Mosquitto MQTT broker | Install Broker in AWS | Setting Up
Introduction
Eclipse Mosquitto is an open-source message broker that implements the MQTT protocol (versions 3.1, 3.1.1, and 5.0). It is a lightweight yet powerful messaging solution designed for devices ranging from microcontrollers to enterprise servers. With its robust security features and scalability, Mosquitto is widely used in IoT applications.
Install Mosquitto Broker and Clients
- Log into your AWS Ubuntu Instance
sudo apt-get update
- Install Mosquitto broker and MQTT clients:
sudo apt-get install mosquitto mosquitto-clients
- Verify the installation:
mosquitto -v
Enable Remote Access
To allow connections from remote devices, modify the configuration file:
- Open the Mosquitto configuration file:
sudo nano /etc/mosquitto/conf.d/default.conf
- Add the following line to allow remote access on port 1883:
listener 1883 allow_anonymous true
- Save the file and restart Mosquitto:
sudo systemctl restart mosquitto
- Ensure your AWS Security Group rules open port 1883 for inbound traffic.
Robust MQTT Broker with Auto-Restart Feature
To ensure Mosquitto restarts automatically if it crashes:
- Create a script file called
mosquitto_restart.sh
:sudo nano /home/ubuntu/mosquitto_restart.sh
- Add the following content:
#!/bin/bash if [ "$(pgrep mosquitto)" == "" ]; then echo "Mosquitto was down. Restarting..." >> /home/ubuntu/cron.log sudo systemctl restart mosquitto fi
- Make the script executable:
chmod +x /home/ubuntu/mosquitto_restart.sh
- Add the script to a cron job to run every 5 minutes:
sudo crontab -e
- Add this line to the cron file:
*/5 * * * * /home/ubuntu/mosquitto_restart.sh
Secure Mosquitto with SSL/TLS Encryption
- Install Certbot for SSL certificates:
sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot
- Generate SSL Certificates:
sudo certbot certonly --standalone -d mqtt.yourdomain.com
- Configure Mosquitto for SSL:
sudo nano /etc/mosquitto/conf.d/default.conf
- Add the following lines:
listener 8883 cafile /etc/letsencrypt/live/mqtt.yourdomain.com/chain.pem certfile /etc/letsencrypt/live/mqtt.yourdomain.com/cert.pem keyfile /etc/letsencrypt/live/mqtt.yourdomain.com/privkey.pem
- Restart Mosquitto:
sudo systemctl restart mosquitto
Enable WebSockets for MQTT
If your web app requires WebSocket support:
- Open the Mosquitto configuration file:
sudo nano /etc/mosquitto/conf.d/default.conf
- Add the following lines:
listener 8083 protocol websockets
- Ensure port 8083 is open in your security group rules.
- Restart Mosquitto:
sudo systemctl restart mosquitto
Add User Authentication for Security
- Create a password file and add a user:
sudo mosquitto_passwd -c /etc/mosquitto/passwd <username>
- Open the configuration file:
sudo nano /etc/mosquitto/conf.d/default.conf
- Add these lines:
allow_anonymous false password_file /etc/mosquitto/passwd
- Restart Mosquitto:
sudo systemctl restart mosquitto
Testing Your MQTT Setup
- Subscribe to a topic:
mosquitto_sub -h localhost -t test -u "<username>" -P "<password>"
- Publish a message:
mosquitto_pub -h localhost -t "test" -m "Hello World" -u "<username>" -P "<password>"
Complete Configuration File for Reference
allow_anonymous false
password_file /etc/mosquitto/passwd
listener 1883
listener 8883
cafile /etc/letsencrypt/live/mqtt.yourdomain.com/chain.pem
certfile /etc/letsencrypt/live/mqtt.yourdomain.com/cert.pem
keyfile /etc/letsencrypt/live/mqtt.yourdomain.com/privkey.pem
listener 8083
protocol websockets
Conclusion
By following this updated guide, you will have a secure, robust, and efficient Mosquitto MQTT broker running on your AWS Ubuntu instance. The added security layers with SSL and password protection ensure your data remains safe, while automated scripts guarantee uptime and reliability. For large-scale IoT implementations, this setup is ideal for managing real-time messaging between multiple devices.
You may like also:
Pingback: Mosquitto MQTT broker | Install Broker in AWS | Setting Up — IoTbyHVM – Explore TechBytes – hashstacks
Pingback: How to Install Mosquitto Broker on Raspberry Pi Tutorials/DIY
Pingback: Using URIs to connect to a MQTT server - IoTbyHVM - Bits & Bytes of IoT
Pingback: How to setup a Mosquitto MQTT Server and receive data from OwnTracks