How to Install and Secure Mosquitto MQTT Messaging Broker on Ubuntu 16.04

Join us at the Alibaba Cloud ACtivate Online Conference on March 5–6 to challenge assumptions, exchange ideas, and explore what is possible through digital transformation.

By Hitesh Jethva, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud’s incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

Mosquitto is a lightweight, open source and machine-to-machine messaging protocol for communication between “Internet of Things” devices such as ESP8266, Raspberry Pi, etc. It is designed for connections with remote locations where a small code footprint is required and/or network bandwidth is at a premium. It is written in C language and suitable for use on all devices from low power single board computers to full servers. It is also ideal for mobile applications because of its small size, low power usage, minimized data packets, and efficient distribution of information to one or many receivers. Mosquitto is one of the most popular MQTT brokers due to its good community support, documentation and ease of installation.

In this tutorial, we will be installing Mosquitto with Let’s Encrypt on an Alibaba Cloud Elastic Compute Service (ECS) Ubuntu 16.04 server.

Prerequisites

  1. A fresh Alibaba Cloud Ubuntu 16.04 instance.
  2. You must set the fully qualified domain name (FQDN) and point the domain name with your server IP address.
  3. A root password is set up to your instance.

Launch Alibaba Cloud ECS Instance

First, log in to your Alibaba Cloud ECS Console. Create a new ECS instance, choosing Ubuntu 16.04 as the operating system with at least 2GB RAM. Connect to your ECS instance and log in as the root user.

Once you are logged into your Ubuntu 16.04 instance, run the following command to update your base system with the latest available packages.

Install Mosquitto

By default, Mosquitto is available in the Ubuntu 16.04 default repository. You can easily install it by just running the following command:

Once the installation has been completed, you can check the status of Mosquitto service with the following command:

Output:

Mosquitto clients help you to test MQTT through a command line utility. To do so, you will need to open two terminal windows, one to subscribe to a topic named and one to publish a message to it.

Let’s subscribe to the topic named testing by running the following command on the first terminal:

Now, publish a message to the topic testing by running the following command on the second terminal:

You should see a message from mosquitto_pub client displayed in first terminal.

Now, press “Ctrl+C” to exit the subscribe client.

Secure Mosquitto with Password

Mosquitto comes with a utility called mosquitto_passwd to generate a special password file. It is used to configure Mosquitto to use passwords.

Let’s create a user named hitesh and setup password with the following command:

Next, configure Mosquitto to use this password file to require logins for all connections. You can do this by editing /etc/mosquitto/conf.d/default.conf file:

add the following lines:

Save and close the file. Then, restart Mosquitto server to test your changes.

Now, open the first terminal and subscribe to topic named testing with username and password by running the following command:

Now, open the second terminal try to publish a message without a password:

The message will be rejected with the following error message:

Now publish a message with the username and password:

You should see the message in subscribe client window.

Secure Mosquitto with Let’s Encrypt

Let’s Encrypt is a free, automated, and open Certificate Authority that provides free certificates for Transport Layer Security (TLS) encryption via an automated process designed to eliminate the hitherto complex process of manual creation, validation, signing, installation, and renewal of certificates for secure websites. Before starting, you will need to install Certbot the official Let’s Encrypt client to your system. By default, Certbot is not available in the Ubuntu 16.04 default repository. So, you will need to add PPA for that. You can add it with the following command:

Next, update the repository and install Certbot by running the following command:

Next, you will need to run Certbot to get your certificate for domain test.example.com. You can do this by running the following command:

During the installation, you will be prompted to enter an email address and agree to the terms of service as shown below:

Next, you will need to setup Certbot automatic renewals, because Let’s Encrypt’s certificates are only valid for ninety days.

You can setup automatic renewals by editing crontab file:

Add the following lines

Save and close the file, when you are finished.

Configure Mosquitto to Use SSL

Next, you will need to tell Mosquitto where your Let’s Encrypt certificates are stored. You can do this by editing /etc/mosquitto/conf.d/default.conf file:

Add the following lines:

Save and close the file. Then, restart Mosquitto to update the changes.

Now, open your terminal and subscribe client with a username, password and SSL as shown below:

Next, open second terminal and publish a message with a username, password and SSL as shown below:

Now, you should see the message in subscribe client window.

Reference:https://www.alibabacloud.com/blog/how-to-install-and-secure-mosquitto-mqtt-messaging-broker-on-ubuntu-16-04_594489?spm=a2c41.12584319.0.0

Written by

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store