I am working on a MQTT project using local mosquitto broker.
Currently for testing, I want my broker to require authentication even from same machine clients. But it looks like the broker is allowing them even if they don't have the username or the password.
my mosquitto.conf:
allow_anonymous true
password_file C:\Documents\...\password_file.txt
For Mosquitto v2.0.x and newer just remove the allow_anonymous true or set it to false (for previous versions)
When set to true mosquitto will allow clients to connect without a username or password.
Writing this for others who may be in the same situation as I was.
mosquitto.exe -v -c mosquitto.conf
solved the problem.
Related
I have a virtual machine that is supposed to be the host, which can receive and send data. The first picture is the error that I'm getting on my main machine (from which I'm trying to send data from). The second picture is the mosquitto log on my virtual machine. Also I'm using the default config, which as far as I know can't cause these problems, at least from what I have seen from other examples. I have very little understanding on how all of this works, so any help is appreciated.
What I have tried on the host machine:
Disabling Windows defender
Adding firewall rules for "mosquitto.exe"
Installing mosquitto on a linux machine
Starting with the release of Mosquitto version 2.0.0 (you are running v2.0.2) the default config will only bind to localhost as a move to a more secure default posture.
If you want to be able to access the broker from other machines you will need to explicitly edit the config files to either add a new listener that binds to the external IP address (or 0.0.0.0) or add a bind entry for the default listener.
By default it will also only allow anonymous connections (without username/password) from localhost, to allow anonymous from remote add:
allow_anonymous true
More details can be found in the 2.0 release notes here
You have to run with
mosquitto -c mosquitto.conf
mosquitto.conf, which exists in the folder same with execution file exists (C:\Program Files\mosquitto etc.), have to include following line.
listener 1883 ip_address_of_the_machine(192.168.1.1 etc.)
By default, the Mosquitto broker will only accept connections from clients on the local machine (the server hosting the broker).
Therefore, a custom configuration needs to be used with your instance of Mosquitto in order to accept connections from remote clients.
On your Windows machine, run a text editor as administrator and paste the following text:
listener 1883
allow_anonymous true
This creates a listener on port 1883 and allows anonymous connections. By default the number of connections is infinite. Save the file to "C:\Program Files\Mosquitto" using a file name with the ".conf" extension such as "your_conf_file.conf".
Open a terminal window and navigate to the mosquitto directory. Run the following command:
mosquitto -v -c your_conf_file.conf
where
-c : specify the broker config file.
-v : verbose mode - enable all logging types. This overrides
any logging options given in the config file.
I found I had to add, not only bind_address ip_address but also had to set allow_anonymous true before devices could connect successfully to MQTT. Of course I understand that a better option would be to set user and password on each device. But that's a next step after everything actually works in the minimum configuration.
For those who use mosquitto with homebrew on Mac.
Adding these two lines to /opt/homebrew/Cellar/mosquitto/2.0.15/etc/mosquitto/mosquitto.conf fixed my issue.
allow_anonymous true
listener 1883
you can run it with the included 'no-auth' config file like so:
mosquitto -c /mosquitto-no-auth.conf
I had the same problem while running it inside docker container (generated with docker-compose).
In docker-compose.yml file this is done with:
command: mosquitto -c /mosquitto-no-auth.conf
I am running mosquitto on a raspberry pi and it all functions fine with an ethernet connection. I have two listeners, one limited to localhost for most of the functionality and another limited to the vpn ip address so that I can do some administration over vpn, all others are then excluded. The problem is that once this device goes out into the world it may or may not have an internet connection, but if the internet connection is not there, the vpn address does not exist and mosquitto fails to start.
I am using mosquitto v2.0.4, but I can update if required.
Does anyone have any suggestions on how I can solve this?
per_listener_settings true
retain_available true
log_dest stdout
listener 1883 localhost
allow_anonymous true
listener 1886 10.8.0.100
max_connections 1
allow_anonymous true
No, if you specify a listener for a non existent IP address then mosquitto will fail to start.
The solution is probably to specify a listener without an IP address (so it will bind to 0.0.0.0 and be available on all listeners) and rely on suitable authentication to limit access rather than the connection arriving on a specific interface.
If really needed you can use the firewall on the device to filter connections to that port to only be allowed from a specific subnet that matches that configured for the VPN.
I'm trying to use mosquitto to bridge 2 other mqtt servers.
EXTERNAL > MOSQUITTO > INTERNAL
Internal requires a Username to be set. Is it possible to forward the username that is used to connect to MOSQUITTO to be forwarded to INTERNAL as well?
# connection internal
connection internal
address internal:1883
topic # out 0
topic # in 0
No, bridges are a one time thing, you do not get a bridge per connected user.
You can specify a username/password for (each end) of a bridge connection using the remote_username, remote_password, local_username and local_password config options as described in the mosquitto.conf man page.
The local_ prefix are useful to ensure that ACLs are followed for connections and when allow_anonymous false is set.
In my current setup i read data using ebusd from my heating system which works perfectly fine. In the next step i'd like to send this data to a Google IoT Core Device. Unfortunately ebusd does not support setting the clientid externally.
To circumvent this i installed a local Mosquitto Broker which accepts unsecured messages in my Raspberry Pi and shall bridge them to the Google IoT Core Broker. Here is how i configured my local Mosquitto Broker:
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_type all
log_dest file /var/log/mosquitto/mosquitto.log
# Goolge IoT Core Configuration
connection bridge-to-gcp
address mqtt.googleapis.com:8883
bridge_attempt_unsubscribe false
bridge_certfile /home/pi/certificates/rsa_cert.pem
bridge_keyfile /home/pi/certificates/rsa_private.pem
bridge_cafile /home/pi/certificates/roots.pem
bridge_protocol_version mqttv311
bridge_insecure false
tls_version tlsv1.2
try_private true
start_type automatic
cleansession true
notifications false
local_clientid local-to-remote-gcp-bridge
remote_username unused
remote_password <JWT Token generated using jwt.io>
remote_clientid projects/project-251313/locations/europe-west1/registries/prot/devices/ebusd12345
topic # both
include_dir /etc/mosquitto/conf.d
Although this setup works with AWS IoT with Google Cloud IoT i get
1542622526: Connecting bridge bridge-to-gcp (mqtt.googleapis.com:8883)
1542622526: Bridge projects/project-251313/locations/europe-west1/registries/prot/devices/ebusd12345 sending CONNECT
1542622526: Socket error on client local.projects/project-251313/locations/europe-west1/registries/prot/devices/ebusd12345, disconnecting.
After googling some time i found this blog (see http://community.onion.io/topic/2858/omega-onion-connecting-to-cloud-cloud-iot/2) which states that Google Cloud IoT Core does not support connections by "sub-brokers" but i didn't find a second statement claiming the same.
Can anybody either confirm that i am trying to do something impossible or please help with with configuring the broker properly?
I reached out to the author of that blog and other people who work on Cloud IoT Core and unfortunately it seems like MQTT bridging indeed is currently not supported. In the meantime, it seems like you're in contact with the ebusd owner on Github to add a configurable clientid feature, which would be a good temporary fix.
With that said, we have a feature that will be going into beta soon that will help you address this kind of issue specifically, so stay tuned!
I recently upgraded and updated my Mosquitto Broker to 1.4.15 on Raspberry-pi3. It works as expected. However, every time I enable and set cleansession to true in the Mosquitto.Conf file, Mosquitto broker refuses to start. As soon as I comment out or disable cleansession, Mosquitto broker starts up immediately by its service. The reason I need to set this to true is because I want the Mosquitto Broker to clean up any disconnected clients' session. So that the same client can reconnect again to the broker. Am I doing this right? or Is there another Mosquitto Broker's feature that I can use in place of cleansession?
The cleansession flag in the mosquitto.conf is to control what options mosquitto uses when it connects to remote brokers as a client when setting up a bridge.
If you want your clients to connect with a clean session then you need to set that option in your client library when setting up the connection not on the broker.