---
title: "Set up and secure an MQTT broker on Ubuntu"
date: 2021-01-01T18:18:10+02:00
draft:  false
image: "uploads/raspi.png"
categories: ['English']
tags: ['monitoring', 'english']
---

I had some IoT devices that I wanted to integrate in my monitoring. For this I set up a MQTT broker as the MQTT protocol is a simple solution to send data from IoT devices to a server. This tutorial is focusing on setting up the server, but I also introduce a Python based MQTT client to test our installation.

On your server, first install mosquitto, our MQTT server/broker.
```bash
sudo apt-get install mosquitto
```

Allow standard mqtt port in firewall (if you have ufw installed)
```bash
sudo ufw allow 1883
```

Now on the client side connect to the server and publish some fake sensor values.
First install the mqtt client
```bash
sudo pip install phao-mqtt
```
and then use the following python code on your client side to send fake values to your server. You only need to change `mqtt.example.com` to your servers IP/domain.
```python
import time
import paho.mqtt.client as mqtt
import numpy
import numpy as np

def calc_temp():
    temp = np.sin(time.time()%(3600)*2*np.pi)*5+20
    return temp

def on_connect(client, userdata, flags, rc):
    print("Connected with result code " + str(rc))

client = mqtt.Client()
#client.username_pw_set(username="username",password="my_super_secret_pw")
client.on_connect = on_connect

client.connect("mqtt.example.com", 1883, 60)

client.loop_start()

while True:
    time.sleep(2)
    client.publish("test/temperature", calc_temp())

```

You can check if the broker accepts the values by subscribing to the topic:
```python
#!/usr/bin/env python
import paho.mqtt.client as mqtt

def on_connect(client, userdata, flags, rc):
    print("Connected with result code " + str(rc))
    client.subscribe("test/#")

def on_message(client, userdata, msg):
    print(msg.topic + " " + str(msg.payload))

client = mqtt.Client()
#client.username_pw_set(username="username",password="my_super_secret_pw")
client.on_connect = on_connect
client.on_message = on_message

client.connect("mqtt.example.com", 1883, 60)

client.loop_forever()

```

Now secure your broker by creating a user with a password
```bash
sudo mosquitto_passwd -c /etc/mosquitto/passwd <username> 
```

and configure mosquitto to use it in `/etc/mosquitto/conf.d/default.conf`:
```
allow_anonymous false
password_file /etc/mosquitto/passwd
```

Now restart mosquitto to enable the protection
```bash
sudo systemctl restart mosquitto
```
Test the installation by uncommenting `client.username_pw_set(username="username",password="my_super_secret_pw")` and filling in your credentials.
The result code `0` indicates a valid connection. `5` indicates a authentication error.


I hope this helps setting up a MQTT broker. Hopefully I will have the time to write how to connect such a broker to Grafana via Telegraf and Influx DB.

{{< chat monitoring >}}