Mosquitto is an open source MQTT broker. The broker can then be used, to use Owntracks with Home Assistant. This tutorial describes how to set up a Mosquitto server on Gentoo.
At the time of writing this tutorial, Mosquitto version 2.0.15 was available in Portage.
We install Mosquitto:
emerge -a app-misc/mosquitto
Create Mosquitto user
To connect to the Mosquitto Broker you have to create a user and create a password file. This is done with the following command:
mosquitto_passwd -c /etc/mosquitto/pwfile USERNAME
A new file is created with the “-c” parameter. If one already exists, it will be overwritten. If a new user should also to be added, simply omit the “-c” parameter. Replace “USERNAME” with your username. If you run this command you have to set a password and then confirm it.
Now we have to do the actual configuration of Mosquitto. This is done in the “/etc/mosquitto/mosquitto.conf” file. For simplicity, here is my configuration:
autosave_interval 1800 persistence true persistence_file mosquitto.db persistence_location /var/lib/mosquitto/ log_dest syslog log_type error log_type warning log_type notice log_type information connection_messages true log_timestamp true allow_anonymous false password_file /etc/mosquitto/pwfile listener 1883 localhost
Now we start our Mosquitto Broker and add it to the default runlevel:
/etc/init.d/mosquitto start rc-update add mosquitto default
In order to check whether our broker works, we set up a so-called “sub”.
mosquitto_sub -h BROKERHOST -p PORT -t "owntracks/#" -v -u USERNAME -P PASSWORD
In this command you have to replace the placeholders with your data accordingly. In my case I use owntracks on my Android smartphone to send messages (that’s why -t “owntracks/#”).
If there is no error running the command, you should be able to see incoming messages. The answer then looks something like this:
Secure Mosquito with SSL
In the current configuration, the broker should only be used in the local network. It goes without saying that you should consider encrypting the transmission when using it over the Internet.
You need SSL certificates for this. Their creation should not be part of this tutorial. In my case, I simply use the existing Let’s Encrypt certificates on my home server.
To use SSL encryption add the following to “/etc/mosquitto/mosquitto.conf”:
listener 8883 certfile /etc/letsencrypt/live/subdomain.example.com/cert.pem cafile /etc/letsencrypt/live/subdomain.example.com/chain.pem keyfile /etc/letsencrypt/live/subdomain.example.com/privkey.pem
If you also use Let’s Encrypt you have to replace “subdomain.example.com” with your own domain name in the path. If you use self-signed SSL certificates, enter the paths to them correctly.
It is important that you keep the previous “listener 1883 localhost” in the configuration file. So you can connect to the broker in the local network without SSL encryption. Port 8883 is then used for external connections. Of course you have to release this in your firewall / router.
Then restart the Mosquitto Broker:
With Mosquitto you can easily implement an efficient MQTT broker.