Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
blocks:server:advanced_server_configuration:mqtt [2023-05-06 07:12] mattias [Security] |
blocks:server:advanced_server_configuration:mqtt [2023-07-13 10:08] (current) admin [MQTT] |
||
---|---|---|---|
Line 3: | Line 3: | ||
MQTT is a standard messaging protocol mainly used for Internet of Things devices (IoT). It is designed as a lightweight publish/ | MQTT is a standard messaging protocol mainly used for Internet of Things devices (IoT). It is designed as a lightweight publish/ | ||
+ | :!: Support for MQTT was added in Blocks version 6.1. Thus, you need that version or later to follow this guide. | ||
=====Principle of MQTT Messaging===== | =====Principle of MQTT Messaging===== | ||
Line 14: | Line 15: | ||
A client can subscribe to a given //topic//, provided through the broker, to then receive messages sent on that topic. Similarly, a client can publish messages under a topic, to be forwarded by the broker to subscribers of that topic. | A client can subscribe to a given //topic//, provided through the broker, to then receive messages sent on that topic. Similarly, a client can publish messages under a topic, to be forwarded by the broker to subscribers of that topic. | ||
====Topic==== | ====Topic==== | ||
- | Topics are used to register interest in a specific incoming message type and, conversely, to specify where to publish outbound messages. Topics are often arranged | + | Topics are used to register interest in a specific incoming message type and, conversely, to specify where to publish outbound messages. Topics are often arranged |
< | < | ||
Line 28: | Line 29: | ||
=====MQTT in Blocks===== | =====MQTT in Blocks===== | ||
- | MQTT in itself is just the message transport mechanism. The data carried in these mesages | + | MQTT in itself is just the message transport mechanism. The data carried in these messages |
{{: | {{: | ||
====Enabling the Broker==== | ====Enabling the Broker==== | ||
- | While any broker can be used, the [[https:// | + | While any broker can be used, the [[https:// |
To enable the broker, follow these steps. | To enable the broker, follow these steps. | ||
Line 74: | Line 75: | ||
===Configuring the Broker=== | ===Configuring the Broker=== | ||
- | The following commands assume you're logged into the terminal as the pixi-amdin user. If not use the //su pixi-admin// | + | The following commands assume you're logged into the terminal as the pixi-admin user. If not use the //su pixi-admin// |
The Mosquitto broker' | The Mosquitto broker' | ||
Line 113: | Line 114: | ||
The broker can be configured to require client authentication using a username and password before a connection is permitted. | The broker can be configured to require client authentication using a username and password before a connection is permitted. | ||
- | :!: **NOTE**: The username and password combination is transmitted in clear text, and is not secure without some form of transport encryption involving certificates | + | :!: **NOTE**: The username and password combination is transmitted in clear text, and is not secure without some form of transport encryption involving certificates |
===Adding a Password File=== | ===Adding a Password File=== | ||
- | The following commands assume you're logged into the terminal as the pixi-amdin user. If not use the //su pixi-admin// | + | The following commands assume you're logged into the terminal as the pixi-admin user. If not use the //su pixi-admin// |
< | < | ||
- | mosquitto_passwd -c pixi-pwd blocks | + | sudo mosquitto_passwd -c pixi-pwd blocks |
- | Change the broker configuration to specify a password file. | + | |
</ | </ | ||
+ | Change the broker configuration and add the line that specifies a password file and turn off the option to use the broker as anonymous user. | ||
< | < | ||
listener 1883 | listener 1883 | ||
# Enable either one of the following depending on whether you want | # Enable either one of the following depending on whether you want | ||
# password authentication or not | # password authentication or not | ||
- | password_file / | + | password_file / |
- | #allow_anonymous | + | allow_anonymous |
</ | </ | ||
+ | ===Secure connection (TLS)=== | ||
+ | |||
+ | Any MQTT application that is running over the internet or Local Area Network accessible by general public should use secure connections and password authentication. To enable TLS with a self signed certificate on the mosquitto broker please follow this article. | ||
+ | |||
+ | [[blocks: | ||
==== Blocks Server Configuration File ==== | ==== Blocks Server Configuration File ==== | ||
Line 146: | Line 152: | ||
username: pixi # Default is no username and password | username: pixi # Default is no username and password | ||
password: pixi | password: pixi | ||
+ | encryption: false # Set to true if secure connection (tls) is available. | ||
+ | port: 1883 # Default is 1883 if non-encypted and 8883 if encrypted | ||
</ | </ | ||
+ | |||
In the standard case, no explicit MQTT configuration is required, in which case a default broker connection to // | In the standard case, no explicit MQTT configuration is required, in which case a default broker connection to // | ||
Line 161: | Line 170: | ||
Follow the MQTT section in the [[https:// | Follow the MQTT section in the [[https:// | ||
- | ====3rd party tools.==== | + | ====MQTT Explorer (3rd party tool)==== |
We have successfully used this tool to explore and get a visual view over the current broker topics. The tools is also perfect to test mqtt devices functionality outside Blocks. | We have successfully used this tool to explore and get a visual view over the current broker topics. The tools is also perfect to test mqtt devices functionality outside Blocks. | ||
- | |||
[[https:// | [[https:// | ||
+ | |||
+ | The two following screenshots show connection examples. | ||
+ | |||
+ | |||
+ | Without TLS encryption: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | Without TLS encryption: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | After successful connection the $SYS/broker topic should appear. This is some statistics published by the broker itself. | ||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
Credits to Thomas Nordquist for the great work. | Credits to Thomas Nordquist for the great work. | ||