jeans/home-assistant.io
jeans/home-assistant.io
1
0
Fork 0
mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-05-17 00:18:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
home-assistant.io/source/_addons/mosquitto.markdown
jma89 5966611f26 Clarify MQTT Advanced Configuration (#6192) 
Properly describe the flag that needs to be changed and provide additional info on where the .conf files need to live. (Information that took me far longer than necessary to figure out.)
2018-09-04 08:51:01 +02:00

3.2 KiB
Raw Blame History

layout, title, description, date, sidebar, comments, sharing, footer, featured
layout title description date sidebar comments sharing footer featured
page Mosquitto MQTT broker Fast and reliable MQTT broker. 2017-04-30 13:28 true false true true true

Set up Mosquitto as MQTT broker.

{
  "plain": true,
  "ssl": false,
  "anonymous": true,
  "logins": [
    {"username": "testuser", "password": "mypw"},
    {"username": "testuser2", "password": "mypw2"}
  ],
  "customize": {
    "active": false,
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

Make sure you use logins and disable anonymous access if you want to secure the system.

Configuration variables:

  • plain (Optional): Listen on port 1883 without SSL/TLS. Defaults to true.
  • ssl (Optional): Listen on port 8883 with SSL/TLS. This requires certificates. Defaults to false.
  • anonymous (Optional): Allow anonymous connections. If logins is set, the anonymous user can only read data. Defaults to true.
  • logins (Optional): A list of users that will be created with username and password.
  • customize (Optional): If you enable it, it reads additional configuration files (*.conf) from /share/mosquitto.

{% linkable_title Home Assistant configuration %}

To use the Mosquitto as broker, add the following entry to the configuration.yaml file.

# Example configuration.yaml entry
mqtt:
  broker: core-mosquitto

If username and password are set up in add-on, your configuration.yaml file should contain that data.

mqtt:
  broker: core-mosquitto
  username: YOUR_USERNAME
  password: YOUR_PASSWORD

{% linkable_title Listening simultaneously on SSL/TLS (8883) and insecure (1883) ports %}

  1. Configure SSL/TLS as normal.
  2. Set customize flag to true in your configuration.
  3. Create a file in /share/mosquitto named insecure.conf with the following contents:
listener 1883
protocol mqtt
  1. Restart MQTT

It's recommended that you only open your firewall to the SSL/TLS port (8883) and only use the insecure port (1883) for local devices. Also, disable `anonymous:` and set `logins:`.

{% linkable_title Access Control Lists (ACLs) %}

It is possible to restrict access to topics based upon the user logged in to Mosquitto. In this scenario it is recommended to create individual users for each of your clients and create an appropriate ACL.

See the following links for more information:

Add the following configuration to enable ACLs:

  1. Set the active flag within the customize section to true in your configuration.
  2. Create a file in /share/mosquitto named acl.conf with the following contents:
acl_file /share/mosquitto/accesscontrollist
  1. Create a file in /share/mosquitto named accesscontrollist and add contents according to your requirements.

The /share folder can be found on the host filesystem under /usr/share/hassio/share, or via the Share folder through SMB (Samba).