Hosting a Mosquitto Server on Windows: A Step-by-Step Tutorial

This tutorial will guide you through the process of setting up a Mosquitto MQTT server on a Windows 11 computer.


  • MQTT Explorer or another MQTT client installed on your server computer.
  • An additional MQTT client, ESP32, or another computer to test the connection to the server.

Mosquitto Installation

1) Download Mosquitto 64-bit version from Mosquitto's official website.

2) Run the installation file and follow the prompts, clicking "Next" until the "Install" button appears.

3) Install Mosquitto using the default path by clicking "Install."

4) Once installation is complete, click "Finish."

5) Open the Task Manager and navigate to the Services tab. You should find the Mosquitto service listed and stopped.

mosquitto service

6) Start the Mosquitto service.

7) Use your MQTT client to connect to 'localhost' and verify the connection.

mqtt explorer localhost

You should be connected to the broker like below



1) Edit the mosquitto.conf file located in your mosquitto.exe installation directory in a text editor.


allow_anonymous true
listener 1883 YOUR_SERVER_IP

Replace YOUR_SERVER_IP with the IP address of your server. This configuration allows anonymous connections and specifies the server's listening address. Note: Strengthen security with authentication after initial testing.

2) Save the file. If administrator rights are required, save to a different location and then copy it back to the original directory.

3) Restart the Mosquitto service via the Task Manager.

Firewall Configuration

1) Type firewall in the Windows search input and select "Windows Defender Firewall"

2) Click on Advanced settings

Now we are going to create 2 rules for Mosquitto, one for Inbound connections, one for Outbound connections

3) Click on "Inbound Rules" and "New Rule"

create inbound rule for program

4) Click "Next"

5) Enter your mosquitto.exe install path

mosquitto.exe install path

6) Click "Next"

7) Select "Allow the connection" and click "Next"

allow connection

8) Uncheck "Domain" and "Public" and click "Next"

private only

9) Name your rule and click "Finish"


10) Repeat the same for an Outbound rule

outbound rule definition

Upon completing these steps, your Mosquitto server should be accessible to clients within your local network.

Now don't forget to strenghten your broker security


Adding a username and a password

1) Create a text file named pwd.txt and enter your desired username and password in the format username:password.

Example: admin:strongpassword123

password txt file

2) Save this file and move it to the directory where mosquitto.exe is installed.

3) Open Command Prompt as an administrator.

4) In the Command Prompt, navigate to the Mosquitto directory and run the following command to hash your password for security:

mosquitto_passwd -c pwd.txt

encryption password mosquitto command

5) In your mosquitto.conf file, add:

password_file C:\Program Files\mosquitto\pwd.txt

6) Change the line allow_anonymous true to allow_anonymous false. This ensures that only authenticated users can connect.

7) Your final configuration should include these lines:

allow_anonymous false

password_file C:\Program Files\mosquitto\pwd.txt

listener 1883 YOUR_SERVER_IP

8) Restart mosquitto service

Retry to connect from your MQTT client

Restricting firewall rules

1) Open Windows Firewall and navigate to Advanced settings.

2) In the Inbound Rules, find your Mosquitto rule and double-click to edit it.

3) Go to the 'Protocols and Ports' tab.

4) Set the rule to only allow traffic through the port used by your broker (default is 1883).

1883 firewall port setting

6) Apply the same settings to the Outbound Rule.

7) Test the connection with your MQTT client to ensure everything is functioning correctly.

By following these steps, your MQTT broker on Windows is now more secure, reducing the risk of unauthorized access.

Back to blog