Skip to content

Instantly share code, notes, and snippets.

@drmaq
Forked from pilotak/Ubuntu 16.04: SSL mosquitto.md
Created September 24, 2018 20:02
Show Gist options
  • Save drmaq/de8fe3ccc5350d8763f836cdabe52a29 to your computer and use it in GitHub Desktop.
Save drmaq/de8fe3ccc5350d8763f836cdabe52a29 to your computer and use it in GitHub Desktop.

Setup MQTT with SSL

  • :1883 will be for local use only
  • :8083 websocket secure
  • :8883 mqtt secure
sudo apt-get install mosquitto

Getting certificate & Auto-Renewal

Don't forget to change the domain and allow port 443 through firewall

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot

sudo certbot certonly --standalone --standalone-supported-challenges tls-sni-01 -d change.me -d www.change.me
sudo crontab -e
15 4 * * * certbot renew --noninteractive --post-hook "systemctl restart mosquitto"

Create logins for mqtt name:admin

sudo mosquitto_passwd -c /etc/mosquitto/passwd admin
sudo nano /etc/mosquitto/conf.d/mosquitto.conf
message_size_limit 0
allow_zero_length_clientid true
allow_duplicate_messages false

port 1883
protocol mqtt

listener 8083
protocol websockets
certfile /etc/letsencrypt/live/change.me/cert.pem
cafile /etc/letsencrypt/live/change.me/chain.pem
keyfile /etc/letsencrypt/live/change.me/privkey.pem

listener 8883
certfile /etc/letsencrypt/live/change.me/cert.pem
cafile /etc/letsencrypt/live/change.me/chain.pem
keyfile /etc/letsencrypt/live/change.me/privkey.pem

autosave_interval 900
autosave_on_changes false

persistence_file mosquitto.db

allow_anonymous false
password_file /etc/mosquitto/passwd

To bridge Owntracks

sudo nano /etc/mosquitto/conf.d/mosquitto.conf
# Owntracks bridge
connection owntracks
address xxx.xxx.xxx.xxx
cleansession false
notifications false
remote_username user
remote_password secret
start_type automatic
try_private true
topic # both 2 owntracks/ owntracks/
sudo systemctl restart mosquitto
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment