To publish a Message to an MQTT broker you use the MQTT publish node.
In this tutorial we look at the various configuration options,including SSL, for those who are new to MQTT and node-red.
To use a publish node drag the node from the node palette on the left into the main workspace.
Double click on the node to configure it. The main configuration screen is shown below:
The main setting is the broker or server setting.
You can select a previously configured server which you can edit by clicking on the edit button, or add a new broker by selecting the add new mqtt server option from the server list.
The server name that appears in the server list is a combination of the client ID and Broker name or IP address.
Note: The MQTT specification originally used the term broker but it has now been changed to server.
You can also configure the topic address but this is normally provided by an input node as part of the message object.
You can also set the QOS for the message and the retain flag. See retained messages.
Editing the Server Settings
If you click on the edit icon to the right of the server you can edit the server settings.
The server settings has 4 tabs.
- connection tab
- Birth Message
- Will Message
The port defaults to 1883 which is the standard MQTT port.
You can use either the IP address or FQDN for the server address.
The client name needs to be unique on the broker. See client names and duplicate client ids.
You can configure the client to use SSL for the connection by enabling the TLS box- see later
The default keep alive is 60 secs and clean session is False. It is normal to enable clean sessions.
This lets you configure a use a username and password for the connection.
Whether you need a username/password for the connection is determined by the MQTT broker.
The birth message is published by the client when the MQTT node starts.
The Will message is part f the MQTT specification and is stored on the broker and sent in the advent of a failed client connection.
The message payload will either be a message to indicate the connection has failed or a status indicator.
The retained message will usually be set so that new clients know the status.
The topic will be a per-agreed topic. See Checking Active MQTT Client Connections
Using SSL for Encryption
The client supports SSL encryption between the client and server as well as using certificate based authentication.
To configure a secure connection you will need enable TLS
and add the CA certificate to node-red by uploading it. In the screen shot below I used the same self generated certificate as I used on Mosquitto broker.
If the CA file is on your local computer you can use it by enabling the use key and certificates from local files option. as shown below:
Note: the verify server certificate checks the the name on the certificate is correct as should be enable on live systems. Leaving it un-checked is like using the -insecure option of the mosquitto_pub /_sub tool. Entering a name in the box doesn’t seem to make any difference.
SSL Public Certificates
If you are using a public broker like cloudmqtt then you will need to use a public CA.
You will need to get a copy of ca-certificates.crt or ca-certificates.pem file.
This file contains a list of trusted CA certificates and is available from Mozilla.
If you are using Linux it is usually in /etc/SSL/certs, but you can download it for the curl site here.
You will then need to upload it, just like with the self generated certificate as shown in the screenshot below.:
I’ve created a video on how to Publish and Subscribe to an MQTT broker Using Node Red
- Node-Red Setup and Admin Notes
- Understanding the Node-Red Message Object
- Storing Data in Node-Red Variables
- Securing Node-Red with SSL and Username Authentication