├── config ├── conf.d │ ├── websockets.conf │ └── README ├── ca_certificates │ └── README ├── certs │ └── README ├── mosquitto.conf └── mosquitto.conf.example ├── Makefile ├── Dockerfile ├── LICENSE └── README.md /config/conf.d/websockets.conf: -------------------------------------------------------------------------------- 1 | listener 9001 2 | protocol websockets 3 | -------------------------------------------------------------------------------- /config/ca_certificates/README: -------------------------------------------------------------------------------- 1 | Place your SSL/TLS Certificate Authority certificates in this directory. 2 | -------------------------------------------------------------------------------- /config/certs/README: -------------------------------------------------------------------------------- 1 | Place your SSL/TLS server keys and certificates in this directory. 2 | 3 | This directory should only be readable by the mosquitto user. 4 | -------------------------------------------------------------------------------- /config/conf.d/README: -------------------------------------------------------------------------------- 1 | Any files placed in this directory that have a .conf ending will be loaded as 2 | config files by the broker. Use this to make your local config. 3 | -------------------------------------------------------------------------------- /config/mosquitto.conf: -------------------------------------------------------------------------------- 1 | # Place your local configuration in /mqtt/config/conf.d/ 2 | 3 | pid_file /var/run/mosquitto.pid 4 | 5 | persistence true 6 | persistence_location /mqtt/data/ 7 | 8 | user mosquitto 9 | 10 | # Port to use for the default listener. 11 | port 1883 12 | 13 | 14 | log_dest file /mqtt/log/mosquitto.log 15 | log_dest stdout 16 | 17 | include_dir /mqtt/config/conf.d 18 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | DOCKER_IMAGE_VERSION=1.0 2 | DOCKER_IMAGE_NAME=pascaldevink/rpi-mosquitto 3 | DOCKER_IMAGE_TAGNAME=$(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_VERSION) 4 | 5 | default: build 6 | 7 | build: 8 | docker build -t $(DOCKER_IMAGE_TAGNAME) . 9 | docker tag -f $(DOCKER_IMAGE_TAGNAME) $(DOCKER_IMAGE_NAME):latest 10 | 11 | push: 12 | docker push $(DOCKER_IMAGE_NAME) 13 | 14 | test: 15 | docker run --rm $(DOCKER_IMAGE_TAGNAME) /bin/echo "Success." 16 | 17 | rmi: 18 | docker rmi -f $(DOCKER_IMAGE_TAGNAME) 19 | 20 | rebuild: rmi build 21 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # Pull base image 2 | FROM resin/rpi-raspbian:jessie 3 | MAINTAINER Pascal de Vink 4 | 5 | RUN apt-get update && apt-get install -y wget 6 | 7 | RUN wget -q -O - http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key | apt-key add - 8 | RUN wget -q -O /etc/apt/sources.list.d/mosquitto-jessie.list http://repo.mosquitto.org/debian/mosquitto-jessie.list 9 | RUN apt-get update && apt-get install -y mosquitto 10 | 11 | RUN adduser --system --disabled-password --disabled-login mosquitto 12 | 13 | COPY config /mqtt/config 14 | VOLUME ["/mqtt/config", "/mqtt/data", "/mqtt/log"] 15 | 16 | EXPOSE 1883 9001 17 | CMD /usr/sbin/mosquitto -c /mqtt/config/mosquitto.conf 18 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Pascal de Vink 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # rpi-mosquitto 2 | 3 | Raspberry Pi compatible Docker Image with mosquitto MQTT broker. 4 | Based upon [docker-mosquitto](https://github.com/toke/docker-mosquitto). 5 | 6 | ## How to run 7 | 8 | ``` 9 | docker run -tip 1883:1883 -p 9001:9001 pascaldevink/rpi-mosquitto 10 | ``` 11 | 12 | Exposes Port 1883 (MQTT) 9001 (Websocket MQTT) 13 | 14 | Alternatively you can use volumes to make the changes persistent and change the configuration. 15 | ``` 16 | mkdir -p /srv/mqtt/config/ 17 | mkdir -p /srv/mqtt/data/ 18 | mkdir -p /srv/mqtt/log/ 19 | # place your mosquitto.conf in /srv/mqtt/config/ 20 | # NOTE: You have to change the permissions of the directories 21 | # to allow the user to read/write to data and log and read from 22 | # config directory 23 | # For TESTING purposes you can use chmod -R 777 /srv/mqtt/* 24 | # Better use "-u" with a valid user id on your docker host 25 | 26 | docker run -ti -p 1883:1883 -p 9001:9001 \ 27 | -v /srv/mqtt/config:/mqtt/config:ro \ 28 | -v /srv/mqtt/log:/mqtt/log \ 29 | -v /srv/mqtt/data/:/mqtt/data/ \ 30 | --name mqtt pascaldevink/rpi-mosquitto 31 | ``` 32 | 33 | ## How to create this image 34 | 35 | Run all the commands from within the project root directory. 36 | 37 | ### Build the Docker Image 38 | ```bash 39 | make build 40 | ``` 41 | 42 | #### Push the Docker Image to the Docker Hub 43 | * First use a `docker login` with username, password and email address 44 | * Second push the Docker Image to the official Docker Hub 45 | 46 | ```bash 47 | make push 48 | ``` 49 | 50 | ## License 51 | 52 | The MIT License (MIT) 53 | 54 | Copyright (c) 2015 Pascal de Vink 55 | 56 | Permission is hereby granted, free of charge, to any person obtaining a copy 57 | of this software and associated documentation files (the "Software"), to deal 58 | in the Software without restriction, including without limitation the rights 59 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 60 | copies of the Software, and to permit persons to whom the Software is 61 | furnished to do so, subject to the following conditions: 62 | 63 | The above copyright notice and this permission notice shall be included in all 64 | copies or substantial portions of the Software. 65 | 66 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 67 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 68 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 69 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 70 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 71 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 72 | SOFTWARE. 73 | -------------------------------------------------------------------------------- /config/mosquitto.conf.example: -------------------------------------------------------------------------------- 1 | # Config file for mosquitto 2 | # 3 | # See mosquitto.conf(5) for more information. 4 | # 5 | # Default values are shown, uncomment to change. 6 | # 7 | # Use the # character to indicate a comment, but only if it is the 8 | # very first character on the line. 9 | 10 | # ================================================================= 11 | # General configuration 12 | # ================================================================= 13 | 14 | # Time in seconds to wait before resending an outgoing QoS=1 or 15 | # QoS=2 message. 16 | #retry_interval 20 17 | 18 | # Time in seconds between updates of the $SYS tree. 19 | # Set to 0 to disable the publishing of the $SYS tree. 20 | #sys_interval 10 21 | 22 | # Time in seconds between cleaning the internal message store of 23 | # unreferenced messages. Lower values will result in lower memory 24 | # usage but more processor time, higher values will have the 25 | # opposite effect. 26 | # Setting a value of 0 means the unreferenced messages will be 27 | # disposed of as quickly as possible. 28 | #store_clean_interval 10 29 | 30 | # Write process id to a file. Default is a blank string which means 31 | # a pid file shouldn't be written. 32 | # This should be set to /var/run/mosquitto.pid if mosquitto is 33 | # being run automatically on boot with an init script and 34 | # start-stop-daemon or similar. 35 | #pid_file 36 | 37 | # When run as root, drop privileges to this user and its primary 38 | # group. 39 | # Leave blank to stay as root, but this is not recommended. 40 | # If run as a non-root user, this setting has no effect. 41 | # Note that on Windows this has no effect and so mosquitto should 42 | # be started by the user you wish it to run as. 43 | #user mosquitto 44 | 45 | # The maximum number of QoS 1 and 2 messages currently inflight per 46 | # client. 47 | # This includes messages that are partway through handshakes and 48 | # those that are being retried. Defaults to 20. Set to 0 for no 49 | # maximum. Setting to 1 will guarantee in-order delivery of QoS 1 50 | # and 2 messages. 51 | #max_inflight_messages 20 52 | 53 | # The maximum number of QoS 1 and 2 messages to hold in a queue 54 | # above those that are currently in-flight. Defaults to 100. Set 55 | # to 0 for no maximum (not recommended). 56 | # See also queue_qos0_messages. 57 | #max_queued_messages 100 58 | 59 | # Set to true to queue messages with QoS 0 when a persistent client is 60 | # disconnected. These messages are included in the limit imposed by 61 | # max_queued_messages. 62 | # Defaults to false. 63 | # This is a non-standard option for the MQTT v3.1 spec but is allowed in 64 | # v3.1.1. 65 | #queue_qos0_messages false 66 | 67 | # This option sets the maximum publish payload size that the broker will allow. 68 | # Received messages that exceed this size will not be accepted by the broker. 69 | # The default value is 0, which means that all valid MQTT messages are 70 | # accepted. MQTT imposes a maximum payload size of 268435455 bytes. 71 | #message_size_limit 0 72 | 73 | # This option controls whether a client is allowed to connect with a zero 74 | # length client id or not. This option only affects clients using MQTT v3.1.1 75 | # and later. If set to false, clients connecting with a zero length client id 76 | # are disconnected. If set to true, clients will be allocated a client id by 77 | # the broker. This means it is only useful for clients with clean session set 78 | # to true. 79 | #allow_zero_length_clientid true 80 | 81 | # If allow_zero_length_clientid is true, this option allows you to set a prefix 82 | # to automatically generated client ids to aid visibility in logs. 83 | #auto_id_prefix 84 | 85 | # This option allows persistent clients (those with clean session set to false) 86 | # to be removed if they do not reconnect within a certain time frame. 87 | # 88 | # This is a non-standard option in MQTT V3.1 but allowed in MQTT v3.1.1. 89 | # 90 | # Badly designed clients may set clean session to false whilst using a randomly 91 | # generated client id. This leads to persistent clients that will never 92 | # reconnect. This option allows these clients to be removed. 93 | # 94 | # The expiration period should be an integer followed by one of d w m y for 95 | # day, week, month and year respectively. For example 96 | # 97 | # persistent_client_expiration 2m 98 | # persistent_client_expiration 14d 99 | # persistent_client_expiration 1y 100 | # 101 | # The default if not set is to never expire persistent clients. 102 | #persistent_client_expiration 103 | 104 | # If a client is subscribed to multiple subscriptions that overlap, e.g. foo/# 105 | # and foo/+/baz , then MQTT expects that when the broker receives a message on 106 | # a topic that matches both subscriptions, such as foo/bar/baz, then the client 107 | # should only receive the message once. 108 | # Mosquitto keeps track of which clients a message has been sent to in order to 109 | # meet this requirement. The allow_duplicate_messages option allows this 110 | # behaviour to be disabled, which may be useful if you have a large number of 111 | # clients subscribed to the same set of topics and are very concerned about 112 | # minimising memory usage. 113 | # It can be safely set to true if you know in advance that your clients will 114 | # never have overlapping subscriptions, otherwise your clients must be able to 115 | # correctly deal with duplicate messages even when then have QoS=2. 116 | #allow_duplicate_messages false 117 | 118 | # The MQTT specification requires that the QoS of a message delivered to a 119 | # subscriber is never upgraded to match the QoS of the subscription. Enabling 120 | # this option changes this behaviour. If upgrade_outgoing_qos is set true, 121 | # messages sent to a subscriber will always match the QoS of its subscription. 122 | # This is a non-standard option explicitly disallowed by the spec. 123 | #upgrade_outgoing_qos false 124 | 125 | # ================================================================= 126 | # Default listener 127 | # ================================================================= 128 | 129 | # IP address/hostname to bind the default listener to. If not 130 | # given, the default listener will not be bound to a specific 131 | # address and so will be accessible to all network interfaces. 132 | # bind_address ip-address/host name 133 | #bind_address 134 | 135 | # Port to use for the default listener. 136 | #port 1883 137 | 138 | # The maximum number of client connections to allow. This is 139 | # a per listener setting. 140 | # Default is -1, which means unlimited connections. 141 | # Note that other process limits mean that unlimited connections 142 | # are not really possible. Typically the default maximum number of 143 | # connections possible is around 1024. 144 | #max_connections -1 145 | 146 | # ----------------------------------------------------------------- 147 | # Certificate based SSL/TLS support 148 | # ----------------------------------------------------------------- 149 | # The following options can be used to enable SSL/TLS support for 150 | # this listener. Note that the recommended port for MQTT over TLS 151 | # is 8883, but this must be set manually. 152 | # 153 | # See also the mosquitto-tls man page. 154 | 155 | # At least one of cafile or capath must be defined. They both 156 | # define methods of accessing the PEM encoded Certificate 157 | # Authority certificates that have signed your server certificate 158 | # and that you wish to trust. 159 | # cafile defines the path to a file containing the CA certificates. 160 | # capath defines a directory that will be searched for files 161 | # containing the CA certificates. For capath to work correctly, the 162 | # certificate files must have ".crt" as the file ending and you must run 163 | # "c_rehash " each time you add/remove a certificate. 164 | #cafile 165 | #capath 166 | 167 | # Path to the PEM encoded server certificate. 168 | #certfile 169 | 170 | # Path to the PEM encoded keyfile. 171 | #keyfile 172 | 173 | # This option defines the version of the TLS protocol to use for this listener. 174 | # The default value will always be the highest version that is available for 175 | # the version of openssl that the broker was compiled against. For openssl >= 176 | # 1.0.1 the valid values are tlsv1.2 tlsv1.1 and tlsv1. For openssl < 1.0.1 the 177 | # valid values are tlsv1. 178 | #tls_version 179 | 180 | # By default a TLS enabled listener will operate in a similar fashion to a 181 | # https enabled web server, in that the server has a certificate signed by a CA 182 | # and the client will verify that it is a trusted certificate. The overall aim 183 | # is encryption of the network traffic. By setting require_certificate to true, 184 | # the client must provide a valid certificate in order for the network 185 | # connection to proceed. This allows access to the broker to be controlled 186 | # outside of the mechanisms provided by MQTT. 187 | #require_certificate false 188 | 189 | # If require_certificate is true, you may set use_identity_as_username to true 190 | # to use the CN value from the client certificate as a username. If this is 191 | # true, the password_file option will not be used for this listener. 192 | #use_identity_as_username false 193 | 194 | # If you have require_certificate set to true, you can create a certificate 195 | # revocation list file to revoke access to particular client certificates. If 196 | # you have done this, use crlfile to point to the PEM encoded revocation file. 197 | #crlfile 198 | 199 | # If you wish to control which encryption ciphers are used, use the ciphers 200 | # option. The list of available ciphers can be optained using the "openssl 201 | # ciphers" command and should be provided in the same format as the output of 202 | # that command. 203 | # If unset defaults to DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH 204 | #ciphers DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH 205 | 206 | # ----------------------------------------------------------------- 207 | # Pre-shared-key based SSL/TLS support 208 | # ----------------------------------------------------------------- 209 | # The following options can be used to enable PSK based SSL/TLS support for 210 | # this listener. Note that the recommended port for MQTT over TLS is 8883, but 211 | # this must be set manually. 212 | # 213 | # See also the mosquitto-tls man page and the "Certificate based SSL/TLS 214 | # support" section. Only one of certificate or PSK encryption support can be 215 | # enabled for any listener. 216 | 217 | # The psk_hint option enables pre-shared-key support for this listener and also 218 | # acts as an identifier for this listener. The hint is sent to clients and may 219 | # be used locally to aid authentication. The hint is a free form string that 220 | # doesn't have much meaning in itself, so feel free to be creative. 221 | # If this option is provided, see psk_file to define the pre-shared keys to be 222 | # used or create a security plugin to handle them. 223 | #psk_hint 224 | 225 | # Set use_identity_as_username to have the psk identity sent by the client used 226 | # as its username. Authentication will be carried out using the PSK rather than 227 | # the MQTT username/password and so password_file will not be used for this 228 | # listener. 229 | #use_identity_as_username false 230 | 231 | # When using PSK, the encryption ciphers used will be chosen from the list of 232 | # available PSK ciphers. If you want to control which ciphers are available, 233 | # use the "ciphers" option. The list of available ciphers can be optained 234 | # using the "openssl ciphers" command and should be provided in the same format 235 | # as the output of that command. 236 | #ciphers 237 | 238 | # ================================================================= 239 | # Extra listeners 240 | # ================================================================= 241 | 242 | # Listen on a port/ip address combination. By using this variable 243 | # multiple times, mosquitto can listen on more than one port. If 244 | # this variable is used and neither bind_address nor port given, 245 | # then the default listener will not be started. 246 | # The port number to listen on must be given. Optionally, an ip 247 | # address or host name may be supplied as a second argument. In 248 | # this case, mosquitto will attempt to bind the listener to that 249 | # address and so restrict access to the associated network and 250 | # interface. By default, mosquitto will listen on all interfaces. 251 | # listener port-number [ip address/host name] 252 | #listener 253 | 254 | # The maximum number of client connections to allow. This is 255 | # a per listener setting. 256 | # Default is -1, which means unlimited connections. 257 | # Note that other process limits mean that unlimited connections 258 | # are not really possible. Typically the default maximum number of 259 | # connections possible is around 1024. 260 | #max_connections -1 261 | 262 | # The listener can be restricted to operating within a topic hierarchy using 263 | # the mount_point option. This is achieved be prefixing the mount_point string 264 | # to all topics for any clients connected to this listener. This prefixing only 265 | # happens internally to the broker; the client will not see the prefix. 266 | #mount_point 267 | 268 | # ----------------------------------------------------------------- 269 | # Certificate based SSL/TLS support 270 | # ----------------------------------------------------------------- 271 | # The following options can be used to enable certificate based SSL/TLS support 272 | # for this listener. Note that the recommended port for MQTT over TLS is 8883, 273 | # but this must be set manually. 274 | # 275 | # See also the mosquitto-tls man page and the "Pre-shared-key based SSL/TLS 276 | # support" section. Only one of certificate or PSK encryption support can be 277 | # enabled for any listener. 278 | 279 | # At least one of cafile or capath must be defined to enable certificate based 280 | # TLS encryption. They both define methods of accessing the PEM encoded 281 | # Certificate Authority certificates that have signed your server certificate 282 | # and that you wish to trust. 283 | # cafile defines the path to a file containing the CA certificates. 284 | # capath defines a directory that will be searched for files 285 | # containing the CA certificates. For capath to work correctly, the 286 | # certificate files must have ".crt" as the file ending and you must run 287 | # "c_rehash " each time you add/remove a certificate. 288 | #cafile 289 | #capath 290 | 291 | # Path to the PEM encoded server certificate. 292 | #certfile 293 | 294 | # Path to the PEM encoded keyfile. 295 | #keyfile 296 | 297 | # By default an TLS enabled listener will operate in a similar fashion to a 298 | # https enabled web server, in that the server has a certificate signed by a CA 299 | # and the client will verify that it is a trusted certificate. The overall aim 300 | # is encryption of the network traffic. By setting require_certificate to true, 301 | # the client must provide a valid certificate in order for the network 302 | # connection to proceed. This allows access to the broker to be controlled 303 | # outside of the mechanisms provided by MQTT. 304 | #require_certificate false 305 | 306 | # If require_certificate is true, you may set use_identity_as_username to true 307 | # to use the CN value from the client certificate as a username. If this is 308 | # true, the password_file option will not be used for this listener. 309 | #use_identity_as_username false 310 | 311 | # If you have require_certificate set to true, you can create a certificate 312 | # revocation list file to revoke access to particular client certificates. If 313 | # you have done this, use crlfile to point to the PEM encoded revocation file. 314 | #crlfile 315 | 316 | # If you wish to control which encryption ciphers are used, use the ciphers 317 | # option. The list of available ciphers can be optained using the "openssl 318 | # ciphers" command and should be provided in the same format as the output of 319 | # that command. 320 | #ciphers 321 | 322 | # ----------------------------------------------------------------- 323 | # Pre-shared-key based SSL/TLS support 324 | # ----------------------------------------------------------------- 325 | # The following options can be used to enable PSK based SSL/TLS support for 326 | # this listener. Note that the recommended port for MQTT over TLS is 8883, but 327 | # this must be set manually. 328 | # 329 | # See also the mosquitto-tls man page and the "Certificate based SSL/TLS 330 | # support" section. Only one of certificate or PSK encryption support can be 331 | # enabled for any listener. 332 | 333 | # The psk_hint option enables pre-shared-key support for this listener and also 334 | # acts as an identifier for this listener. The hint is sent to clients and may 335 | # be used locally to aid authentication. The hint is a free form string that 336 | # doesn't have much meaning in itself, so feel free to be creative. 337 | # If this option is provided, see psk_file to define the pre-shared keys to be 338 | # used or create a security plugin to handle them. 339 | #psk_hint 340 | 341 | # Set use_identity_as_username to have the psk identity sent by the client used 342 | # as its username. Authentication will be carried out using the PSK rather than 343 | # the MQTT username/password and so password_file will not be used for this 344 | # listener. 345 | #use_identity_as_username false 346 | 347 | # When using PSK, the encryption ciphers used will be chosen from the list of 348 | # available PSK ciphers. If you want to control which ciphers are available, 349 | # use the "ciphers" option. The list of available ciphers can be optained 350 | # using the "openssl ciphers" command and should be provided in the same format 351 | # as the output of that command. 352 | #ciphers 353 | 354 | # ================================================================= 355 | # Persistence 356 | # ================================================================= 357 | 358 | # If persistence is enabled, save the in-memory database to disk 359 | # every autosave_interval seconds. If set to 0, the persistence 360 | # database will only be written when mosquitto exits. See also 361 | # autosave_on_changes. 362 | # Note that writing of the persistence database can be forced by 363 | # sending mosquitto a SIGUSR1 signal. 364 | #autosave_interval 1800 365 | 366 | # If true, mosquitto will count the number of subscription changes, retained 367 | # messages received and queued messages and if the total exceeds 368 | # autosave_interval then the in-memory database will be saved to disk. 369 | # If false, mosquitto will save the in-memory database to disk by treating 370 | # autosave_interval as a time in seconds. 371 | #autosave_on_changes false 372 | 373 | # Save persistent message data to disk (true/false). 374 | # This saves information about all messages, including 375 | # subscriptions, currently in-flight messages and retained 376 | # messages. 377 | # retained_persistence is a synonym for this option. 378 | #persistence false 379 | 380 | # The filename to use for the persistent database, not including 381 | # the path. 382 | #persistence_file mosquitto.db 383 | 384 | # Location for persistent database. Must include trailing / 385 | # Default is an empty string (current directory). 386 | # Set to e.g. /var/lib/mosquitto/ if running as a proper service on Linux or 387 | # similar. 388 | #persistence_location 389 | 390 | # ================================================================= 391 | # Logging 392 | # ================================================================= 393 | 394 | # Places to log to. Use multiple log_dest lines for multiple 395 | # logging destinations. 396 | # Possible destinations are: stdout stderr syslog topic file 397 | # 398 | # stdout and stderr log to the console on the named output. 399 | # 400 | # syslog uses the userspace syslog facility which usually ends up 401 | # in /var/log/messages or similar. 402 | # 403 | # topic logs to the broker topic '$SYS/broker/log/', 404 | # where severity is one of D, E, W, N, I, M which are debug, error, 405 | # warning, notice, information and message. Message type severity is used by 406 | # the subscribe/unsubscribe log_types and publishes log messages to 407 | # $SYS/broker/log/M/susbcribe or $SYS/broker/log/M/unsubscribe. 408 | # 409 | # The file destination requires an additional parameter which is the file to be 410 | # logged to, e.g. "log_dest file /var/log/mosquitto.log". The file will be 411 | # closed and reopened when the broker receives a HUP signal. Only a single file 412 | # destination may be configured. 413 | # 414 | # Note that if the broker is running as a Windows service it will default to 415 | # "log_dest none" and neither stdout nor stderr logging is available. 416 | # Use "log_dest none" if you wish to disable logging. 417 | #log_dest stderr 418 | 419 | # Types of messages to log. Use multiple log_type lines for logging 420 | # multiple types of messages. 421 | # Possible types are: debug, error, warning, notice, information, 422 | # none, subscribe, unsubscribe, all. 423 | # Note that debug type messages are for decoding the incoming/outgoing 424 | # network packets. They are not logged in "topics". 425 | #log_type error 426 | #log_type warning 427 | #log_type notice 428 | #log_type information 429 | 430 | # If set to true, client connection and disconnection messages will be included 431 | # in the log. 432 | #connection_messages true 433 | 434 | # If set to true, add a timestamp value to each log message. 435 | #log_timestamp true 436 | 437 | # ================================================================= 438 | # Security 439 | # ================================================================= 440 | 441 | # If set, only clients that have a matching prefix on their 442 | # clientid will be allowed to connect to the broker. By default, 443 | # all clients may connect. 444 | # For example, setting "secure-" here would mean a client "secure- 445 | # client" could connect but another with clientid "mqtt" couldn't. 446 | #clientid_prefixes 447 | 448 | # Boolean value that determines whether clients that connect 449 | # without providing a username are allowed to connect. If set to 450 | # false then a password file should be created (see the 451 | # password_file option) to control authenticated client access. 452 | # Defaults to true. 453 | #allow_anonymous true 454 | 455 | # In addition to the clientid_prefixes, allow_anonymous and TLS 456 | # authentication options, username based authentication is also 457 | # possible. The default support is described in "Default 458 | # authentication and topic access control" below. The auth_plugin 459 | # allows another authentication method to be used. 460 | # Specify the path to the loadable plugin and see the 461 | # "Authentication and topic access plugin options" section below. 462 | #auth_plugin 463 | 464 | # ----------------------------------------------------------------- 465 | # Default authentication and topic access control 466 | # ----------------------------------------------------------------- 467 | 468 | # Control access to the broker using a password file. This file can be 469 | # generated using the mosquitto_passwd utility. If TLS support is not compiled 470 | # into mosquitto (it is recommended that TLS support should be included) then 471 | # plain text passwords are used, in which case the file should be a text file 472 | # with lines in the format: 473 | # username:password 474 | # The password (and colon) may be omitted if desired, although this 475 | # offers very little in the way of security. 476 | # 477 | # See the TLS client require_certificate and use_identity_as_username options 478 | # for alternative authentication options. 479 | #password_file 480 | 481 | # Access may also be controlled using a pre-shared-key file. This requires 482 | # TLS-PSK support and a listener configured to use it. The file should be text 483 | # lines in the format: 484 | # identity:key 485 | # The key should be in hexadecimal format without a leading "0x". 486 | #psk_file 487 | 488 | # Control access to topics on the broker using an access control list 489 | # file. If this parameter is defined then only the topics listed will 490 | # have access. 491 | # If the first character of a line of the ACL file is a # it is treated as a 492 | # comment. 493 | # Topic access is added with lines of the format: 494 | # 495 | # topic [read|write] 496 | # 497 | # The access type is controlled using "read" or "write". This parameter 498 | # is optional - if not given then the access is read/write. 499 | # can contain the + or # wildcards as in subscriptions. 500 | # 501 | # The first set of topics are applied to anonymous clients, assuming 502 | # allow_anonymous is true. User specific topic ACLs are added after a 503 | # user line as follows: 504 | # 505 | # user 506 | # 507 | # The username referred to here is the same as in password_file. It is 508 | # not the clientid. 509 | # 510 | # 511 | # If is also possible to define ACLs based on pattern substitution within the 512 | # topic. The patterns available for substition are: 513 | # 514 | # %c to match the client id of the client 515 | # %u to match the username of the client 516 | # 517 | # The substitution pattern must be the only text for that level of hierarchy. 518 | # 519 | # The form is the same as for the topic keyword, but using pattern as the 520 | # keyword. 521 | # Pattern ACLs apply to all users even if the "user" keyword has previously 522 | # been given. 523 | # 524 | # If using bridges with usernames and ACLs, connection messages can be allowed 525 | # with the following pattern: 526 | # pattern write $SYS/broker/connection/%c/state 527 | # 528 | # pattern [read|write] 529 | # 530 | # Example: 531 | # 532 | # pattern write sensor/%u/data 533 | # 534 | #acl_file 535 | 536 | # ----------------------------------------------------------------- 537 | # Authentication and topic access plugin options 538 | # ----------------------------------------------------------------- 539 | 540 | # If the auth_plugin option above is used, define options to pass to the 541 | # plugin here as described by the plugin instructions. All options named 542 | # using the format auth_opt_* will be passed to the plugin, for example: 543 | # 544 | # auth_opt_db_host 545 | # auth_opt_db_port 546 | # auth_opt_db_username 547 | # auth_opt_db_password 548 | 549 | 550 | # ================================================================= 551 | # Bridges 552 | # ================================================================= 553 | 554 | # A bridge is a way of connecting multiple MQTT brokers together. 555 | # Create a new bridge using the "connection" option as described below. Set 556 | # options for the bridges using the remaining parameters. You must specify the 557 | # address and at least one topic to subscribe to. 558 | # Each connection must have a unique name. 559 | # The address line may have multiple host address and ports specified. See 560 | # below in the round_robin description for more details on bridge behaviour if 561 | # multiple addresses are used. 562 | # The direction that the topic will be shared can be chosen by 563 | # specifying out, in or both, where the default value is out. 564 | # The QoS level of the bridged communication can be specified with the next 565 | # topic option. The default QoS level is 0, to change the QoS the topic 566 | # direction must also be given. 567 | # The local and remote prefix options allow a topic to be remapped when it is 568 | # bridged to/from the remote broker. This provides the ability to place a topic 569 | # tree in an appropriate location. 570 | # For more details see the mosquitto.conf man page. 571 | # Multiple topics can be specified per connection, but be careful 572 | # not to create any loops. 573 | # If you are using bridges with cleansession set to false (the default), then 574 | # you may get unexpected behaviour from incoming topics if you change what 575 | # topics you are subscribing to. This is because the remote broker keeps the 576 | # subscription for the old topic. If you have this problem, connect your bridge 577 | # with cleansession set to true, then reconnect with cleansession set to false 578 | # as normal. 579 | #connection 580 | #address [:] [[:]] 581 | #topic [[[out | in | both] qos-level] local-prefix remote-prefix] 582 | 583 | # If the bridge has more than one address given in the address/addresses 584 | # configuration, the round_robin option defines the behaviour of the bridge on 585 | # a failure of the bridge connection. If round_robin is false, the default 586 | # value, then the first address is treated as the main bridge connection. If 587 | # the connection fails, the other secondary addresses will be attempted in 588 | # turn. Whilst connected to a secondary bridge, the bridge will periodically 589 | # attempt to reconnect to the main bridge until successful. 590 | # If round_robin is true, then all addresses are treated as equals. If a 591 | # connection fails, the next address will be tried and if successful will 592 | # remain connected until it fails 593 | #round_robin false 594 | 595 | # Set the client id for this bridge connection. If not defined, 596 | # this defaults to 'name.hostname' where name is the connection 597 | # name and hostname is the hostname of this computer. 598 | #clientid 599 | 600 | # Set the clean session variable for this bridge. 601 | # When set to true, when the bridge disconnects for any reason, all 602 | # messages and subscriptions will be cleaned up on the remote 603 | # broker. Note that with cleansession set to true, there may be a 604 | # significant amount of retained messages sent when the bridge 605 | # reconnects after losing its connection. 606 | # When set to false, the subscriptions and messages are kept on the 607 | # remote broker, and delivered when the bridge reconnects. 608 | #cleansession false 609 | 610 | # If set to true, publish notification messages to the local and remote brokers 611 | # giving information about the state of the bridge connection. Retained 612 | # messages are published to the topic $SYS/broker/connection//state 613 | # unless the notification_topic option is used. 614 | # If the message is 1 then the connection is active, or 0 if the connection has 615 | # failed. 616 | #notifications true 617 | 618 | # Choose the topic on which notification messages for this bridge are 619 | # published. If not set, messages are published on the topic 620 | # $SYS/broker/connection//state 621 | #notification_topic 622 | 623 | # Set the keepalive interval for this bridge connection, in 624 | # seconds. 625 | #keepalive_interval 60 626 | 627 | # Set the start type of the bridge. This controls how the bridge starts and 628 | # can be one of three types: automatic, lazy and once. Note that RSMB provides 629 | # a fourth start type "manual" which isn't currently supported by mosquitto. 630 | # 631 | # "automatic" is the default start type and means that the bridge connection 632 | # will be started automatically when the broker starts and also restarted 633 | # after a short delay (30 seconds) if the connection fails. 634 | # 635 | # Bridges using the "lazy" start type will be started automatically when the 636 | # number of queued messages exceeds the number set with the "threshold" 637 | # parameter. It will be stopped automatically after the time set by the 638 | # "idle_timeout" parameter. Use this start type if you wish the connection to 639 | # only be active when it is needed. 640 | # 641 | # A bridge using the "once" start type will be started automatically when the 642 | # broker starts but will not be restarted if the connection fails. 643 | #start_type automatic 644 | 645 | # Set the amount of time a bridge using the automatic start type will wait 646 | # until attempting to reconnect. Defaults to 30 seconds. 647 | #restart_timeout 30 648 | 649 | # Set the amount of time a bridge using the lazy start type must be idle before 650 | # it will be stopped. Defaults to 60 seconds. 651 | #idle_timeout 60 652 | 653 | # Set the number of messages that need to be queued for a bridge with lazy 654 | # start type to be restarted. Defaults to 10 messages. 655 | # Must be less than max_queued_messages. 656 | #threshold 10 657 | 658 | # If try_private is set to true, the bridge will attempt to indicate to the 659 | # remote broker that it is a bridge not an ordinary client. If successful, this 660 | # means that loop detection will be more effective and that retained messages 661 | # will be propagated correctly. Not all brokers support this feature so it may 662 | # be necessary to set try_private to false if your bridge does not connect 663 | # properly. 664 | #try_private true 665 | 666 | # Set the username to use when connecting to an MQTT v3.1 broker 667 | # that requires authentication. 668 | #username 669 | 670 | # Set the password to use when connecting to an MQTT v3.1 broker 671 | # that requires authentication. This option is only used if 672 | # username is also set. 673 | #password 674 | 675 | # Set the username to use on the local broker. 676 | #local_username 677 | 678 | # Set the password to use on the local broker. 679 | # This option is only used if local_username is also set. 680 | #local_password 681 | 682 | # ----------------------------------------------------------------- 683 | # Certificate based SSL/TLS support 684 | # ----------------------------------------------------------------- 685 | # Either bridge_cafile or bridge_capath must be defined to enable TLS support 686 | # for this bridge. 687 | # bridge_cafile defines the path to a file containing the 688 | # Certificate Authority certificates that have signed the remote broker 689 | # certificate. 690 | # bridge_capath defines a directory that will be searched for files containing 691 | # the CA certificates. For bridge_capath to work correctly, the certificate 692 | # files must have ".crt" as the file ending and you must run "c_rehash " each time you add/remove a certificate. 694 | #bridge_cafile 695 | #bridge_capath 696 | 697 | # Path to the PEM encoded client certificate, if required by the remote broker. 698 | #bridge_certfile 699 | 700 | # Path to the PEM encoded client private key, if required by the remote broker. 701 | #bridge_keyfile 702 | 703 | # When using certificate based encryption, bridge_insecure disables 704 | # verification of the server hostname in the server certificate. This can be 705 | # useful when testing initial server configurations, but makes it possible for 706 | # a malicious third party to impersonate your server through DNS spoofing, for 707 | # example. Use this option in testing only. If you need to resort to using this 708 | # option in a production environment, your setup is at fault and there is no 709 | # point using encryption. 710 | #bridge_insecure false 711 | 712 | # ----------------------------------------------------------------- 713 | # PSK based SSL/TLS support 714 | # ----------------------------------------------------------------- 715 | # Pre-shared-key encryption provides an alternative to certificate based 716 | # encryption. A bridge can be configured to use PSK with the bridge_identity 717 | # and bridge_psk options. These are the client PSK identity, and pre-shared-key 718 | # in hexadecimal format with no "0x". Only one of certificate and PSK based 719 | # encryption can be used on one 720 | # bridge at once. 721 | #bridge_identity 722 | #bridge_psk 723 | 724 | 725 | # ================================================================= 726 | # External config files 727 | # ================================================================= 728 | 729 | # External configuration files may be included by using the 730 | # include_dir option. This defines a directory that will be searched 731 | # for config files. All files that end in '.conf' will be loaded as 732 | # a configuration file. It is best to have this as the last option 733 | # in the main file. This option will only be processed from the main 734 | # configuration file. The directory specified must not contain the 735 | # main configuration file. 736 | #include_dir 737 | 738 | # ================================================================= 739 | # Unsupported rsmb options - for the future 740 | # ================================================================= 741 | 742 | #addresses 743 | #round_robin 744 | 745 | # ================================================================= 746 | # rsmb options - unlikely to ever be supported 747 | # ================================================================= 748 | 749 | #ffdc_output 750 | #max_log_entries 751 | #trace_level 752 | #trace_output 753 | --------------------------------------------------------------------------------