一、概述

Eclipse Mosquitto is an open source (EPL/EDL licensed) message broker that implements the MQTT protocol versions 3.1 and 3.1.1. Mosquitto is lightweight and is suitable for use on all devices from low power single board computers to full servers.

The MQTT protocol provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for Internet of Things messaging such as with low power sensors or mobile devices such as phones, embedded computers or microcontrollers.

The Mosquitto project also provides a C library for implementing MQTT clients, and the very popular mosquitto_pub and mosquitto_sub command line MQTT clients.

Mosquitto is part of the Eclipse Foundation and is an iot.eclipse.org project.

二、安装(linux-debian)

1.apt安装

• 更新apt

apt-get update

• 查询mosquitto packages

apt-cache search mosquitto

root@cms /home/workspace # apt-cache search mosquitto

libmosquitto-dev - MQTT version 3.1/3.1.1 client library, development files
libmosquitto1 - MQTT version 3.1/3.1.1 client library
libmosquitto1-dbg - debugging symbols for libmosquitto binaries
libmosquittopp-dev - MQTT version 3.1 client C++ library, development files
libmosquittopp1 - MQTT version 3.1/3.1.1 client C++ library
libmosquittopp1-dbg - debugging symbols for libmosquittopp binaries
mosquitto - MQTT version 3.1/3.1.1 compatible message broker
mosquitto-clients - Mosquitto command line MQTT clients
mosquitto-dbg - debugging symbols for mosquitto binaries
mosquitto-dev - Development files for Mosquitto
mosquitto-auth-plugin - Authentication plugin for Mosquitto with multiple back-ends

• 安装mosquitto

apt-get install mosquitto

2.安装扩展工具

• mosquitto-clients, 命令行工具

apt-get install mosquitto-clients

安装完成在命令行有两个命令mosquitto_sub , mosquitto_pub， 可用来订阅/发布信息

三、配置

安装完成后， 配置文件都在/etc/mosquitto目录下

root@cms /etc/mosquitto # ls
ca_certificates  certs  conf.d  mosquitto.conf

1.用户密码相关配置

1.1、配置用户验证信息

• 创建目录/etc/mosquitto/files用于统一存放一些配置文件

mkdir files

• 在conf.d目录下创建用户验证配置文件

vim users.conf

 # users for connect mqtt broker and verity pwfile

 # 允许匿名登录 defaults to true.
 allow_anonymous false
 # 密码文件
 password_file /etc/mosquitto/files/userpw
 # 用户访问控制策略表
 acl_file /etc/mosquitto/files/acl

1.2、添加用户密码信息

• 创建用户

root@cms /etc/mosquitto # mosquitto_passwd -c /etc/mosquitto/files/userpw username1
Password:
Reenter password:
root@cms /etc/mosquitto #

完后会在/etc/mosquitto/files目录下生成名userpw文件，里边即是用户信息

root@cms /etc/mosquitto/files # cat userpw
username1:$6$4ee29JiXCX4f1j5u$uKxINLtA4iPQhyM9OJOdOYzEv18ZsliVXLq2g4DcmVJ94d4dXrUk/NWBLfOxINZQKsRwbH1Ctcu3RZ1sYc2U1A==

• 增加用户

root@cms /etc/mosquitto # mosquitto_passwd /etc/mosquitto/files/userpw username2
Password:
Reenter password:
root@cms /etc/mosquitto #

1.3、添加访问控制列表文件，并分配topic和用户的权限关系

• 创建acl文件

 # access control info for clients with username1

 # this affects clients with username 'username1'
 user username1
 topic write /test/#
 topic read /test/#

1.4、重启mosquitto

systemctl restart mosquitto.service

2.SSL/TLS证书加密配置

2.1、配置.conf信息

在conf.d目录下创建SSL证书验证配置文件

vim certs.conf

 port 8883
 # 是否需要提供证书，如果为ture,则use_identity_as_username必须为true
 require_certificate false
 # cafile：CA证书文件
 cafile /etc/mosquitto/ca_certificates/myca.crt

 # certfile：PEM证书文件
 certfile /etc/mosquitto/certs/mqbroker.crt

 # keyfile：PEM密钥文件
 keyfile /etc/mosquitto/certs/mqbroker.key
 ~
 ~
 ~
 ~
 ~
 ~
 ~
 ~