How to secure MQTT broker

What you will learn here about mosquitto or MQTT security

  • How to secure MQTT broker

Here we will see How to secure MQTT broker on raspberry pi or Ubuntu or AWS ec2 instance 0r Google Cloud VM instance etc. Please follow the following steps to secure mosquitto or MQTT on raspberry pi or Ubuntu or AWS ec2 instance 0r Google Cloud VM instance etc.

First you need a broker. If you don’t know how to install MQTT broker then please visit following link:

Steps to install MQTT Broker on Linux

Steps to Install MQTT Broker on Raspberry Pi

Steps to Install MQTT Broker on Google Cloud

How to install mqtt broker on aws ec2 instance

Mosquitto Installation

Please follow the following steps to install mosquitto

1)Please execute the following command to update the existing packages

sudo apt-get update

2)Please execute the following command to install mosquitto

sudo apt-get install mosquitto

3)Please execute the following command to install mosquitto-clients

sudo apt-get install mosquitto-clients

Mosquitto UserName Password setup

Please follow the following steps to secure mosquitto using username and password

1)Please execute the following command to navigate in mosquitto directory

cd /etc/mosquitto/

2)Please execute the following command to generate userName and password file

sudo mosquitto_passwd -c /etc/mosquitto/passfile your-username

Please Enter new Password for authentication

Secure mosquitto using ssl on linux
3)Please execute the following command to modify mosquitto.conf

sudo nano /etc/mosquitto/mosquitto.conf

4)Add following lines in mosquitto.conf which is shown below

allow_anonymous false
password_file /etc/mosquitto/passfile

Secure mosquitto using ssl on raspberry pi
Press Ctrl + X and type Y and hit enter to save the changes

5)Please execute the following command to stop the mosquitto

sudo systemctl stop mosquitto

6)Please execute the following command to start the mosquitto

sudo systemctl start mosquitto

7)Please execute the following command to check the status which is shown below

sudo systemctl status mosquitto

8)Please execute the following command to subscribe the message on topic example

where -u is username entered in step 2 and -P is password entered in step 2

mosquitto_sub -t example -h localhost -u "sample" -P "sample123"

Secure mosquitto using ssl on AWS

9)Please execute the following command to publish the message on topic example

mosquitto_pub -t example -h localhost -u "EnterUserNamehere" -P "EnterPasswordhere" -m "Hello"

mosquitto SSL installation

Please follow the following steps to secure mosquitto using  SSL certificate

1)Please visit the following link to install the free SSL certificate
Let’s encrypt SSL certificates

2)Assuming you have installed free ssl certificates

3)Please execute the following command to modify mosquitto.conf

sudo nano /etc/mosquitto/mosquitto.conf

4)Please add following lines in mosquitto.conf file which is shown below
Please replace example.bytesofgigabytes.com with your domain name

listener 1883 localhost

listener 8883
certfile /etc/letsencrypt/live/example.bytesofgigabytes.com/cert.pem
cafile /etc/letsencrypt/live/example.bytesofgigabytes.com/chain.pem
keyfile /etc/letsencrypt/live/example.bytesofgigabytes.com/privkey.pem

listener 8083
protocol websockets
certfile /etc/letsencrypt/live/example.bytesofgigabytes.com/cert.pem
cafile /etc/letsencrypt/live/example.bytesofgigabytes.com/chain.pem
keyfile /etc/letsencrypt/live/example.bytesofgigabytes.com/privkey.pem

Secure mosquitto using ssl on Google cloud

Press Ctrl + X and type Y and hit enter to save the changes

5)Please execute the following command to stop the mosquitto

sudo systemctl stop mosquitto

6)Please execute the following command to start the mosquitto

sudo systemctl start mosquitto

7)Please execute the following command to check the status which is shown below

sudo systemctl status mosquitto

8)Please execute the following command to subscribe the message on topic example

mosquitto_sub -t example -h "example.bytesofgigabytes.com" -u "sample" -P "sample123" -p 8883 --capath /etc/ssl/certs/

9)Please execute the following command to publish the message on topic example

mosquitto_pub -t example -h "example.bytesofgigabytes.com" -u "EnterUserNamehere" -P "EnterPasswordhere" -m "Hello" -p 8883 --capath /etc/ssl/certs/

You may also like...

Leave a Reply