Rick Carlino

Personal blog of Rick Carlino, senior software engineer at Qualia Labs, co-founder of Fox.Build Makerspace. Former co-founder of FarmBot.

Stack Overflow Reddit Linkedin Github Stack Overflow RSS

Provisioning and Securing a 5 dollar MQTT Server

This are personal notes that I share with members of my makerspace.

You can find a more informative version of this tutorial here.

Create a Vultr Instance

Install Micro, the best editor ever:

snap install micro --classic

Disable Password Logins for security:

sudo vi /etc/ssh/sshd_config

then edit these:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

reload SSH:

sudo systemctl reload ssh

Install Mosquitto

sudo apt-get install mosquitto mosquitto-clients --yes
#

SSL Certificates

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update --yes
sudo apt-get install certbot
sudo certbot certonly --standalone --standalone-supported-challenges http-01 -d myhost.com
sudo crontab -e
# Add this to crontab:
15 3 * * * certbot renew --noninteractive --post-hook "systemctl restart mosquitto"

Add this to /etc/mosquitto/conf.d/default.conf:

listener 1883 localhost
listener 8883
certfile /etc/letsencrypt/live/____YOUR_HOST_HERE___/cert.pem
cafile /etc/letsencrypt/live/____YOUR_HOST_HERE___/chain.pem
keyfile /etc/letsencrypt/live/____YOUR_HOST_HERE___/privkey.pem

And then sudo systemctl restart mosquitto

Setup Password for User "fred"

sudo mosquitto_passwd -c /etc/mosquitto/passwd fred
# Force password usage:
sudo nano /etc/mosquitto/conf.d/default.conf
# Disable `allow_anonymous` and set `password_file` to `/etc/mosquitto/passwd`
sudo systemctl restart mosquitto
# Make sure it worked:
mosquitto_sub -h localhost -t test -u "fred" -P "password"

WebSockets

If you enjoyed this article, please consider sharing it on sites like Hacker News or Lobsters.