Differences

This shows you the differences between two versions of the page.

--- blocks:server:advanced_server_configuration:mqtt [2023-05-16 11:49]
mattias
+++ blocks:server:advanced_server_configuration:mqtt [2025-01-13 12:03] (current)
mattias [Blocks Server Configuration File]
@@ Line 3: / Line 3: @@
 MQTT is a standard messaging protocol mainly used for Internet of Things devices (IoT). It is designed as a lightweight publish/subscribe messaging transport that is ideal for connecting remote devices with minimal network bandwidth requirements.
+:!: Support for MQTT was added in Blocks version 6.1. Thus, you need that version or later to follow this guide.
 =====Principle of MQTT Messaging=====
@@ Line 119: / Line 120: @@
 The following commands assume you're logged into the terminal as the pixi-admin user. If not use the //su pixi-admin// command to switch to that user, as described above.
+Make sure we have a password file to store the users (this will not overwrite if the file already exist:
 <code>
-sudo mosquitto_passwd -c pixi-pwd blocks
+sudo touch  /etc/mosquitto/conf.d/pixi-pwd
 </code>
+Set file ownership and restrictive permissions for the password file:
+<code>
+sudo chmod 400 /etc/mosquitto/conf.d/pixi-pwd
+sudo chown mosquitto:mosquitto /etc/mosquitto/conf.d/pixi-pwd
+</code>
+Create a user in mosquitto, the example command adds a user named blocks to an existing password file, the dialog o will prompt for a password.
+<code>
+sudo mosquitto_passwd  /etc/mosquitto/conf.d/pixi-pwd blocks
+</code>
+Read the manual for mosquitto_password to find out other options such as delete a user etc. Note, if the -c option is being used the existing file is overwritten and the file permissions must reset as mosquitto runs with limited permissions for security reasons.
+mosquitto_password will throw a warning when adding user while the password file is owned by mosquitto, with this permissions and ownership only root and mosquitto can read the file and mosquitto cannot modify it. It is possible but currently not necessary to temporary change ownership back to root:root while adding new users to mosquitto.
 Change the broker configuration and add the line that specifies a password file and turn off the option to use the broker as anonymous user.
+<code>
+sudo nano /etc/mosquitto/conf.d/pixi.conf
+</code>
+The settings:
 <code>
 listener 1883
@@ Line 130: / Line 152: @@
 password_file /etc/mosquitto/conf.d/pixi-pwd
 allow_anonymous false
+</code>
+Execute the change we must restart the service:
+<code>
+sudo systemctl restart mosquitto.service
 </code>
@@ Line 145: / Line 172: @@
 If this section is missing in the config file, default settings is assumed for the broker.
 <code>
 mqtt:
   defaultBroker:
     address: localhost  # Default is localhost
-    username: pixi   # Default is no username and password
+    username: blocks  # Replace blocks with the username you have configured in the broker, leave empty if anonymous user is allowed.
-    password: pixi
+    password: pixi  # Replace pixi with the password setup with your user.
-    encryption: false #Change to true if secure connection (tls) is available.
+    encryption: false  # Set to true if secure connection (tls) is available.
+    port: 1883 # Default is 1883 if non-encypted and 8883 if encrypted
 </code>
@@ Line 173: / Line 203: @@
 [[https://mqtt-explorer.com/|MQTT Explorer]]
-The two following screenshots show connection examples:
+The two following screenshots show connection examples.
 Without TLS encryption: