Join us at the Alibaba Cloud ACtivate Online Conference on March 5-6 to challenge assumptions, exchange ideas, and explore what is possible through digital transformation.
Mosquitto is a lightweight, open source and machine-to-machine messaging protocol for communication between "Internet of Things" devices such as ESP8266, Raspberry Pi, etc. It is designed for connections with remote locations where a small code footprint is required and/or network bandwidth is at a premium. It is written in C language and suitable for use on all devices from low power single board computers to full servers. It is also ideal for mobile applications because of its small size, low power usage, minimized data packets, and efficient distribution of information to one or many receivers. Mosquitto is one of the most popular MQTT brokers due to its good community support, documentation and ease of installation.
In this tutorial, we will be installing Mosquitto with Let's Encrypt on an Alibaba Cloud Elastic Compute Service (ECS) Ubuntu 16.04 server.
First, log in to your Alibaba Cloud ECS Console. Create a new ECS instance, choosing Ubuntu 16.04 as the operating system with at least 2GB RAM. Connect to your ECS instance and log in as the root user.
Once you are logged into your Ubuntu 16.04 instance, run the following command to update your base system with the latest available packages.
apt-get update -y
By default, Mosquitto is available in the Ubuntu 16.04 default repository. You can easily install it by just running the following command:
apt-get install mosquitto mosquitto-clients -y
Once the installation has been completed, you can check the status of Mosquitto service with the following command:
systemctl status mosquitto
mosquitto.service - LSB: mosquitto MQTT v3.1 message broker Loaded: loaded (/etc/init.d/mosquitto; bad; vendor preset: enabled) Active: active (running) since Sun 2018-09-16 13:30:52 IST; 4s ago Docs: man:systemd-sysv-generator(8) Process: 15608 ExecStop=/etc/init.d/mosquitto stop (code=exited, status=0/SUCCESS) Process: 15623 ExecStart=/etc/init.d/mosquitto start (code=exited, status=0/SUCCESS) CGroup: /system.slice/mosquitto.service └─15636 /usr/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf Sep 16 13:30:52 test.example.com systemd: Stopped LSB: mosquitto MQTT v3.1 message broker. Sep 16 13:30:52 test.example.com systemd: Starting LSB: mosquitto MQTT v3.1 message broker... Sep 16 13:30:52 test.example.com mosquitto: * Starting network daemon: mosquitto Sep 16 13:30:52 test.example.com mosquitto: ...done. Sep 16 13:30:52 test.example.com systemd: Started LSB: mosquitto MQTT v3.1 message broker.
Mosquitto clients help you to test MQTT through a command line utility. To do so, you will need to open two terminal windows, one to subscribe to a topic named and one to publish a message to it.
Let's subscribe to the topic named testing by running the following command on the first terminal:
mosquitto_sub -t "testing"
Now, publish a message to the topic testing by running the following command on the second terminal:
mosquitto_pub -m "hello world" -t "testing"
You should see a message from mosquitto_pub client displayed in first terminal.
Now, press "Ctrl+C" to exit the subscribe client.
Mosquitto comes with a utility called mosquitto_passwd to generate a special password file. It is used to configure Mosquitto to use passwords.
Let's create a user named hitesh and setup password with the following command:
mosquitto_passwd -c /etc/mosquitto/passwd hitesh Password: admin
Next, configure Mosquitto to use this password file to require logins for all connections. You can do this by editing /etc/mosquitto/conf.d/default.conf file:
add the following lines:
allow_anonymous false password_file /etc/mosquitto/passwd
Save and close the file. Then, restart Mosquitto server to test your changes.
systemctl restart mosquitto
Now, open the first terminal and subscribe to topic named testing with username and password by running the following command:
mosquitto_sub -t "testing" -u "hitesh" -P "admin"
Now, open the second terminal try to publish a message without a password:
mosquitto_pub -h localhost -t "testing" -m "hello world"
The message will be rejected with the following error message:
Connection Refused: not authorised. Error: The connection was refused.
Now publish a message with the username and password:
mosquitto_pub -h localhost -t "testing" -m "hello world" -u "hitesh" -P "admin"
You should see the message in subscribe client window.
Let's Encrypt is a free, automated, and open Certificate Authority that provides free certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the hitherto complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites. Before starting, you will need to install Certbot the official Let's Encrypt client to your system. By default, Certbot is not available in the Ubuntu 16.04 default repository. So, you will need to add PPA for that. You can add it with the following command:
Next, update the repository and install Certbot by running the following command:
apt-get update -y apt-get install certbot -y
Next, you will need to run Certbot to get your certificate for domain test.example.com. You can do this by running the following command:
certbot certonly --standalone --preferred-challenges http-01 -d test.example.com
During the installation, you will be prompted to enter an email address and agree to the terms of service as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): email@example.com Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Starting new HTTPS connection (1): supporters.eff.org Obtaining a new certificate Performing the following challenges: http-01 challenge for test.example.com
Next, you will need to setup Certbot automatic renewals, because Let's Encrypt's certificates are only valid for ninety days.
You can setup automatic renewals by editing crontab file:
Add the following lines
##Run the command at 6:00 PM everyday, check all certificates installed on the system and update any that are set to expire in less than thirty days. 18 00 * * * certbot renew --noninteractive --post-hook "systemctl restart mosquitto"
Save and close the file, when you are finished.
Configure Mosquitto to Use SSL
Next, you will need to tell Mosquitto where your Let's Encrypt certificates are stored. You can do this by editing /etc/mosquitto/conf.d/default.conf file:
Add the following lines:
listener 1883 localhost listener 8883 certfile /etc/letsencrypt/live/test.example.com/cert.pem cafile /etc/letsencrypt/live/test.example.com/chain.pem keyfile /etc/letsencrypt/live/test.example.com/privkey.pem
Save and close the file. Then, restart Mosquitto to update the changes.
systemctl restart mosquitto
Now, open your terminal and subscribe client with a username, password and SSL as shown below:
mosquitto_sub -h test.example.com -t testing -p 8883 --capath /etc/ssl/certs/ -u "hitesh" -P "admin"
Next, open second terminal and publish a message with a username, password and SSL as shown below:
mosquitto_pub -h test.example.com -t testing -m "hello world" -p 8883 --capath /etc/ssl/certs/ -u "hitesh" -P "admin"
Now, you should see the message in subscribe client window.
Alibaba Clouder - September 18, 2019
Alibaba Clouder - September 30, 2019
Alibaba Clouder - November 20, 2019
Alibaba Clouder - June 13, 2018
Alibaba Cloud Native Community - July 12, 2022
Alibaba Clouder - June 13, 2019
An online computing service that offers elastic and secure virtual cloud servers to cater all your cloud hosting needs.Learn More
Provides secure and reliable communication between devices and the IoT Platform which allows you to manage a large number of devices on a single IoT Platform.Learn More
Marketplace is an online market for users to search and quickly use the software as image for Alibaba Cloud products.Learn More
More Posts by Alibaba Clouder