I get to setup mosquitto in lots of different configurations for my tutorials and for helping people with their setup problems as well as clients.
As I get lots of questions regarding setup problems I thought it would be useful to take you through my setup configuration and procedures.
When testing the mosquitto broker I put the mosquitto configuration files, persistent database and any certificates in my home folder.
On my test machines I have a folder called mos which contains my mosquitto configuration files. Because I test many different configurations I have many of them and I try to be descriptive so sock.conf is used for testing websockets etc.
I also have a folder under mos called certs which contains any certificates. I also usually use a folder called logs for the log data.
Besides the actual configuration files mosquitto will store logs, persistent data and also the process ID. The standard log entries for these are shown below:
Because mosquitto usually starts with the user called mosquitto if you start mosquitto manually from a console then you will have permission problems unless you start mosquitto as the mosquitto user using:
sudo -u mosquitto mosquitto -c sock.conf
This I don’t recommend for initial testing but I use it as a final check once the files are set back to their default location.
So you have two options when testing:
1. Don’t include them or comment out what you don’t need. In the screen shot above you can See I’ve commented them all out.
2. Use your home folder and change the entries to look like those below:
pid_file /home/steve/mos/mosquitto.pid persistence true persistence_location /home/steve/mos/mosquitto/ log_dest file /home/steve/mos/log/mosquitto/mosquitto.log
By placing the files in your home folder you avoid permission problems.
Certificate Files
All certificate files I place in a folder called certs. below is a screen shot for one of my conf files
Post Testing
Once you have finished testing you change the file locations in the configuration file and then you need to move the files into the correct locations. The files you need to move are:
- configuration file
- certificate files
The configuration file needs to be renamed to mosquitto.conf and copied into the /etc/mosquitto/ folder.
The certificate files are copied into the /etc/mosquitto/certs folder.
There is also a folder for the CA certificates /etc/mosquitto/ca_certificates.
An example configuration file (showing files only) would look like that below
pid_file /var/run/mosquitto.pid persistence true persistence_location /var/lib/mosquitto/ log_dest file /var/log/mosquitto/mosquitto.log include_dir /etc/mosquitto/conf.d cafile /etc/mosquitto/ca_certificates/ca.crt keyfile /etc/mosquitto/certs/server.key certfile /etc/mosquitto/certs/server.crt
Now you can start mosquitto using the mosquitto user and the mosquitto.conf file using:
sudo -u mosquitto mosquitto -c /etc/mosquitto/mosquitto.conf
If everything starts ok The you can stop it and restart it as a service.
Incidentally if I need to work on a existing installation then I usually stop the mosquitto running as a service and start it from the command line using the above command.
I find having access to the console makes troubleshooting easier and it is more convenient than using the tail command.
Multiple Security Settings
When configuring multiple security settings I always test one at a time.
For example if I needed to enable authentication and ACL restrictions I would.
- Configure and test authentication
- Disable authentication
- Configure and test ACL restrictions
- enable authentications
- Retest.
Tips To share?
If you have any tips that you would like to share then please use the comments form below
Related tutorials and resources
- Mosquitto MQTT Bridge -Usage and Configuration
- Understanding and Configuring Logging – Mosquitto Broker Configuration
- Mosquitto SSL Configuration -MQTT TLS Security
- Mosquitto ACL -Configuring and Testing MQTT Topic Restrictions
- Mosquitto Username and Password Authentication -Configuration and Testing
- How to test a Mosquitto Broker