Setup Mosquitto MQTT broker on gentoo

Network

Mosquitto is an open source MQTT broker. The broker can then be used, to use Owntracks with Home Assistant. This tutorial describes how to set up a Mosquitto server on Gentoo.

Installation

At the time of writing this tutorial, Mosquitto version 2.0.15 was available in Portage.

We install Mosquitto:

emerge -a app-misc/mosquitto

Create Mosquitto user

To connect to the Mosquitto Broker you have to create a user and create a password file. This is done with the following command:

mosquitto_passwd -c /etc/mosquitto/pwfile USERNAME

A new file is created with the “-c” parameter. If one already exists, it will be overwritten. If a new user should also to be added, simply omit the “-c” parameter. Replace “USERNAME” with your username. If you run this command you have to set a password and then confirm it.

Configure Mosquitto

Now we have to do the actual configuration of Mosquitto. This is done in the “/etc/mosquitto/mosquitto.conf” file. For simplicity, here is my configuration:

autosave_interval 1800
persistence true
persistence_file mosquitto.db
persistence_location /var/lib/mosquitto/
log_dest syslog
log_type error
log_type warning
log_type notice
log_type information
connection_messages true
log_timestamp true
allow_anonymous false
password_file /etc/mosquitto/pwfile

listener 1883 localhost

Now we start our Mosquitto Broker and add it to the default runlevel:

/etc/init.d/mosquitto start
rc-update add mosquitto default

Test Mosquitto

In order to check whether our broker works, we set up a so-called “sub”.

mosquitto_sub -h BROKERHOST -p PORT -t "owntracks/#" -v -u USERNAME -P PASSWORD

In this command you have to replace the placeholders with your data accordingly. In my case I use owntracks on my Android smartphone to send messages (that’s why -t “owntracks/#”).

If there is no error running the command, you should be able to see incoming messages. The answer then looks something like this:

owntracks/user/androidphone {"_type":"location","acc":1800,"alt":0,"batt":65,"conn":"w","lat":46.8359704,"lon":7.5705195,"t":"u","tid":"us","tst":1545653489,"vac":0,"vel":0}

Secure Mosquito with SSL

In the current configuration, the broker should only be used in the local network. It goes without saying that you should consider encrypting the transmission when using it over the Internet.

You need SSL certificates for this. Their creation should not be part of this tutorial. In my case, I simply use the existing Let’s Encrypt certificates on my home server.

To use SSL encryption add the following to “/etc/mosquitto/mosquitto.conf”:

listener 8883
certfile /etc/letsencrypt/live/subdomain.example.com/cert.pem
cafile /etc/letsencrypt/live/subdomain.example.com/chain.pem
keyfile /etc/letsencrypt/live/subdomain.example.com/privkey.pem

If you also use Let’s Encrypt you have to replace “subdomain.example.com” with your own domain name in the path. If you use self-signed SSL certificates, enter the paths to them correctly.

It is important that you keep the previous “listener 1883 localhost” in the configuration file. So you can connect to the broker in the local network without SSL encryption. Port 8883 is then used for external connections. Of course you have to release this in your firewall / router.

Then restart the Mosquitto Broker:

/etc/init.d/mosquitto restart

Conclusion

With Mosquitto you can easily implement an efficient MQTT broker.