acf domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php on line 6131all-in-one-wp-migration domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php on line 6131rocket domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/vhosts/studiogo.tech/httpdocs/upcloudold/wp-includes/functions.php on line 6131MQTT stands for MQ Telemetry Transport. It is a publish\/subscribe, extremely simple and lightweight messaging protocol, designed for constrained devices and low-bandwidth, high-latency or unreliable networks. The MQTT protocol defines two types of network entities: a message broker and a number of clients. An MQTT broker is a server that receives all messages from the clients and then routes the messages to the appropriate destination clients. An MQTT client is any device (from a microcontroller up to a full-fledged server) that runs an MQTT library and connects to an MQTT broker over a network.<\/p>\n
In this tutorial, you will learn how to install, configure and secure an MQTT broker. For this task, we will use a popular message broker Mosquitto. In addition, you will learn how to use Certbot to automatically acquire Let’s Encrypt SSL\/TLS certificate for your server. We will show you how to install and configure a simple Node.js web server for monitoring MQTT messages remotely from a web browser. We will also install a MongoDB for storing MQTT messages in the database.<\/p>\n
Test hosting on UpCloud!<\/a><\/p>\n<\/p>\n You will need a valid domain name pointed to your server IP address. If you do not have one, you can purchase it from many domain name seller, e.g. Namecheap<\/a>, GoDaddy<\/a>, Domain.com<\/a>, or any other that you prefer. If you do not know how to point a domain name to an IP address, check this guide to domain name systems<\/a> or refer to an instruction from your domain name seller. For the purpose of this tutorial, we will use mqtt.example.com<\/span> domain name as an example, replace it with your domain where asked.<\/p>\n You will need to have a key pair to be able to use SSH keys login. If you do not have one, you will need to generate it.<\/p>\n On Linux and macOS open a terminal window. At the shell prompt, type the following command:<\/p>\n The ssh-keygen<\/em> program will prompt you for the location of the key file. You can use the default one or specify your own. Another option is to specify a passphrase to protect your key material. Note the location to which your public and private keys were saved because they will be required later.<\/p>\n On Windows, download and install PuTTY from the official website<\/a>. Go to Start > All Programs > PuTTY > PuTTYgen and start the application. Click the Generate button and follow the instructions. Once the key generation is finished, you will be presented with the results. Click Save Private Key to save the private key as a file. Repeat the process for the public key, or simply copy the public key from PuTTY’s text area into your clipboard and save it as a text file. Note the location to which your public and private keys were saved because they will be required later.<\/p>\n<\/p>\n First things first, if you are not registered on the UpCloud yet, begin by getting signed up<\/a>. Take a moment to create an account after which you can easily deploy your own cloud servers<\/a>.<\/p>\n Deploy a new cloud instance, where the first Simple Plan of 1 CPU core, 1 GB memory and 25 GB storage is sufficient. Of course, if you are planning to put your Server on some heavy tasks, use another Simple plan or the Flexible one. Select an availability zone of your choice and the Ubuntu Server 18.04 LTS (Bionic Beaver) from the Public Templates. You can find in-depth instructions on all configuration options in a guide for how to deploy a server<\/a>.<\/p>\n<\/p>\n In this step, you will find out how to configure your Ubuntu Server for increasing security and usability. This will give you a solid foundation for subsequent actions. You will learn about SSH Keys login, creating a new user with administrative privileges and basic firewall settings. If you already did this during deployment phase with Initialization Scripts<\/a>, or manually after the deployment phase, you should skip this step.<\/p>\n If you are not already connected to your server, go ahead and log in as the root user using the following command:<\/p>\n After successfully logging in, we will create a new user called donald<\/em> and grant him administrative privileges. You can name your user whatever you want.<\/p>\n Create a hidden folder to your user account home directory on your cloud server with the following command:<\/p>\n Insert public key from your key pair on your local machine to authorized_keys<\/em> in the previously created hidden folder.<\/p>\n Adjust SSH configuration ownership and permissions:<\/p>\n Disable root to log in using SSH:<\/p>\n Disable login with password:<\/p>\n Restart the SSH service to apply the changes by using the command below:<\/p>\n You can configure the firewall using UpCloud Firewall<\/a>. But, in this tutorial, we will set up a basic firewall by using UFW application. By doing this we will make sure to allow connections only to certain services. First, you need to install UFW with the next command:<\/p>\n Sometimes, the application can already have registered profiles for UFW, so it can be managed with those profile names. You can check which applications have these profiles by inserting the following command:<\/p>\n You should at least get an OpenSSH as an answer since we are going to allow it in our firewall with:<\/p>\n Now we just need to enable ufw with the next command:<\/p>\n All other connections, that we explicitly did not set in allow list, are blocked. You can check the current status of your firewall at any time by typing:<\/p>\n At this point, you have a solid foundation for your server. You should log out from your root user and login with your private key to your newly created user.<\/p>\n Make sure to regularly check for updates on your server. Begin by updating the package list:<\/p>\n Next, upgrade installed packages to their latest available versions:<\/p>\n Once the updates have finished, you can perform additional upgrades that involve changing dependencies, adding or removing new packages as necessary, with the following command:<\/p>\n This will take care of a set of upgrades which may have been held back by regular upgrade command.<\/p>\n<\/p>\n Let’s Encrypt<\/a> is a nonprofit Certificate Authority providing free TLS certificate for your site. In this section, you will learn how to set up Certbot<\/a> to automatically acquire SSL certificates. You need to install Certbot, but to be sure that you get the latest version, first, add Certbot’s repository:<\/p>\n Next, you need to update the package list with the newest repository:<\/p>\n Install Certbot with the following command:<\/p>\n Certbot needs an open port 80 or 443 to acquire the TLS certificate, and since we are blocking all ports (except SSH) with firewall, you need to open one of these two. We are going to use port 80:<\/p>\n Now, we can run our Certbot. Use the next command and follow onscreen instruction:<\/p>\n You’ll need to complete the following selection:<\/p>\n That is it! You should see the congratulation message and also a path where your certificates are stored. Please remember this path because you will need for subsequent actions. Anyhow, it should be in \/etc\/letsencrypt\/live\/mqtt.example.com<\/em> folder (replace mqtt.example.com<\/span> with your domain). You can list your certificates with:<\/p>\n This certificate is only valid for 90 days, but Certbot adds a script to cron.d that runs twice a day and automatically renews any certificate that is within 30 days of expiration. Later on, we are going to cover renewals and adding some extra commands to renew config file.<\/p>\n<\/p>\n Eclipse Mosquitto<\/a> is an open-source (EPL\/EDL licensed) message broker that implements the MQTT protocol versions 5.0, 3.1.1 and 3.1. Mosquitto is lightweight and is suitable for use on all devices from low power single board computers to full servers. To install the latest version of Mosquitto you will firstly need to add Mosquitto’s repository:<\/p>\n Next, you need to update the packages list with the newest repository:<\/p>\n Then, install Mosquitto with the following command:<\/p>\n By doing this, you have successfully installed Mosquitto MQTT broker. You can use it out-of-the-box as installed, but we do not recommend that. We suggest you configure your server for some additional security. We will add a new Mosquitto user secured with a password using the following command:<\/p>\n Open up a new configuration file named custom.conf<\/em> in \/etc\/mosquitto\/conf.d\/<\/em> folder:<\/p>\n Copy the following commands and paste them in the custom.conf<\/em> file. Replace the mqtt.example.com<\/em><\/span> with your domain on each certificate and key file line.<\/p>\n Save the file and exit by typing the :wq<\/em> command.<\/p>\n Also, make sure Mosquitto service will have access to the certificate files.<\/p>\n Next, the Mosquitto broker needs to be restarted so the configuration can take place.<\/p>\n After this, add new rules to firewall to match the .conf<\/em> file:<\/p>\n With this configuration file, we told our MQTT broker that anonymous users will not be tolerated. We have specified the path to a file where passwords are being stored. We have configured three listeners. First is on port 1883 which is unencrypted and only allowed to be used in the localhost environment. It is mostly intended for testing purposes. The second listener is on port 8883, which is encrypted with TLS certificate. The third listener is on port 8083 which is encrypted with TLS certificate as well, but it is intended for use over WebSocket protocol.<\/p>\n For the testing purposes, log in to your server in a second terminal to have two command line available at the same time.<\/p>\n In the first terminal, run the following command to subscribe to some topics (e.g. “mqtt_topic_name”):<\/p>\n Then, in the second terminal, run the following command to publish the message to the previously mentioned topic:<\/p>\n You should receive the following message: “Hello MQTT World” in the first terminal.<\/p>\n Do not forget to close the second terminal and exit from mosquitto_sub command in the first terminal with CTRL+C.<\/p>\n To test your MQTT broker via WebSocket you can use some popular online services like Eclipse Paho<\/a>, HiveMQ<\/a>, MQTTLens<\/a>, or some other that you prefer.<\/p>\n<\/p>\nPrerequisites<\/h2>\n
Domain name<\/h4>\n
Key pair<\/h4>\n
ssh-keygen -t rsa<\/pre>\n
Step 1 – Deploying a Cloud Server<\/h2>\n
Step 2 – Initial Server Configuration<\/h2>\n
ssh root@your_server_ip_address<\/pre>\n
useradd --create-home --shell \"\/bin\/bash\" --groups sudo donald<\/pre>\n
mkdir -p \/home\/donald\/.ssh<\/pre>\n
echo \"your_public_key\" >> \/home\/donald\/.ssh\/authorized_keys<\/pre>\n
chmod 0700 \/home\/donald\/.ssh\nchmod 0600 \/home\/donald\/.ssh\/authorized_keys\nchown -R donald:donald \/home\/donald\/.ssh<\/pre>\n
sed -i 's\/^PermitRootLogin.*\/PermitRootLogin no\/g' \/etc\/ssh\/sshd_config<\/pre>\n
sed -i 's\/^PasswordAuthentication.*\/PasswordAuthentication no\/g' \/etc\/ssh\/sshd_config<\/pre>\n
systemctl restart sshd<\/pre>\n
apt install ufw<\/pre>\n
ufw app list<\/pre>\n
ufw allow OpenSSH<\/pre>\n
ufw enable<\/pre>\n
ufw status<\/pre>\n
For consideration<\/h4>\n
apt update<\/pre>\n
apt upgrade<\/pre>\n
apt dist-upgrade<\/pre>\n
Step 3 – Setup Certbot to acquire Let’s Encrypt TLS Certificate<\/h2>\n
sudo add-apt-repository ppa:certbot\/certbot<\/pre>\n
sudo apt update<\/pre>\n
sudo apt install certbot<\/pre>\n
sudo ufw allow 80<\/pre>\n
sudo certbot certonly --standalone --preferred-challenges http -d mqtt.example.com<\/pre>\n
\n
sudo ls \/etc\/letsencrypt\/live\/mqtt.example.com<\/span><\/pre>\nStep 4 – Install and configure Mosquitto MQTT broker<\/h2>\n
sudo apt-add-repository ppa:mosquitto-dev\/mosquitto-ppa<\/pre>\n
sudo apt update<\/pre>\n
sudo apt install mosquitto mosquitto-clients<\/pre>\n
sudo mosquitto_passwd -c \/etc\/mosquitto\/passwd mqttdonald<\/pre>\n
sudo vi \/etc\/mosquitto\/conf.d\/custom.conf<\/pre>\n
allow_anonymous false\npassword_file \/etc\/mosquitto\/passwd\nlistener 1883 localhost\nlistener 8883\ncertfile \/etc\/letsencrypt\/live\/mqtt.example.com<\/span>\/cert.pem\ncafile \/etc\/letsencrypt\/live\/mqtt.example.com<\/span>\/chain.pem\nkeyfile \/etc\/letsencrypt\/live\/mqtt.example.com<\/span>\/privkey.pem\nlistener 8083\nprotocol websockets\ncertfile \/etc\/letsencrypt\/live\/mqtt.example.com<\/span>\/cert.pem\ncafile \/etc\/letsencrypt\/live\/mqtt.example.com<\/span>\/chain.pem\nkeyfile \/etc\/letsencrypt\/live\/mqtt.example.com<\/span>\/privkey.pem<\/pre>\nsudo setfacl -R -m u:mosquitto:rX \/etc\/letsencrypt\/{live,archive}<\/pre>\nsudo systemctl restart mosquitto<\/pre>\n
sudo ufw allow 8883<\/pre>\n
sudo ufw allow 8083<\/pre>\n
mosquitto_sub -h localhost -t mqtt_topic_name -u \"mqttdonald\" -P \"password\"<\/pre>\n
mosquitto_pub -h mqtt.example.com -t mqtt_topic_name -m \"Hello MQTT World\" -p 8883 --capath \/etc\/ssl\/certs\/ -u \"mqttdonald\" -P \"password\"<\/pre>\n
Step 5 – Install Node.js<\/h2>\n