This tutorial will guide you through the process of setting up a Mosquitto MQTT server on a Windows 11 computer.
Prerequisites
- MQTT Explorer or another MQTT client installed on your server computer.
- An additional MQTT client, ESP32, or another computer to test the connection to the server.
Mosquitto Installation
1) Download Mosquitto 64-bit version from Mosquitto's official website.
2) Run the installation file and follow the prompts, clicking "Next" until the "Install" button appears.
3) Install Mosquitto using the default path by clicking "Install."
4) Once installation is complete, click "Finish."
5) Open the Task Manager and navigate to the Services tab. You should find the Mosquitto service listed and stopped.
6) Start the Mosquitto service.
7) Use your MQTT client to connect to 'localhost' and verify the connection.
You should be connected to the broker like below
Configuration
1) Edit the mosquitto.conf file located in your mosquitto.exe installation directory in a text editor.
Add:
listener 1883 YOUR_SERVER_IP
Replace
YOUR_SERVER_IP with the IP address of your server. This configuration allows anonymous connections and specifies the server's listening address. Note: Strengthen security with authentication after initial testing.
2) Save the file. If administrator rights are required, save to a different location and then copy it back to the original directory.
3) Restart the Mosquitto service via the Task Manager.
Firewall Configuration
1) Type firewall in the Windows search input and select "Windows Defender Firewall"
2) Click on Advanced settings
Now we are going to create 2 rules for Mosquitto, one for Inbound connections, one for Outbound connections
3) Click on "Inbound Rules" and "New Rule"
4) Click "Next"
5) Enter your mosquitto.exe install path
6) Click "Next"
7) Select "Allow the connection" and click "Next"
8) Uncheck "Domain" and "Public" and click "Next"
9) Name your rule and click "Finish"
10) Repeat the same for an Outbound rule
Upon completing these steps, your Mosquitto server should be accessible to clients within your local network.
Now don't forget to strenghten your broker security
Security
Adding a username and a password
1) Create a text file named pwd.txt and enter your desired username and password in the format username:password.
Example: admin:strongpassword123
2) Save this file and move it to the directory where mosquitto.exe is installed.
3) Open Command Prompt as an administrator.
4) In the Command Prompt, navigate to the Mosquitto directory and run the following command to hash your password for security:
mosquitto_passwd -c pwd.txt
5) In your mosquitto.conf file, add:
password_file C:\Program Files\mosquitto\pwd.txt
6) Change the line allow_anonymous true to allow_anonymous false. This ensures that only authenticated users can connect.
7) Your final configuration should include these lines:
allow_anonymous false
password_file C:\Program Files\mosquitto\pwd.txt
listener 1883 YOUR_SERVER_IP
8) Restart mosquitto service
Retry to connect from your MQTT client
Restricting firewall rules
1) Open Windows Firewall and navigate to Advanced settings.
2) In the Inbound Rules, find your Mosquitto rule and double-click to edit it.
3) Go to the 'Protocols and Ports' tab.
4) Set the rule to only allow traffic through the port used by your broker (default is 1883).
6) Apply the same settings to the Outbound Rule.
7) Test the connection with your MQTT client to ensure everything is functioning correctly.
By following these steps, your MQTT broker on Windows is now more secure, reducing the risk of unauthorized access.