Difference between revisions of "Raspberry Pi MQTT Broker"
(Created page with "==Initial Setup== Raspbery Pi running Noobs or Raspbian Linux. To install the Mosquitto Broker enter these next commands: sudo apt update sudo apt install -y mosquitto mo...") |
|||
| Line 33: | Line 33: | ||
==Securing the Broker with a Username and Password== | ==Securing the Broker with a Username and Password== | ||
| + | Let’s configure Mosquitto to use passwords. Mosquitto includes a utility to generate a special password file called mosquitto_passwd. This command will prompt you to enter a password for the specified username, and place the results in /etc/mosquitto/passwd. | ||
| + | |||
| + | sudo mosquitto_passwd -c /etc/mosquitto/passwd sammy | ||
| + | |||
| + | |||
| + | Now we’ll open up a new configuration file for Mosquitto and tell it to use this password file to require logins for all connections: | ||
| + | |||
| + | sudo nano /etc/mosquitto/conf.d/default.conf | ||
| + | |||
| + | |||
| + | This should open an empty file. Paste in the following: | ||
| + | /etc/mosquitto/conf.d/default.conf | ||
| + | |||
| + | allow_anonymous false | ||
| + | password_file /etc/mosquitto/passwd | ||
| + | |||
| + | |||
| + | allow_anonymous false will disable all non-authenticated connections, and the password_file line tells Mosquitto where to look for user and password information. Save and exit the file. | ||
| + | |||
| + | Now we need to restart Mosquitto and test our changes. | ||
| + | |||
| + | sudo systemctl restart mosquitto | ||
| + | |||
| + | Try to publish a message without a password: | ||
| + | |||
| + | mosquitto_pub -h localhost -t "test" -m "hello world" | ||
| + | |||
| + | The message should be rejected: | ||
| + | |||
| + | Output | ||
| + | Connection Refused: not authorised. | ||
| + | Error: The connection was refused. | ||
| + | |||
| + | Before we try again with the password, switch to your second terminal window again, and subscribe to the ‘test’ topic, using the username and password this time: | ||
| + | |||
| + | mosquitto_sub -h localhost -t test -u "sammy" -P "password" | ||
| + | |||
| + | It should connect and sit, waiting for messages. You can leave this terminal open and connected for the rest of the tutorial, as we’ll periodically send it test messages. | ||
| + | |||
| + | Now publish a message with your other terminal, again using the username and password: | ||
| + | |||
| + | mosquitto_pub -h localhost -t "test" -m "hello world" -u "sammy" -P "password" | ||
| + | |||
| + | The message should go through as in Step 1. We’ve successfully added password protection to Mosquitto. Unfortunately, we’re sending passwords unencrypted over the internet. We’ll fix that next by adding SSL encryption to Mosquitto. | ||
==Encrypting the Broker== | ==Encrypting the Broker== | ||
Revision as of 20:55, 14 October 2020
Contents
Initial Setup
Raspbery Pi running Noobs or Raspbian Linux.
To install the Mosquitto Broker enter these next commands:
sudo apt update
sudo apt install -y mosquitto mosquitto-clients
You may have to type Y and press Enter to confirm the installation.
To make Mosquitto auto start on boot up enter:
mosquitto -v
This returns the Mosquitto version that is currently running in your Raspberry Pi. It should be 1.4.X or above.
Raspberry Pi IP Address
To use Mosquitto broker later on your projects, you’ll need your Raspberry Pi IP address. To retrieve your Raspberry Pi IP address, type the next command in your Terminal window:
hostname -I
Testing the Broker
Securing the Broker with a Username and Password
Let’s configure Mosquitto to use passwords. Mosquitto includes a utility to generate a special password file called mosquitto_passwd. This command will prompt you to enter a password for the specified username, and place the results in /etc/mosquitto/passwd.
sudo mosquitto_passwd -c /etc/mosquitto/passwd sammy
Now we’ll open up a new configuration file for Mosquitto and tell it to use this password file to require logins for all connections:
sudo nano /etc/mosquitto/conf.d/default.conf
This should open an empty file. Paste in the following:
/etc/mosquitto/conf.d/default.conf
allow_anonymous false password_file /etc/mosquitto/passwd
allow_anonymous false will disable all non-authenticated connections, and the password_file line tells Mosquitto where to look for user and password information. Save and exit the file.
Now we need to restart Mosquitto and test our changes.
sudo systemctl restart mosquitto
Try to publish a message without a password:
mosquitto_pub -h localhost -t "test" -m "hello world"
The message should be rejected:
Output Connection Refused: not authorised. Error: The connection was refused.
Before we try again with the password, switch to your second terminal window again, and subscribe to the ‘test’ topic, using the username and password this time:
mosquitto_sub -h localhost -t test -u "sammy" -P "password"
It should connect and sit, waiting for messages. You can leave this terminal open and connected for the rest of the tutorial, as we’ll periodically send it test messages.
Now publish a message with your other terminal, again using the username and password:
mosquitto_pub -h localhost -t "test" -m "hello world" -u "sammy" -P "password"
The message should go through as in Step 1. We’ve successfully added password protection to Mosquitto. Unfortunately, we’re sending passwords unencrypted over the internet. We’ll fix that next by adding SSL encryption to Mosquitto.
