MQTT Broker Moquette

MQTT is a machine-to-machine (M2M)/"Internet of Things" connectivity protocol. It was designed as an extremely lightweight publish/subscribe messaging transport.

To allow MQTT capable devices to communicate with each other you need a software called MQTT Broker.

You can either install one of the many MQTT Broker offerings like the free Mosquitto broker or use this pre-configured Moquette broker.

Check your Inbox after installation.

Service Configuration

All parameters are optional and can be set by file or the REST interface (user-interfaces).

  • port: The port, the embedded broker should run on. Defaults to not set, which means the typical ports 1883 and 8883 (SSL) are used.
  • username: The user name that clients need to provide to connect to this broker.
  • password: The password that clients need to provide to connect to this broker.
  • secure: If set, hosts a secure SSL connection on port 8883 or otherwise a non secure connection on port 1883 (if not overwritten by the port parameter).
  • persistence_file: An optional persistence file. Retained messages are stored in this file. Can be empty to not store anything. The default is "userdata/mqttembedded.bin". If it starts with "/" on Linux/MacOS or with a drive letter and colon (eg "c:/") it will be treated as an absolute path. Be careful to select a path that you have write access to.

TLS connections

The keystore that is included to allow to start a TLS encrypted connection is generated by:

keytool -genkey -v -keystore serverkeystore.keystore -alias main -keyalg RSA -keysize 2048 -validity 100000 -deststoretype pkcs12

The keystore is embedded into the bundle and cannot be replaced.

Plans for the future

  • The moquette MQTT broker supports ACL (access control lists), so allows to restrict read/write access per topic per user or client id. That need to be exposed as configuration values at some point.

  • Multiple users are supported by the broker software. openHAB does not yet have a user management though.

  • The keystore need to be replaceable as soon as openHAB gained a way to configure SSL truststores framework wide.