Настройка mosquito mqtt windows — Ваш верный помощник с OS Windows

How to install Mosquitto Broker on Windows
Making Mosquitto command globally available. Adding Mosquitto to system path
How to Run Mosquitto MQTT Broker as a Service on Windows
How to run Mosquitto in the foreground
How to Configure the Mosquitto MQTT Broker on Windows
- Editing mosquitto.conf
- Authentication settings
How to Handle Persistent Data and Logs
Example Mosquitto Configuration File
How to Test the Installed Mosquitto MQTT Broker on Windows
MQTT Client for Windows
Subscribe to Topics Using mosquitto_sub Windows
Publish Messages with mosquitto_pub Windows
Uninstalling Mosquitto MQTT Server on Windows
Troubleshooting Mosquitto MQTT Server on Windows
- Only one user is allowed per socket address
- Can’t Connect to Mosquitto Broker with Local IP Address
Summary

Eclipse Mosquitto is one of the world’s most popular open-source MQTT brokers. Among its many installation options, it can also run on Windows. This article will explain how to install and configure a free open-source version of Mosquitto MQTT Broker on Windows, including how to install Mosquitto as a Windows service. Then, I will explain how to run Mosquitto on Windows and test it using the popular command line tools: mosquitto_sub and mosquitto_pub.

How to install Mosquitto Broker on Windows

To install Mosquitto on Windows, select the desired installation file from mosquitto.org (64-bit or 32-bit), download it, and run it.

This file is a Mosquitto Windows 10 and Windows 11 tested package (including Windows for ARM). Compatibility with older Windows versions is possible but not guaranteed.

The Eclipse Mosquitto Setup wizard will start. Click Next to continue the installation.

Select the components to install. If you want to start Mosquitto automatically when Windows starts, install the Service component. It will install the broker as a Windows service. See the “How to run Mosquitto MQTT Broker as a Service on Windows” section.

You will also need Visual Studio Runtime because Mosquitto depends on specific libraries and components provided by it. You might not want to install this component if you already have it, but if you are unsure, leave this option as it is and continue to the next step.

Eclipse Mosquitto installation component selection

Select the installation folder for Eclipse Mosquitto or leave the default value (C:\Program Files\mosquitto for a 64-bit executable and C:\Program Files (x86)\mosquitto for 32-bit) and click Install.

Eclipse Mosquitto installation folder location

After the installation process is complete, you will see a corresponding message. All required files for operating Mosquitto will be automatically saved to your chosen installation folder.

Click Finish in the setup wizard. Now, you can start using MQTT Mosquitto Broker on Windows.

Completing Eclipse Mosquitto Setup screen

If you want to install Mosquitto broker without running the graphical part of the installer, you can do so by running the installer from the command line (also referred to as cmd or Command Prompt) with the /S switch (silent mode):

mosquitto-2.0.15-install-windows-x64.exe /S

Use the /D switch to change the installation folder:

mosquitto-2.0.15-install-windows-x64.exe /S /D=:\"Program Files"\mosquitto

As an alternative to cmd, you can use PowerShell. Note that PowerShell uses a slightly different syntax than the command line. For example, running the mosquitto command in cmd (inside of the Mosquitto installation folder) has its equivalent in PowerShell, which is: .\mosquitto. This difference is, however, irrelevant as soon as you add Mosquitto to the system path (more on how to do this below). Then you can use the mosquitto command in both PowerShell and cmd.

After installing Mosquitto broker, you can check how to run it and which command line options it supports. To do this, navigate inside the folder where Mosquitto is installed (installation folder) and run the following command:

mosquitto -h

Note: Mosquitto is not automatically globally visible in cmd. So, to work with it using the mosquitto command, you must either be inside of the installation folder or add the installation folder to the PATH environment variable and restart the Command Prompt (see the following section).

Please note: There is a more powerful Mosquitto version – Pro Edition for Eclipse Mosquitto™, which is available as part of the Cedalo MQTT Platform. To test it and it advanced functionality, sign up for a free cloud or on-prem trial here.

Your Mosquitto Windows installation is now complete. The next sections will explore how to add the mosquitto command to the system path, how to run Mosquitto in foreground and background (as a daemon service), and how to test its basic capabilities using a command line MQTT client.

Making Mosquitto command globally available. Adding Mosquitto to system path

You can use Mosquitto directly from the installation folder by navigating to this folder in the Command Prompt and typing mosquitto. However, if you want to use the broker from any location in the command line, you need to add it to your system path (specifically to the PATH environment variable).

To add Mosquitto to your system path, copy the installation folder’s path, which contains mosquitto.exe.

Right-click on My Computer or This PC on your desktop or in File Explorer, and choose Properties.

Click on Advanced system settings.

Click on Environment Variables, as you can see in the image below.

Navigating to the Environmental Variables in system properties

In the “System variables” section, find the variable called Path and click Edit.

Navigating the path in the System variables

Now, the “Edit environment variable” window will open. Click on New and insert the path to your Mosquitto installation folder you copied earlier. Click OK:

In case you don’t see the “New” button, then in the “Variable value” box, scroll to the end and add a semicolon (‘;’) in case there isn’t one. Then paste the path to the Mosquitto installation folder and click OK.

Restart your command line application (by closing and opening the cmd window), and you should be able to issue commands like mosquitto -h from any location.

Other sections of this guide assume that you have added Mosquitto to your system path as described above. If you did not, then you must run all the Mosquitto-related commands (mosquitto, mosquitto_passwd, mosquitto_pub, mosquitto_sub) from the folder where you installed the broker.

The next sections will explore how to start the Mosquitto broker in Windows.

How to Run Mosquitto MQTT Broker as a Service on Windows

Most of the commands from this section must be executed with administrative permissions. To do this, you must run Command Prompt as administrator by right-clicking on the command line icon and choosing the “Run as administrator” option.

By default (if the “Service” option was ticked during installation), Mosquitto is installed as a Windows service to run in the background and automatically start on Windows startup. It will also automatically start immediately after the installation. Note that in this case, Mosquitto will use the mosqutto.conf config file from the installation directory.

To check if Mosquitto is running in the background, execute the sc query mosquitto command in cmd. Note that PowerShell sc is not a service control command but an alias for Set-Content. Therefore, in PowerShell, you must use Get-Service -Name mosquitto instead.

You can also view the status and manage services via a dedicated GUI application. To access the Services application: open Windows search and type services.msc or simply Services and press enter. Then, find the service named Mosquitto Broker. You will see the current state of the services in the “Status” column. In case the status is not “Running…”, right-click on it, and start it as shown below:

Mosquitto service is configured to start on every Windows startup automatically. You can change this behavior in service properties by right-clicking the “Mosquitto Broker” entry in “services.msc” and selecting “Properties”:

Changing app behavior in service properties

Then, change the “Startup type” field to the desired value (“Manual” will not start the service after the system restart, and “Disabled” will turn the service off completely), and press OK.

Alternatively, you can manage Mosquitto service using sc or net commands from the command line. Note that you will have to open the command line as an administrator. For PowerShell, you will have to use one of Start-Service, Stop-Service, Get-Service, Restart-Service to manage the service.

Example:

Starting the service.

With cmd:

sc start mosquitto

With PowerShell:

Start-Service mosquitto

Stopping the broker:

With cmd:

sc stop mosquitto

With PowerShell

Stop-Service mosquitto

Removing Mosquitto Windows service:

For cmd enter the following two commands one by one:

sc stop mosquitto
mosquitto uninstall

Alternatively:

sc stop mosquitto
sc delete mosquitto

For PowerShell:

Stop-Service -Name mosquitto
mosquitto uninstall

If you want to install the Mosquitto service again, run the following command:

mosquitto install

And as I already mentioned, you can also view Mosquitto service status using the following command:

For cmd:

sc query mosquitto

For PowerShell:

Get-Service -Name mosquitto

By default, the Mosquitto broker service will listen on port 1883 unless you change this in mosquitto.conf file located in the installation folder. To check if Mosquitto is running on port 1883, run the following command (works for both cmd and PowerShell):

netstat -an | findstr 1883

If the Mosquitto MQTT server has opened an IPv4 and IPv6 listening socket on port 1883, the output of this command will be the following two lines:

How to run Mosquitto in the foreground

There is an alternative way to run Mosquitto which will, however, run it in the foreground rather than in the background as in the case with services.

Open the command line and use mosquitto -v -c <path to mosquitto.conf> command to run the broker in a verbose mode which will allow you to see the debug messages. Using the -c option, we can pass a mosquitto.conf configuration file to the broker. If you don’t specify it, no configuration file will be used. Read more on this in the following section.

Note that the -d option (that allows us to run Mosquitto in the background) is unusable in Windows because there is no daemon process manager. So, on Windows, we use services instead, as described in the section above.

To stop Mosquitto from running in the foreground, press Ctrl + C in the cmd window where the broker is running.

In this article, we use the open-source Eclipse Mosquitto broker. However, the Pro Edition for Eclipse Mosquitto is also available. It provides advanced MQTT broker functionality, such as a rich set of MQTT bridges and metrics exporters, High Availability, OAuth 2.0 / JWT / LDAP Authentication, Audit trail loggins, Persistent Queueing, and more. To test it, sign up for a free Cedalo MQTT Platform trial.

How to Configure the Mosquitto MQTT Broker on Windows

You can configure the operation and features of the Mosquitto broker using the configuration file named mosquitto.conf located in the installation folder. This file is used only for Mosquitto running as a service. If you run Mosquitto from cmd, the mosquitto.conf file is not used, and it has to be manually specified with the -c flag:

mosquitto -c <path to your config file>

For example:

mosquitto -c "C:\Program Files\mosquitto\mosquitto.conf"

If you want to run Mosquitto as a service and use a non-default configuration file, the easiest way is to install the nssm command line tool. After that, ensure that the broker service is stopped and removed:

For cmd:

sc stop mosquitto
sc delete mosquitto

For PowerShell:

Stop-Service -Name mosquitto
mosquitto uninstall

And finally, execute the following commands (works for both cmd and PowerShell):

nssm install mosquitto "C:\Program Files\mosquitto\mosquitto.exe"
nssm set mosquitto AppParameters -c "<path to your config file>"

For example:

nssm install mosquitto "C:\Program Files\mosquitto\mosquitto.exe"
nssm set mosquitto AppParameters -c "C:\Users\myuser\cedalo\mosquitto.conf"

To prevent unexpected issues avoid spaces in the path to your custom config file.

After that, you can start the service with sc start mosquitto for cmd, Start-Service -Name mosquitto for PowerShell, or just continue using nssm with nssm start mosquitto. Now, Mosquitto will use the custom config file you provided.

Editing mosquitto.conf

You may want to edit the default mosquitto.conf configuration file from the installation directory or create your own and specify the needed settings.

The default mosquitto.conf file in the installation folder contains commented-out lines (lines that begin with the # symbol) with default options. To change them, you need to uncomment the lines you want (by removing the # in front of them) and specify different values. Or you might as well not bother with uncommenting – just add your configuration options anywhere in the file.

If you create your own mosquitto.conf, then start with an empty file and add your options.

Below we will explore some necessary settings of this file.

Authentication settings

To connect to the broker for the first time, you have to configure your authentication settings in the configuration file. There are a few possibilities, some of which we explore below.

You can (but not necessarily should) allow anonymous connections from any host (meaning connections without a username and a password) by adding the following options to your configuration file:

allow_anonymous true
listener 1883 0.0.0.0

This will allow any device on the network to connect to the broker, post messages and subscribe to topics without authentication. However, we recommend allowing only authenticated clients to connect to your broker for security reasons.

To achieve this, first, create a password file containing usernames and PBKDF2 (with SHA-256) hashes of the passwords in the format: username:pbkdf2_password_hash. This would look like the following (take a look at pwfile.example):

roger:$6$clQ4Ocu312S0qWgl$Cv2wUxgEN73c6C6jlBkswqR4AkHsvDLWvtEXZZ8NpsBLgP1WAo/qA+WXcmEN/mjDNgdUwcxRAveqNMs2xUVQYA==
sub_client:$6$U+qg0/32F0g2Fh+n$fBPSkq/rfNyEQ/TkEjRgwGTTVBpvNhKSyGShovH9KHewsvJ731tD5Zx26IHhR5RYCICt0L9qBW0/KK31UkCliw==
pub_client:$6$vxQ89y+7WrsnL2yn$fSPMmEZn9TSrC8s/jaPmxJ9NijWpkP2e7bMJLz78JXR1vW2x8+T3FZ23byJA6xs5Mt+LeOybAHwcUv0OCl40rA==

This can be achieved using mosquitto_passwd command. To create a password file with the initial Mosquitto user, use the following command:

mosquitto_passwd -c <path where you want your password file to be created> <user_name>

For example:

mosquitto_passwd -c C:\"Program Files"\mosquitto\passwd test_user

This will create a password file with the initial user test_user.

To add another user to the password file, run the command:

mosquitto_passwd -b C:\"Program Files"\mosquitto\passwd user_name password

Note that if you want to delete a user from the file, you can use the -D flag and specify the name of the user to be removed:

mosquitto_passwd -D C:\"Program Files"\mosquitto\passwd user_name

After you have created a password file with all the needed users, add the following lines to mosquitto.conf:

password_file C:\Program Files\mosquitto\passwd
allow_anonymous false
listener 1883

Don’t forget to change the password_file option to contain the path to your actual password file.

How to Handle Persistent Data and Logs

Mosquitto broker allows you to save the following types of application data among the rest:

Information and debug logs.
Broker system data (persistence feature).

To configure the logging of your MQTT Mosquitto Windows installation, you need to add the logging options (located in the Logging section of the default mosquitto.conf).

Add the following parameter to specify which file to store the logs in. Also, it would be best if you made sure this path exists, so manually create a log folder (‘C:\Program Files\mosquitto\log’ in the example below).

log_dest file C:\Program Files\mosquitto\log\mosquitto.log

You can also choose the events to log: debug, error, warning, notice, information, etc. To save logs for all types of events, use the following option:

log_type all

If you want to get comprehensive information on logging in the Mosquitto MQTT broker, please refer to our MQTT Logging tutorial.

To save persistence data, add the following options to the configuration file. Adjust persistence_location as needed. You need to ensure the path in persistence_location exists, so create a data directory manually if there isn’t one (‘C:\Program Files\mosquitto\data\’ in the example).

persistence true
persistence_file mosquitto.db
persistence_location C:\Program Files\mosquitto\data\
autosave_interval 60

Note that persistence data will only be saved to a file on Mosquitto shutdown or at specific intervals controlled by the autosave_interval config option.

Note that you need to restart the broker for the changes made in the configuration file to take effect. Use the command ‘sc stop mosquitto’ to stop the Mosquitto service and then execute ‘sc start mosquitto’ to start it up again.

When Mosquitto runs as a service, all the files it creates will have access permissions set only for the SYSTEM Windows account. To access these files from your user account, you must go into the properties of those files and add your Windows user on the Security tab.

More specifically, right-click on the file and choose Properties:

Go to the Security tab and click Advanced:

In the “Advanced Security Settings” tab, click on Continue:

mosquitto log advanced security settings

Click on the Add button:

Adding "SYSTEM" to the mosquitto log advanced security settings

The “Permission Entry” tab will open. Click on Select a principal:

Selecting a principal in the Permission entry for mosquitto.log

Click Advanced:

Then click on the Find Now button:

At the bottom of the window, in the Search results section, a list of users, groups, and built-in security principals will appear:

Find the user you are currently logged in as, select it, and click OK:

Click OK again:

You will be sent back to the Permission Entry tab. Here select the basic permissions you want your user to have and click OK:

After that, in the “Advanced Security Settings” window, click on the OK button again:

Advanced security settings for mosquitto.log

Finally, you should be able to access the file.

Example Mosquitto Configuration File

Summarizing the settings we discussed, you may find an example of the mosquitto.conf file below. Remember to change the paths to suit your environment if you want to use it for your use case.

password_file C:\Program Files\mosquitto\passwd
allow_anonymous false
listener 1883 127.0.0.1
log_dest file C:\Program Files\mosquitto\log\mosquitto.log
log_type all
persistence true
persistence_file mosquitto.db
persistence_location C:\Program Files\mosquitto\data\
autosave_interval 60

There are many other Mosquitto broker settings that you can add to your configuration file. For example, you can configure Mosquitto to listen on multiple ports, configure TLS certificates, limit message size, and more.

You can find a complete list of mosquitto.conf settings here.

How to Test the Installed Mosquitto MQTT Broker on Windows

MQTT Client for Windows

To test Mosquitto MQTT Windows installation, I will use an MQTT client for Windows. The idea is simple: using an MQTT client, I will publish and subscribe to topics to check that basic broker functionality works as expected.

For our setup, we are going to use the mosquitto_sub and mosquitto_pub MQTT clients. These clients are distributed as separate terminal commands shipped together with the broker Windows package. However, you can also use any other MQTT client, such as MQTT Explorer, which provides a friendly graphical user interface.

Subscribe to Topics Using mosquitto_sub Windows

Mosquitto_sub Windows MQTT client allows you to subscribe to topics and print the received messages. To receive a message, you should subscribe to a topic before a message is published. In this example, we subscribe and listen to a topic using mosquitto_sub while publishing the messages with mosquitto_pub.

To subscribe to the topic named "Test topic", run the following command:

mosquitto_sub -i mosq_sub1 -t "Test topic" -d

This command uses the following options:

i – Client id. If this parameter is not passed, client ID is generated automatically.
t – Name of the topic to subscribe to.
d – Enables printing of debug messages.

After that, the MQTT client will be launched, which will notify about new messages on the “Test topic” topic and print them.

The print of MQTT client being launched with the "Test topic" topic

Mosquitto_sub uses localhost and 1883 port by default. Use option -h to change the host and option -p to change the port.

mosquitto_sub -i mosq_sub1 -t "Test topic" -h localhost -p 1884 -d

If you use authentication to connect to the broker, specify a username and a password using -u and -P options:

mosquitto_sub -i mosq_sub1 -t "Test topic" -u <username> -P <password> -d

Publish Messages with mosquitto_pub Windows

Mosquitto_pub is a simple MQTT client that publishes one message to a topic and exits.

To publish a message, run the following command in a new cmd window:

mosquitto_pub -i mosq_pub1 -t "Test topic" -m "Test message" -d

This command uses the following options:

i – Client id. If this parameter is not passed, the server generates client ID automatically.
t – Name of the topic to which the message is published.
m – Text payload of the message to be published.
d – Enables printing of debug messages.

Below is the output of the command.

By default, messages are sent to the broker at localhost, port 1883. To publish them to a different host, use the -h option. Use the -p parameter to connect to a different port.

mosquitto_pub -i mosq_pub1 -t "Test topic" -m "Test message" -h localhost -p 1884 -d

To specify a username and password for the user authentication, use -u and -P options:

mosquitto_pub -i mosq_pub1 -t "Test topic" -m "Test message" -u <username> -P <password> -d

Ensure that the publish topic is the same as the topic you have previously subscribed to (-t “Test topic”). If you did everything correctly, you would see the published messages (“Test message”) in the window where you executed the mosquitto_sub command.

Uninstalling Mosquitto MQTT Server on Windows

If you want to uninstall the Mosquitto Windows service specifically and not the broker application itself, you first need to stop the service using the sc stop mosquitto command. Then run either sc delete mosquitto or mosquitto uninstall.

Otherwise, if you want to delete both service and the application, you can use the “Uninstall.exe” executable, which is located inside the installation folder. After running it, you need to delete the installation folder, and you are done.

To run Mosquitto Uninstall executable from cmd in silent mode, type the following into the Windows Command Prompt from inside the folder where Mosquitto is installed:

Uninstall.exe /S

Troubleshooting Mosquitto MQTT Server on Windows

Only one user is allowed per socket address

If you receive the error message “Normally only one user is allowed per socket address (protocol/network address/port),” you may already have another application running that is listening on port 1883.

Possible Solution

Run netstat -ano | findstr :1883 (or use a different port instead of 1883 if it was configured) command and check if the specified port is already in use by another program. The occupying process’s process id (PID) will be in the last column. You can copy it and then run taskkill /F /PID <PID> replacing the <PID> with the process id value from netstat. You may also free up the port in any other way after identifying which application occupies it. Then killing the process with taskkill is not necessary.

Can’t Connect to Mosquitto Broker with Local IP Address

When connecting to the Mosquitto broker using a local IP address other than localhost, a connect ECONNREFUSED error occurs.

Possible Solution

You need to edit the configuration file to listen to addresses other than localhost. Add the listener parameter and specify the port on which you want to listen for incoming network connections as well as the desired IP address/hostname:

listener 1883 192.168.1.100

You can specify a hostname instead of the IP address (192.168.1.100 in the example above). This listener option can also be specified multiple times to bind various addresses. If we omit it, Mosquitto will be listening on localhost.

Note that having at least one listener in your config file is always a good idea. This will help avoid some problems down the road.

Additionally, for troubleshooting purposes, you can allow anonymous connections from remote addresses with the following:

allow_anonymous true

However, it would be best to be careful with this option as it is not recommended to allow anyone to access the broker because of security considerations. We recommend using this option for testing purposes only.

If you are using the open-source version of Eclipse Mosquitto broker for a commercial project and need advice or help to solve a problem, we offer open-source Mosquitto support. This can help you quickly solve your problems, ensure your system’s stability and security, get quick access to new patches and fixes, and be the first to receive information about new releases.

Summary

In this article, we talked about the open-source MQTT Mosquitto Broker. We learned how to install Mosquitto Windows, configure, and test it. In addition, we considered the most common problems and their solutions when using the broker.

Let’s summarize the main points:

Use the executable file for Mosquitto MQTT broker Windows installation.
Add the installation folder to the PATH environment variable to make the ‘mosquitto’ command globally available from the command line.
By default, Mosquitto will be installed as a Windows service, which can run in the background and automatically start on the operating system boot.
To configure Mosquitto broker (including authentication settings, logging, etc.), use mosquitto.conf configuration file from the installation folder or provide your own.
You can test Mosquitto using popular MQTT clients mosquitto_pub and mosquitto_sub, which are bundled into the installation.

About the author

Serhii Orlivskyi is a full-stack software developer at Cedalo GmbH. He previously worked in the Telekom industry and software startups, gaining experience in various areas such as web technologies, services, relational databases, billing systems, and eventually IoT.

While searching for new areas to explore, Serhii came across Cedalo and started as a Mosquitto Management Center developer. Over time, Serhii delved deeper into the MQTT protocol and the intricacies of managing IoT ecosystems.

Recognizing the immense potential of MQTT and IoT, he continues to expand his knowledge in this rapidly growing industry and contributes by writing and editing technical articles for Cedalo’s blog.

Источник

Table of Contents

Introduction
Prerequisites
Steps
Testing our Mosquitto MQTT Broker
- Subscriber client
- Publisher client
Adding the Mosquitto commands to the Windows PATH variable
How to Uninstall Mosquitto MQTT Broker in Windows?
Wrap Up

Introduction

This post will discuss how you can install Mosquitto MQTT broker on a Windows machine. MQTT or MQ Telemetry Transport is a publish-subscribe lightweight protocol. This protocol is ideal for memory or bandwidth-constrained devices like our microcontroller.

We will begin the installation process by installing the Mosquitto MQTT broker on a Windows machine and then do the necessary configuration. After that, we will do the initial testing of a publish-subscribe cycle to verify the installation.

Prerequisites

You will need a workstation or laptop running Windows and with sufficient CPU power and memory. Also, ensure you have sufficient Administrator privileges so we don’t encounter any permission issues.

Steps

Download the MQTT Broker from this link. When writing this post, the latest version is shown in the image below. Select if you want the 32-bit or 64-bit version.

When the download is finished click the executable file. If a popup for user account control is shown then just click Yes. When this screen is shown click Next.

Click Next again on which components to install

Install MQTT Windows - Choose Components

Please select where you want to install it but in my case, I have set it to the default installation folder and clicked the install button.

Install MQTT Windows - Choose Install Location

Once the installation is finished then open a command prompt. Right-click and click the “Run as Administrator Option”

Change into the directory where you installed your Mosquitto broker and execute the below command to start the Mosquitto service.

net start mosquitto

You should be able to see the following message above to be displayed.

If you go into the services then you will notice that the Mosquitto broker is now Running.

Testing our Mosquitto MQTT Broker

Now that we have successfully configured our Mosquitto MQTT Broker in our Windows environment then we will test it. To test it, we will send a publish and subscribe command on our same Windows machine. This would be enough to test if our installation is successful.

Subscriber client

Open a command prompt and change the directory into our Mosquitto installation then type in the below command.

mosquitto_sub -t test_sensor_data -h localhost

The command above subscribes to the topic test_sensor_data. Keep this command prompt window open. This is waiting for any publisher to publish any information on that topic.

Publisher client

Open a new command prompt and change the directory into our Mosquitto folder installation. Type in the below command and click enter.

mosquitto_pub -t test_sensor_data -h localhost -m “temp:100”

This publishes a message about the temperature on the topic test_sensor_data.

If you take a look now at our subscriber command prompt window then you will see that the message is displayed.

mqtt test publish-subscribe command prompt

Congratulations! We now have a functioning Mosquitto MQTT broker on our Windows machine. Yay!

Adding the Mosquitto commands to the Windows PATH variable

Right now, when you want to execute the Mosquitto commands then you need to cd to the directory where you installed your Mosquitto software. If you want to access the mosquitto_pub and mosquitto_sub commands anywhere then you can add the Mosquitto folder to the PATH variable.

Follow the following steps to add your Mosquitto software to the PATH environment variable.

In your search bar, type in “environment”. Click the Edit the system environment variables

Click the Environment Variables

Search for the Path variable and click edit.

Add a New environment variable and paste it into the directory where you installed your Mosquitto server.

Add Mosquitto directory to Windows Path environment variable

Now, whenever you open a new command prompt then you can execute the mosquitto_pub and mosquitto_sub commands directly.

How to Uninstall Mosquitto MQTT Broker in Windows?

Open a command prompt and make sure that it is running in Administrator mode.

Type in the below command to stop the Mosquitto MQTT service first.

net stop mosquitto

After which, type in the below command to uninstall the Mosquitto

mosquitto uninstall

Delete the installation folder if it was not deleted automatically.

Wrap Up

We have completed the process of how to install the Mosquitto MQTT broker on the Windows machine in this post. Also, we have run the configuration needed and then run the initial testing to verify our installation.

We are now ready to explore this awesome protocol in our IOT projects.

That’s it! Happy Exploring!

Read Next:
Pico W -MicroPython MQTT – BMP/BME 280 Weather Station
MQTT Tutorial using Arduino Framework

Read More:
Exploring Node-Red, Dashboard 2.0, and MQTT
How to build your own custom MQTT dashboard?

Источник

The following installation instructions are for mosquitto MQTT, version 2.0.12 64-bit, in a Microsoft Windows environment. If you need to install a different version of MQTT software, consult the relevant installation instructions.

Installing the MQTT Broker

Configuring Usernames and Passwords

Prerequisites

Creating Encrypted Password File

Deleting Users from the Encrypted Password File

Configuring mosquitto.conf to Use the Encrypted Password File

Creating Self-Signed Certificate

Prerequisites

Installing OpenSSL and Setting up Environment Variables

Creating the Self-Signed Certificate and Keys

Create a Certificate Authority (CA) key pair

Create a CA certificate and use the ca.key to sign it

Create a server key pair for use by the broker

Create a broker certificate request

Use the CA certificate to sign the broker certificate request

Edit the mosquitto.conf file

Import a Self-Signed Certificate to a Windows Host

Unsecured connection

Related Links for Additional Information

Installing the MQTT Broker

To install the mosquitto MQTT Broker:

Download the mosquitto-2.0.12-install-windows-x64.exe file from https://mosquitto.org/download/.
Go to the directory where you downloaded the file. Double-click mosquitto-2.0.12-install-windows-x64.msi.
Follow the Eclipse Mosquitto Setup wizard prompts and accept all defaults.
If Microsoft Visual C++ is not installed, it will be installed for you as part of the mosquitto installation. Click Accept to accept the license terms, and then click Install.
In your desktop, open the Microsoft Services application. Check to see that “Mosquitto Broker” is in “Running” Status with “Automatic” Startup type. If Status is empty, click Start. The mosquitto Broker will automatically start after every system reboot.

Картинка с сайта: www.ayyeka.com

Configuring Usernames and Passwords

The following instructions and examples are for the mosquitto MQTT Broker on a Microsoft Windows, 64-bit platform. Other MQTT brokers will have different instructions, configuration, importing credentials, and so forth.

Prerequisites

The device must have firmware version 2.29x or newer.
Microsoft Windows 64-bit operating system

Creating Encrypted Password File

In the FAI Lite scenario, both the devices and the Agent are the clients of the broker. Therefore, the Agent and each device needs its own username and password. Do the following steps:

In the C:\etc folder, create a simple text file with each user’s username and password, one for each line. Separate the username and password with a colon as shown below:
Configure the credentials for your devices by using the AyyekaGo mobile app.
1. For every device, do the following steps:

- - Click Cellular Settings > MQTT SERVER ADDRESS.
  - In the MQTT Server Address window, type in the username and password of the device that will connect to the MQTT Broker.

b. Click My Devices, and then click the Export icon. A list of devices is shown.

c. Click EXPORT. Select which app to use for export. For example, you might use Gmail to send the export file to yourself.

d. In the MQTT Broker platform, open the export file, and then copy the usernames and passwords as described in step 1 into the password file.

3. Update the password file as needed.

- Encrypt the entire password file. Go to the directory where mosquitto was installed (by default, C:\Program Files\mosquitto).

Command: mosquitto_passwd.exe -U name_of_passwordfile

Notice that all passwords are now encrypted.

- Encrypt the password of only the first user.

Command: mosquitto_passwd.exe -c name_of_passwordfile the_first_user

In our example, the_first_user is steve.

You will be prompted to enter a password for the_first_user.

Note: The password that you type in is not echoed, so it looks like it is not being accepted — but it is.

- After adding the first user and password, you can add additional users.

Command: mosquitto_passwd -b name_of_passwordfile the_next_user password

4. After updating the password file, restart the MQTT broker by using the Microsoft Windows Services application.

Deleting Users from the Encrypted Password File

If needed, you can remove individual users from the password file.

Command: mosquitto_passwd -D name_of_passwordfile user_to_be_deleted

Configuring mosquitto.conf to Use the Encrypted Password File

You must configure mosquitto.conf file to use the encrypted password file. Do the following steps:

Copy the password file into a separate folder. For example, copy the file into C:\etc\mosquitto\.

If you use a different directory, ensure that there are no spaces in the directory path, such as in C:\Program Files\mosquitto\passwordfile”.

2. Edit the mosquitto.conf file to use the password file. Do the following steps:

- Set allow_anonymous to false
- Set the password_file path

The password file must not have an extension, such as “.txt”.

For example:

allow_anonymous false

password_file C:/etc/passwordfile

3. Edit the mosquitto.conf file for communication. Do the following steps, as needed:

Note: mosquitto v1.5 authentication is no longer a global setting. It can be configured on a per listener basis. You must enable the per_listener_settings setting.

Examples:

The configuration in mosquitto.conf for only secure communication will be:

###

# It is recommended to have secure communication, so the listener is set to 8883
listener 8883
allow_anonymous false
password_file C:/etc/passwordfile
###

Note: If you set listener to 8883, you must embed the certificates. See Edit the mosquitto.conf file below for an example.

4. After updating the configuration or the password file, restart the mosquitto Broker service by using the Microsoft Windows Services application.

For additional information about configuring the password file, see http://www.steves-internet-guide.com/mqtt-username-password-example/

It is recommended that you use the enterprise’s signed certificate. Consult your IT department for instructions about how to use it. In this case, you can now go directly to the Edit the mosquitto.conf file section below.

Alternatively, you can create a self-signed certificate and use that for verification. In this case, continue to the «Creating Self-Signed Certificate” section below.

Creating Self-Signed Certificate

Prerequisites

Microsoft Windows 64-bit operating system
Microsoft Visual C++

Installing OpenSSL and Setting up Environment Variables

Before you create the self-signed certificate, you must install OpenSSL and set up environment variables. Do the following steps:

Download OpenSSL. Use the version for Win64 rather than the Lite version.
Run the OpenSSL Installer.

If Microsoft Visual C++ is not installed, the installer will download and install it for you. Run the OpenSSL Installer again and follow the wizard steps.

3. Set up system environment variables.

The environment variables must be set so that OpenSSL functions properly on your system. You need to set OPENSSL_CONF and Path environment variables. Do either of the following steps:

- To set environment variables for the current session only, do the following commands at the command line prompt:
  - set OPENSSL_CONF=C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
  - set Path=%Path%;C:\Program Files\OpenSSL-Win64\bin
- To set environment variables permanently, do the following commands:

1. 1. In the system tray, press the Search icon, and then type in environment.
  2. Select Edit the system environment variables. The System Properties window opens.
  3. Click the Advanced tab, and then click Environment Variables.
  4. In the System variables section, click New.
  5. In the New System Variable window, set the following variables:

- - - set OPENSSL_CONF to be C:\Program Files\OpenSSL-Win64\bin\openssl.cfg
    - Set Path to be C:\Program Files\OpenSSL-Win64\bin
      
      Картинка с сайта: www.ayyeka.com

4. Click OK to close the New System Variable window, and then click OK to close the Environment Variables window.

5. Click OK to close the System Properties window.

Note: The changes that you made will take effect only when the window closes, and you open a new command prompt.

Creating the Self-Signed Certificate and Keys

Create the self-signed certificate and keys by doing the following steps at the command line prompt:

Please note that the self-signed certificate files will be created in the folder where the openssl commands will be run from.

Create a Certificate Authority (CA) key pair.
Command: openssl genrsa -des3 -out ca.key 2048
```
Generating RSA private key, 2048-bit long modulus (2 primes) ....................................................................................+++ 
......................+++++ 
e is 65537 (0x010001) 
Enter pass phrase for ca.key: 
Verifying - Enter pass phrase for ca.key: 
```
The purpose of the pass phrase is to encrypt the private key. To use an encrypted key, the pass phrase is also needed. In a way, they are two separate factors of authentication. Tip: Write down the pass phrase (pay attention to case) because you will need it when you sign the ca.crt and server.crt certificates.

Create a CA certificate and use the ca.key to sign it.

Command: openssl req -new -x509 -days 1826 -key ca.key -out ca.crt

Enter pass phrase for ca.key: 
You are about to be asked to enter information that will be incorporated into your 
certificate request. 
What you are about to enter is what is called a Distinguished Name or a DN. 
There are quite a few fields, but you can leave some blank 
For some fields there will be a default value, 
If you enter '.', the field will be left blank. 
Country Name (2 letter code) [AU]:US 
State or Province Name (full name) [Some-State]: California 
Locality Name (e.g., city) []: San Diego 
Organization Name (e.g., company) [Internet Widgets Pty Ltd]: Widgets 
Organizational Unit Name (e.g., section) []: RND 
Common Name (e.g., server FQDN or YOUR name) []: Widgets 
Email Address []:

The directory now has the following files:

08/17/2021 11:51 AM 1,348 ca.crt

08/17/2021 11:50 AM 1,773 ca.key

Create a server key pair for use by the broker.

Command: openssl genrsa -out server.key 2048
```
Generating RSA private key, 2048-bit long modulus (2 primes) 
..................................................................................+++++ 
................+++++ 
e is 65537 (0x010001) 
```
The directory now has the following files:

08/17/2021 11:51 AM 1,348 ca.crt

08/17/2021 11:50 AM 1,773 ca.key

08/17/2021 11:52 AM 1,702 server.key

Create a broker certificate request.

When filling out the form, the Common Name is important and is usually the full domain name of the server, the IP address, or the Microsoft Windows name of the computer that is running the mosquitto broker. You must use the same name when configuring the client connection.

Command: openssl req -new -out server.csr -key server.key

You are about to be asked to enter information that will be incorporated 
into your certificate request. 
What you are about to enter is what is called a Distinguished Name or a DN. 
There are quite a few fields, but you can leave some blank 
For some fields there will be a default value, 
If you enter '.', the field will be left blank. ------- 
Country Name (2 letter code) [AU]:US 
State or Province Name (full name) [Some-State]:California 
Locality Name (e.g., city) []: San Diego 
Organization Name (e.g., company) [Internet Widgets Pty Ltd]:Widgets 
Organizational Unit Name (e.g., section) []:RND 
Common Name (e.g., server FQDN or YOUR name) []:54.72.180.67 
Email Address []: 
Please enter the following 'extra' attributes to be sent with your certificate request 
A challenge password []:widget 
An optional company name []:widget

Use the CA certificate to sign the broker certificate request.

Use the CA key to verify and sign the server certificate. This step creates the server.crt file.

Command: openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360
```
Signature ok 
subject=C = US, ST = California, L = San Diego, O = widgets, OU = RND, 
CN = 54.72.180.67 
Getting CA Private Key 
Enter pass phrase for ca.key: 
```
Note: If you get the message:
unable to load CA Private Key
13592:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto\evp\evp_enc.c:610:13592:error:0906A065:PEM routines:PEM_do_header:bad decrypt:crypto\pem\pem_lib.c:461:

It means that you did not enter the pass phrase for ca.key correctly. Run the openssl command again, and then type in the correct pass phrase.

The directory now has the following files:

08/17/2021 11:54 AM 1,364 ca.crt

08/17/2021 11:53 AM 1,781 ca.key

08/17/2021 11:55 AM     42 ca.srl

08/17/2021 11:55 AM 1,240 server.crt

08/17/2021 11:55 AM 1,088 server.csr

08/17/2021 11:54 AM 1,702 server.key

Edit the mosquitto.conf File

1. Edit the configuration file to use the following parameters and their values:

per_listener_settings true
listener 8883

allow_anonymous false
password_file c:\Users\...\Certificates\passtest.txt

protocol mqtt
certfile c:\Users\...\Certificates\server.crt

keyfile c:\Users\...\Certificates\server.key

require_certificate false

cafile c:\Users\...\Certificates\ca.crt

use_identity_as_username false

log_dest file c:\mosquitto\mosquitto.log

log_type error
log_type warning
log_type notice
log_type information
# the following setting should be added manually after the logs settings
log_type all

connection_messages true

# the following seeing must added at the end of the file
tls_version tlsv1.2

2. After updating the mosquitto.conf file, restart the MQTT broker through the Microsoft Windows Services application. For details about parameters and syntax in the mosquitto.conf file, see mosquitto.conf man page.

Import a Self-Signed Certificate to a Windows Host

If you defined the listener in the mosquitto.conf file for unsecured communication, skip this step.

If the listener uses secure communication, you must add the self-signed certificate (ca.crt) to the Windows repository. Do the following steps:

On your Windows desktop, click Start > Run > MMC. The Microsoft Management Console opens.
Click File, and then select Add / Remove Snap In.
From the list of available snap-ins, select Certificates, and then click Add.
In the Certificates snap-in window, select Computer Account, and then click Next.
In the Select Computer window, select Local Computer, and then click Finish.
Click OK to exit the Snap-In window.
Click [+] next to Certificates > Trusted Root Certification Authorities.

Картинка с сайта: www.ayyeka.com

8. Right-click Certificates, and then select All Tasks > Import. The Certificate Import Wizard window opens. Follow the wizard prompts. The self-signed certificate is now trusted by all users.

If you see the following error from self-signed certificates in the log:

2021-09-09 15:24:40.252 +03:00 [WRN] MQTT: TLS certificate has policy errors. RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
2021-09-09 15:24:40.252 +03:00 [WRN] MQTT: Verify the certificate or ignore by changing the IgnoreCertificateRevocationErrors setting

The Agent will not work until you change the Ignore Certificate Revocation Errors check box in the Agent’s configuration file or the UI.

Unsecured Connection

If you need it, you can set the mosquitto.config file to have an unsecured connection
We recommend avoiding this kind of configuration.

The configuration in mosquitto.conf for only non-secure communication will be:

### 
per_listener_settings true 
# In non-secure communication, the listener is set to 1883 
listener 1883 
allow_anonymous false 
password_file C:/.../passwordfile.txt
###

Prerequisites

MQTT Explorer or another MQTT client installed on your server computer.
An additional MQTT client, ESP32, or another computer to test the connection to the server.

Mosquitto Installation

1) Download Mosquitto 64-bit version from Mosquitto’s official website.

2) Run the installation file and follow the prompts, clicking «Next» until the «Install» button appears.

3) Install Mosquitto using the default path by clicking «Install.»

4) Once installation is complete, click «Finish.»

5) Open the Task Manager and navigate to the Services tab. You should find the Mosquitto service listed and stopped.

6) Start the Mosquitto service.

7) Use your MQTT client to connect to ‘localhost’ and verify the connection.

You should be connected to the broker like below

Configuration

1) Edit the mosquitto.conf file located in your mosquitto.exe installation directory in a text editor.

Add:

allow_anonymous true
listener 1883 YOUR_SERVER_IP

Replace YOUR_SERVER_IP with the IP address of your server. This configuration allows anonymous connections and specifies the server’s listening address. Note: Strengthen security with authentication after initial testing.

2) Save the file. If administrator rights are required, save to a different location and then copy it back to the original directory.

3) Restart the Mosquitto service via the Task Manager.

Firewall Configuration

1) Type firewall in the Windows search input and select «Windows Defender Firewall»

2) Click on Advanced settings

Now we are going to create 2 rules for Mosquitto, one for Inbound connections, one for Outbound connections

3) Click on «Inbound Rules» and «New Rule»

4) Click «Next»

5) Enter your mosquitto.exe install path

6) Click «Next»

7) Select «Allow the connection» and click «Next»

Uncheck «Domain» and «Public» and click «Next»

9) Name your rule and click «Finish»

10) Repeat the same for an Outbound rule

Upon completing these steps, your Mosquitto server should be accessible to clients within your local network.

Now don’t forget to strenghten your broker security

Security

Adding a username and a password

1) Create a text file named pwd.txt and enter your desired username and password in the format username:password.

Example: admin:strongpassword123

2) Save this file and move it to the directory where mosquitto.exe is installed.

3) Open Command Prompt as an administrator.

4) In the Command Prompt, navigate to the Mosquitto directory and run the following command to hash your password for security:

mosquitto_passwd -c pwd.txt

5) In your mosquitto.conf file, add:

password_file C:\Program Files\mosquitto\pwd.txt

6) Change the line allow_anonymous true to allow_anonymous false. This ensures that only authenticated users can connect.

7) Your final configuration should include these lines:

allow_anonymous false

password_file C:\Program Files\mosquitto\pwd.txt

listener 1883 YOUR_SERVER_IP

Restart mosquitto service

Retry to connect from your MQTT client

Restricting firewall rules

1) Open Windows Firewall and navigate to Advanced settings.

2) In the Inbound Rules, find your Mosquitto rule and double-click to edit it.

3) Go to the ‘Protocols and Ports’ tab.

4) Set the rule to only allow traffic through the port used by your broker (default is 1883).

6) Apply the same settings to the Outbound Rule.

7) Test the connection with your MQTT client to ensure everything is functioning correctly.

By following these steps, your MQTT broker on Windows is now more secure, reducing the risk of unauthorized access.

Источник

The Mosquitto or MQTT broker is an OASIS standard messaging protocol for IoT. The inculcation of IoT in modern-day lives has pulled MQTT in the picture. Being a lightweight messaging transport that can remotely connect devices, MQTT tutorials were in much demand. So, here we portray one tutorial for the installation of Mosquitto MQTT broker Windows.

There exist three different ways of installing Mosquitto broker on Windows.

Standard install
Quick install
Windows PowerShell install

We will first see the basic one, i.e., the Standard Install. And then move on to the Quick and PowerShell installation methods.

Method 1: Standard or Manual Installation of MQTT Broker on Windows

When obeying this standard procedure, you will have to install certain other dependencies.

To start with the manual installation procedure, the pre-requisite is to download files from Eclipse as a part of the dependencies.

Mosquitto can be downloaded as a service since version 15.8. In this case, Mosquitto starts automatically.

But before these, you need to install the Windows installation files.

So now, let’s move on to the installation steps.

1: Double click on install script.

2: The “Dependencies” screen will appear, which will tell you about the required additional files.

3: In the “Choose Components” page, tick the box that will install Mosquitto as a “Service.”

4: By default, the location of installation will be set at C:\ program files\mosquitto. If you want to install the service somewhere else, you can browse to that particular location.

5: Click on “Finish” to complete the process.

After the above steps get executed successfully, you now need to copy the additional files to the install directory.

Two additional files will be available for copying, as listed below:

libcrypto-1_1_x64.dll
libssl-1_1_x64.dll

Point to Note: These files are included in the 1.5.8 install package. And you can also get these files by installing OpenSSL.

Starting MQTT on Your Windows Device

For manual starting of the MQTT broker, open “Command Window.” Navigate to the directory where you installed Mosquitto and type mosquitto.

If saved in C drive, the command will appear as: C:\mosquitto>mosquitto

If you want to use command-line switches, type

mosquitto -h

It will open the “Help” section for you, as shown in the below-given snapshot.

The command mosquitto -v will let you start in verbose mode, and you can thus see the console messages.

Method 2: Quick Installation of MQTT Broker Windows

Many people don’t prefer the traditional manual way of installing an MQTT broker. It is because the manual process involves the installation of many other dependencies. To avoid the hectic process of copying files from here to there and finding sources to download the dependencies, many users have shifted to the Quick install process.

The mosquitto version 1.5.8 works well with WebSockets.

While Quick installation, you can take the help of online sites that offer quick links for downloading all the packages at one go. Then, you can unzip the folders in the directory where you have kept MQTT. Henceforth, follow the steps as discussed for standard installation.

Method 3: MQTT Installation via PowerShell

It is an alternative installation process involving Windows PowerShell.

1: Open the PowerShell Command prompt by selecting “Run as Administrator” option.

2: Chose the directory where you want to install mosquitto and type the below command:

./mosquitto install

3: Mosquitto will get installed, but you won’t get any notification.

4: To start mosquitto, reboot your device, or start it manually.

5: Open the regular command prompt as Administrator and type the following codes. Make sure it is in the same given sequence.

sc query mosquitto, sc start mosquitto, sc query mosquitto

Testing the Installation

Now that you have done your part of the installation, how can you confirm whether the process got executed successfully?

Well, it is simple.

Open command window
Type down the below command
- netstat -a

The format should be as follows:

C:\ Users\ username> netstat -a

An instance is shown below.

Running the command should show you that the MQTT broker is running on port 1883.

So, these were some of the ways to install the Mosquitto MQTT broker Windows. I hope the tutorial will be beneficial for you.

Источник