ExplainerHow ToIoT HardwaresIoT ProtocolsIoT Software&ToolsRaspberry PiTutorials/DIY

Mosquitto broker | Install Mosquitto in AWS, Raspberry Pi and Android

In this article we discuss Mosquitto Broker. Here you can find installation guide for AWS, Raspberry Pi and andriod devices.

What is a MQTT broker?

MQTT Broker is a central server or middle-ware which act as an interface between publisher & subscriber and used to collect the data from the publisher device and send it to the subscribers device. A device wants to send data to the broker, it is called a publisher and a device wants to receive data from the broker, it is called as subscriber

What is Mosquitto ?

Eclipse Mosquitto is an open source (EPL/EDL licensed) message broker that implements the MQTT protocol versions 3.1 and 3.1.1. It is one of the most famous MQTT broker. Its very easy to install and easy to use. It is lightweight and is suitable for use on all devices from low power single board computers to full servers. The MQTT protocol provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for Internet of Things messaging such as with low power sensors or mobile devices such as phones, embedded computers or microcontrollers. The Mosquitto project also provides a C library for implementing MQTT clients, and the very popular mosquitto_pub and mosquitto_sub command line MQTT clients. Its can be installed on Unix machines. It can be secured via SSL and passwords, which we will describe below.

Mosquitto is part of the Eclipse Foundation and is an iot.eclipse.org project.


Mosquitto is highly portable and available for a wide range of platforms. Go to the dedicated download page to find the source or binaries for your platform.

Mosquitto Public Test MQTT Broker

field value
address test.mosquitto.org
port 1883, 8883 (SSL), 8884 (SSL), 80 (WebSockets)
type mosquitto
info web page, Xively statistics, topics and HTTP bridge


How to install secure, robust Mosquitto MQTT broker on AWS Ubuntu

1. Install Mosquitto

Log into the AWS Ubuntu Instance.

$ sudo apt-get update

Install both the mosquitto broker and the publish / subscribe clients.

$ sudo apt-get install mosquitto mosquitto-clients

Example for subscribe:

$ mosquitto_sub -h localhost -t mychanel

Example for publish:

$ mosquitto_pub -h localhost -t mychanel "Hello World"

2. Enable Remote Access

To publish or subscribe using this broker from a remote machine, we need first open port 1883 in the security group setting. Using the AWS console, go to the security group and open port 1883 to everyone.

The default config file may permit connections from localhost only. The default conf file is can be opened

$ sudo vim /etc/mosquitto/conf.d/default.conf

The file should contain line following enable remote usage

listener 1883

Note that this port is currently unsecured, so if you don’t want to permit remote access:

listener 1883 localhost

Everytime you edit the conf file, you will have to restart the service for the settings to take effect.

$ sudo systemctl restart mosquitto

3. Robust MQTT

If MQTT broker crashed sometimes, disabling the real time communication. So we added a script that checked the state of the process and restarted Mosquitto in case it was down.

if [ "`ps -aux | grep /usr/sbin/mosquitto | wc -l`" == "1" ]


echo "mosquitto wasnt running so attempting restart" >> /home/ubuntu/cron.log

systemctl restart mosquitto

exit 0


echo "$SERVICE is currently running" >> /home/ubuntu/cron.log

exit 0

This can script can be saved in a file say ‘mosquitto_restart.sh’.

This file needs to be made an executable and then put in a cron job that runs every 5 minutes. The cron should be set as root.

$ chmod +x mosquitto_restart.sh

$ sudo  -i

$ crontab -e

Add the following statement

*/5 * * * * /home/ubuntu/mosquitto_restart.sh

Close cron tab. Now the script will execute every 5 minutes and restart mosquitto in case it is in active.

4. Setup SSL securityWe used letsencrypt certificates to secure our MQTT server. letsencrypt available free. The commands to install letencrypt certbot are as follows.

$ sudo add-apt-repository ppa:certbot/certbot

$ sudo apt-get update

$ sudo apt-get install certbot

The next step is to complete the HTTP challenge. To do that you need to assign a domain/subdomain e.g. mqtt.example.com to this IP address. You should also open the HTTP port 80 in the security group. The subdomain e.g. mqtt.example.com should already be added as record in DNS settings with your domain name provider.

$ sudo certbot certonly --standalone --standalone-supported-challenges http-01 -d mqtt.example.com

The above command run the HTTP challenge on its own. The option -standalone-supported-challenges http-01 specifies that it use the HTTP port 80 only, -d specifies the subdomain. You will be prompted to fill in your email address and agree to terms and conditions.

The certificates are permanent and need to renewed regularly. Such regular processes can set up using the cron as done in step 3. To setup cron run

$  sudo crontab -e

Add the above line to the cron tab. The post-hook statement will restart the broker if the certificates have been renewed.

45 4 * * * certbot renew --noninteractive --post-hook "systemctl restart mosquitto"

5. Configure Web Sockets

If your Angular / Javascript web application wants to communicate with MQTT, then web sockets needs to be enabled.  Open the configuration file

$ sudo vim /etc/mosquitto/conf.d/default.conf

Add the following lines to the file

listener 8083
protocol websockets
certfile /etc/letsencrypt/live/mqtt.example.com/cert.pem
cafile /etc/letsencrypt/live/mqtt.example.com/chain.pem
keyfile /etc/letsencrypt/live/mqtt.example.com/privkey.pem

Open up port 8083 in the security group for this instance, and restart the MQTT broker. You can now access the MQTT service on port 8083 using secure web sockets (WSS).

6. Enable Password Protection

I strongly recommend for Adding password protection to the MQTT.

$ sudo mosquitto_passwd -c /etc/mosquitto/passwd <user>

You will now be prompted to add a <password>

The password word is created and this needs to specified in the configuration file. So open the configuration file

$ sudo nano /etc/mosquitto/conf.d/default.conf

Add the following lines in the beginning of the file

allow_anonymous false

password_file /etc/mosquitto/passwd

Close the configuration file and restart the broker. You now need the specified user name and password to subscribe or publish on the MQTT broker.

$ mosquitto_sub -h localhost -t test -u "user" -P "password"

$ mosquitto_pub -h localhost -t "test" -m "hello world" -u "user" -P "password"

Complete Conf file for reference

A complete configuration file is given below for reference. It uses password protection, runs a MQTT on port 1883, MQTTS on port 1884, websockets on port 3033, and WSS on port 8083. Do not forget the open these ports in the security group.


allow_anonymous false

password_file /etc/mosquitto/passwd

listener 1883

listener 1884

certfile /etc/letsencrypt/live/mqtt.example.io/cert.pem

cafile /etc/letsencrypt/live/mqtt.example.io/chain.pem

keyfile /etc/letsencrypt/live/mqtt.example.io/privkey.pem      

listener 3033

protocol websockets

listener 8083 

protocol websockets

certfile /etc/letsencrypt/live/mqtt.example.io/cert.pem

cafile /etc/letsencrypt/live/mqtt.example.io/chain.pem

keyfile /etc/letsencrypt/live/mqtt.example.io/privkey.pem

Setting up Authentication in Mosquitto MQTT Broker

  1. Install the latest Mosquitto distribution.

Run following commands,

wget http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key
sudo apt-key add mosquitto-repo.gpg.key
cd /etc/apt/sources.list.d/
sudo wget http://repo.mosquitto.org/debian/mosquitto-wheezy.list
sudo apt-get update
sudo apt-get install mosquitto

2. If you have just installed the Mosquitto broker, make sure its stopped (to be in the safe side)

sudo stop mosquitto

3. Creating the new password file

Password file will contain your username and the encrypted password. Run the following command to create and add a user to this file.

sudo mosquitto_passwd -c /etc/mosquitto/passwd <user_name>

Then, you will be asked for your password twice, enter that too.

4. Now we have to give the location of the password file to the Mosquitto broker config file. So open the mosquitto.conf file using the following command,

sudo gedit /etc/mosquitto/mosquitto.conf

And add following two entries to the mosquitto.conf file,

password_file /etc/mosquitto/passwd
allow_anonymous false
  • “allow_anonymous false” is used to prevent, clients without username and password to connecting to the broker.

5. Now start the broker with the following command,

mosquitto -c /etc/mosquitto/mosquitto.conf

6. If you need to verify the authentication, you can use following command, (you have to install mosquitto clients to do this)

mosquitto_sub -h localhost -p 1883 -t myTopic -u <user_name> -P <password>

How to Install Mosquitto Broker on Raspberry Pi

After having your Raspberry Pi board prepared with Raspbian OS, you can continue with this tutorial. Let’s install the Mosquitto Broker.

if you have a Headless Pi and need guide for installation. visit this : Raspberry Pi Headless mode setup

Open a new Raspberry Pi terminal window:

To install the Mosquitto Broker enter these next commands:

pi@raspberry:~ $ sudo apt update
pi@raspberry:~ $ sudo apt install -y mosquitto mosquitto-clients

You’ll have to type Y and press Enter to confirm the installation. To make Mosquitto auto start on boot up enter:

pi@raspberry:~ $ sudo systemctl enable mosquitto.service

Testing Installation

Open terminal and write command:

pi@raspberry:~ $ mosquitto -v

This returns the Mosquitto version that is currently running in your Raspberry Pi.

Note: sometimes the command mosquitto -v prompts a warning message saying “Error: Address already in use“. That warning message means that your Mosquitto Broker is already running, so don’t worry about that.

How To Find IP Address

To use Mosquitto broker later on your projects, you’ll need your Raspberry Pi IP address. To retrieve your Raspberry Pi IP address, type the next command in your Terminal window:

pi@raspberry:~ $ hostname -I

In our case, the Raspberry Pi IP address is Save your Raspberry Pi IP address because you’ll need it in future projects.

How to setup a Mosquitto MQTT Server and receive data from OwnTracks

OwnTracks is an Open Source project which provides an iOS and an Android app with which your smartphone records its current location.

So OwnTracks is an open-source GPS location history logging service (the main components are apps for iPhone and Android.) OwnTracks takes care of sending the data, and recommends using Mosquitto as the framework on the receiving or “broker” side.

Know more about OwnTracks Visit this https://owntracks.org/booklet/

This is the process I went through to get a Mosquitto server up and receiving data on a DigitalOcean droplet, I customized the server for OwnTracks but most steps except config should apply for any use of Mosquitto server.


It runs on Raspberry Pi, so I figured a 512MB Ubuntu 14.04 x64 Droplet would be sufficient.

Create user “mosquitto”

Mosquitto wants to run as user mosquitto, adduser mosquitto

adduser mosquitto

Install Mosquitto

SSH into the droplet, do an update, and then install mosquitto dependencies

apt-get update
apt-get install build-essential libwrap0-dev libssl-dev libc-ares-dev uuid-dev xsltproc

You could try installing via apt-get, it didn’t work for me so I downloaded the latest release of mosquitto listed here: http://mosquitto.org/download/

cd /home/mosquitto
wget http://mosquitto.org/files/source/mosquitto-1.4.8.tar.gz
tar xvzf mosquitto-1.4.8.tar.gz
cd mosquitto-1.4.8

Run make to compile and make install to install

make install

Setup Mosquitto

Create a mosquitto user/password: the command below will create a user owntracks, you can change

mosquitto_passwd -c /etc/mosquitto/pwfile owntracks

you will be prompted to enter a password.

Create the directory where persistence db files will be stored, change owner to mosquitto:

mkdir /var/lib/mosquitto/
chown mosquitto:mosquitto /var/lib/mosquitto/ -R

Create a config file by copying the example file:

cp /etc/mosquitto/mosquitto.conf.example /etc/mosquitto/mosquitto.conf
editor /etc/mosquitto/mosquitto.conf

end of the config file, add a block of all suggested config changes specific to OwnTracks (replace <yourIP> with the IP address of the droplet)

listener 8883 <yourIP>
persistence true
persistence_location /var/lib/mosquitto/
persistence_file mosquitto.db
log_dest syslog
log_dest stdout
log_dest topic
log_type error
log_type warning
log_type notice
log_type information
connection_messages true
log_timestamp true
allow_anonymous false
password_file /etc/mosquitto/pwfile

Finally be sure to run:


Run/Test Mosquitto

Run the mosquitto server with this command:

mosquitto -c /etc/mosquitto/mosquitto.conf

It should start running without error, then in another window: Replace <YourIP> and <YourPassword> with your own stuff

mosquitto_sub -h <YourIP> -p 8883 -v -t 'owntracks/#' -u owntracks -P <YourPassword>

If everything went correctly you should see no errors executing this command, and in the window where mosquitto is running should acknowledge the connection. if so create an upstart file to autorun mosquitto:

vim /etc/init/mosquitto.conf


description "Mosquitto MQTT broker"
start on net-device-up
exec /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf

Now You have Mosquitto broker working, your next step is to Setup OwnTracks on your phone to speak to your broker – The TL;DR is you need to install the App, go to preferences, select PRIVATE mode, and set the connection details to match the IP, user, and password specs you just setup.

MQTT Broker on Android | How To Run Mosquitto MQTT Broker in Android

In this Tutorial we Run MQTT Broker a Android Smartphone. We will use Termux android app for this tutorial. If you Don;t know about Termux, Don’t Worry, I have a post related Termux Android app. Visit this : Termux- A Linux environment android app

If You are interested to run MQTT Broker on a ESP8266, Visit This: ESP8266 as a MQTT Broker | How To Make ESP8266 as a MQTT Broker

MQTT Broker on Android | Install Mosquitto on Android

Step 1 – Install Termux and Termux :API Android app

Using the Termux app in the app store makes it easy to run MQTT Broker on Android devices. You can get it from the Play Store. Install it, and run it.

Watch Videos for insatllation:

Step 2 – Install Mosquitto MQTT Broker

After Installation, Run Termux app. Then at the prompt type

Step 2 – Install Mosquitto MQTT Broker

After Installation, Run Termux app. Then at the prompt type

pkg install mosquitto

Step 3 – Start Mosquitto Mqtt Broker

Prompt type


Step 4 – Find IP address

Prompt type


ip address

Use this IP address as MQTT broker address.


I hope you like this post. Do you have any questions? Leave a comment down below!

Thanks for reading. If you like this post probably you might like my next ones, so please support me by subscribing my blog.

Harshvardhan Mishra

Hi, I'm Harshvardhan Mishra. Tech enthusiast and IT professional with a B.Tech in IT, PG Diploma in IoT from CDAC, and 6 years of industry experience. Founder of HVM Smart Solutions, blending technology for real-world solutions. As a passionate technical author, I simplify complex concepts for diverse audiences. Let's connect and explore the tech world together! If you want to help support me on my journey, consider sharing my articles, or Buy me a Coffee! Thank you for reading my blog! Happy learning! Linkedin

One thought on “Mosquitto broker | Install Mosquitto in AWS, Raspberry Pi and Android

Leave a Reply

Your email address will not be published. Required fields are marked *