How Can We Help?

Print

How to install a Cloud MQTT Broker on a VPS (Virtual Private Server)

 

This tutorial is useful for setting up a Cloud MQTT Broker on an VPS (Virtual Private Server) for testing and deploying your MQTT projects.

With this type of MQTT broker, you are independent, its availability is 99.99% and its cost is very affordable.
The cost of a VPS is approximately 1€ to 4€ /month. We use those of Ionos. (and select Servers > VPS Hosting)

You can also chose a ready to use MQTT Broker on Internet or an Android app like MQTT Broker (for testing).

Test our MQTT Broker

Before you start, you can test our MQTT broker with an uptime of 99.99% (availability)

  • Install on your Widnows PC a MQTT Client: MQTT Explorer
  • Setup a new connection
  • Host = aceautomation.ddns.net or 101b7a0.online-server.cloud
  • Port = 1883
  • Username = aceautomation
  • Password = (Please contact us to obtain it – This MQTT server is a test broker for our customers, not for permanent use)
  • Connect !

Select the right VPS from your provider of your choose

The cost of a VPS is approximately 1€ to 4€ /month. You can open an account with Ionos and select VPS cloud hosting.

  • Linux (Debian or similare)
  • CPU: 1 vCore or more, RAM: 0.5 Go or more, SSD: 10 Go or more

Firewall Policies

Via the Dashboard of your VPS, add the 1883 TCP port for the MQTT Broker

The other ports are there by default. You will need the TCP port 22 for a SSH access. The other ones are not used.

Connect to the VPS Server via SSH

You can use PuTTY as an SSH Client to connect.
Enter your Host Name or IP and  22 as port, and connect.
The login (root or admin ?) and password are those provided by your VPS provider.

Install MQTT Broker

Let’s install the Mosquitto MQTT Broker.

Enter the commands:
sudo apt update
sudo apt install -y mosquitto

The MQTT broker service will start automatically after the installation has completed.

Installation status of Mosquitto Broker

Enter the commands: sudo systemctl status mosquitto for checking the Mosquitto MQTT installation : Ensure the package is “Loaded: …” and “Active: …”

Optional: Test locally the Mosquitto Broker

You can also install the mosquitto client if you wish. This can be useful for testing the MQTT broker on the server itself.

  • Enter the commands: sudo apt-get install mosquitto-clients and confirm installation
  • Open a second command-line interface (CLI) using PuTTY
    • subscribe to a test topic named “mymqtttesttopic” by entering: mosquitto_sub -h localhost -t mymqtttesttopic
    • Then, publish a message from the other terminal: mosquitto_pub -h localhost -t mymqtttesttopic -m "Sent from my own MQTT Broker"
    • If the installation is properly working, the subscribe terminal will receive the message:

Stop, Run and Restart Mosquitto

The MQTT broker service started automatically after the installation was completed, but it is useful to know these command, especially after modifying the Mosquitto configuration file:

Stop the MQTT Server service: sudo systemctl stop mosquitto
Start the MQTT Server service: sudo systemctl start mosquitto
Restart the MQTT Server service: sudo systemctl restart mosquitto

Secure the MQTT Server

MQTT Server reads configuration information from the following location: /etc/mosquitto/conf.d

Create a default.conf under the directory:

sudo nano /etc/mosquitto/conf.d/default.conf

You are in text editor. It will maybe ask you for your password for SSH user

Paste the information below to disable anonymous connections and allow Mosquitto to read valid credentials from the /etc/mosquitto/passwd file:

allow_anonymous false
password_file /etc/mosquitto/passwd
listener 1883

  • [Ctrl] + [X]
  • [Y]
  • [Enter] to save the file in /etc/mosquitto/conf.d/default.conf

Add a Password to the MQTT Broker

Replace USER by your username in this commands and execute:

sudo mosquitto_passwd -c /etc/mosquitto/passwd USER

It will ask twice the new password

Restart the mosquitto service to load the new changes:

sudo systemctl restart mosquitto

Connect a MQTT Client

You can use MQTT Explorer as MQTT Client

Host = IP address or DNS host name
Port = 1883
Username = USER you have chosen in the previous section
Password = PASSWORD that you also chose in the previous section

Add multiple users without them being able to see each other’s topics

For each user

Add user2 :


sudo mosquitto_passwd /etc/mosquitto/passwd user2

Creating the ACL (Access Control List) file. This file defines what each user can do


sudo nano /etc/mosquitto/acl_file

Add these lines:

user user2
topic read write user2/#

This allows each user to read and write only to topics starting with their username.

  • [Ctrl] + [X]
  • [Y]
  • [Enter] to save the file in /etc/mosquitto/acl_file
Modifying Mosquitto’s configuration

Edit the main config file:

sudo nano /etc/mosquitto/mosquitto.conf

Add or modify these lines:

allow_anonymous false
password_file /etc/mosquitto/passwd_file
acl_file /etc/mosquitto/acl_file

This tells Mosquitto to use your password and ACL files, and disallow anonymous access.

Restart the MQTT Server service:

sudo systemctl restart mosquitto