ExplainerHow ToInternet of ThingsIoT ProtocolsTutorials/DIY

Mosquitto MQTT broker | Install Broker in AWS | Setting Up


Introduction

Eclipse Mosquitto is an open-source message broker that implements the MQTT protocol (versions 3.1, 3.1.1, and 5.0). It is a lightweight yet powerful messaging solution designed for devices ranging from microcontrollers to enterprise servers. With its robust security features and scalability, Mosquitto is widely used in IoT applications.

Install Mosquitto Broker and Clients

  1. Log into your AWS Ubuntu Instance
    sudo apt-get update
    
  2. Install Mosquitto broker and MQTT clients:
    sudo apt-get install mosquitto mosquitto-clients
    
  3. Verify the installation:
    mosquitto -v
    

Enable Remote Access

To allow connections from remote devices, modify the configuration file:

  1. Open the Mosquitto configuration file:
    sudo nano /etc/mosquitto/conf.d/default.conf
    
  2. Add the following line to allow remote access on port 1883:
    listener 1883
    allow_anonymous true
    
  3. Save the file and restart Mosquitto:
    sudo systemctl restart mosquitto
    
  4. Ensure your AWS Security Group rules open port 1883 for inbound traffic.

Robust MQTT Broker with Auto-Restart Feature

To ensure Mosquitto restarts automatically if it crashes:

  1. Create a script file called mosquitto_restart.sh:
    sudo nano /home/ubuntu/mosquitto_restart.sh
    
  2. Add the following content:
    #!/bin/bash
    if [ "$(pgrep mosquitto)" == "" ]; then
        echo "Mosquitto was down. Restarting..." >> /home/ubuntu/cron.log
        sudo systemctl restart mosquitto
    fi
    
  3. Make the script executable:
    chmod +x /home/ubuntu/mosquitto_restart.sh
    
  4. Add the script to a cron job to run every 5 minutes:
    sudo crontab -e
    
  5. Add this line to the cron file:
    */5 * * * * /home/ubuntu/mosquitto_restart.sh
    

Secure Mosquitto with SSL/TLS Encryption

  1. Install Certbot for SSL certificates:
    sudo add-apt-repository ppa:certbot/certbot
    sudo apt-get update
    sudo apt-get install certbot
    
  2. Generate SSL Certificates:
    sudo certbot certonly --standalone -d mqtt.yourdomain.com
    
  3. Configure Mosquitto for SSL:
    sudo nano /etc/mosquitto/conf.d/default.conf
    
  4. Add the following lines:
    listener 8883
    cafile /etc/letsencrypt/live/mqtt.yourdomain.com/chain.pem
    certfile /etc/letsencrypt/live/mqtt.yourdomain.com/cert.pem
    keyfile /etc/letsencrypt/live/mqtt.yourdomain.com/privkey.pem
    
  5. Restart Mosquitto:
    sudo systemctl restart mosquitto
    

Enable WebSockets for MQTT

If your web app requires WebSocket support:

  1. Open the Mosquitto configuration file:
    sudo nano /etc/mosquitto/conf.d/default.conf
    
  2. Add the following lines:
    listener 8083
    protocol websockets
    
  3. Ensure port 8083 is open in your security group rules.
  4. Restart Mosquitto:
    sudo systemctl restart mosquitto
    

Add User Authentication for Security

  1. Create a password file and add a user:
    sudo mosquitto_passwd -c /etc/mosquitto/passwd <username>
    
  2. Open the configuration file:
    sudo nano /etc/mosquitto/conf.d/default.conf
    
  3. Add these lines:
    allow_anonymous false
    password_file /etc/mosquitto/passwd
    
  4. Restart Mosquitto:
    sudo systemctl restart mosquitto
    

Testing Your MQTT Setup

  1. Subscribe to a topic:
    mosquitto_sub -h localhost -t test -u "<username>" -P "<password>"
    
  2. Publish a message:
    mosquitto_pub -h localhost -t "test" -m "Hello World" -u "<username>" -P "<password>"
    

Complete Configuration File for Reference

allow_anonymous false
password_file /etc/mosquitto/passwd

listener 1883

listener 8883
cafile /etc/letsencrypt/live/mqtt.yourdomain.com/chain.pem
certfile /etc/letsencrypt/live/mqtt.yourdomain.com/cert.pem
keyfile /etc/letsencrypt/live/mqtt.yourdomain.com/privkey.pem

listener 8083
protocol websockets

Conclusion

By following this updated guide, you will have a secure, robust, and efficient Mosquitto MQTT broker running on your AWS Ubuntu instance. The added security layers with SSL and password protection ensure your data remains safe, while automated scripts guarantee uptime and reliability. For large-scale IoT implementations, this setup is ideal for managing real-time messaging between multiple devices.


You may like also:

Harshvardhan Mishra

Hi, I'm Harshvardhan Mishra. Tech enthusiast and IT professional with a B.Tech in IT, PG Diploma in IoT from CDAC, and 6 years of industry experience. Founder of HVM Smart Solutions, blending technology for real-world solutions. As a passionate technical author, I simplify complex concepts for diverse audiences. Let's connect and explore the tech world together! If you want to help support me on my journey, consider sharing my articles, or Buy me a Coffee! Thank you for reading my blog! Happy learning! Linkedin

4 thoughts on “Mosquitto MQTT broker | Install Broker in AWS | Setting Up

Leave a Reply

Your email address will not be published. Required fields are marked *