, you will need to configure Websockets to use the MQTT protocol from within browsers. You can enable it by editing the Mosquitto default configuration file:

nano /etc/mosquitto/conf.d/default.conf

Add the following lines:

listener 8083
protocol websockets
certfile /etc/mosquitto/certs/server.pem
cafile  /etc/ssl/certs/ISRG_Root_X1.pem
keyfile /etc/mosquitto/certs/server.key
dhparamfile /etc/ssl/certs/dhparam.pem

Save and close the file then restart the Mosquitto service to apply the changes.

systemctl restart mosquitto

Next, open your terminal interface and run the following command:

mosquitto_sub -u hitesh -P password -t "home/lights/kids_bedroom"

Now, open your web browser and use the browser-based MQTT client to test the WebSockets functionality. You should see the following screen:

Provide your Mosquitto server host, port, username, password, and click on the Connect button. You should see the following screen:

Now, type any topic, message then click on the Publish button.

Next, go back to the terminal interface. You should see your published message in the following output:

Hi

Conclusion

In this post, we explained how to install the Mosquitto server and secure it with Let’s Encrypt SSL on Ubuntu 22.04. We also test the Mosquitto via a browser-based client. Feel free to ask me if you have any questions.


RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here


spot_img

Most Popular