Mosquitto: Configuring Mosquitto to connect to another server (bridge)
This documentation is part of the Bridges guide. View the full guide here: How to connect Mosquitto servers together (bridge).
👋 Welcome to the Stackhero documentation!
Stackhero offers a ready-to-use Mosquitto MQTT cloud solution that provides a host of benefits, including:
- Unlimited message exchanges and transfers.
- Unlimited devices authentication via an external API.
- Advanced ACLs on topics, users and actions.
- Customizable domain name secured with HTTPS (for example, https://mqtt.your-company.com).
- Effortless updates with just a click.
- Optimal performance and robust security powered by a private and dedicated VM.
Save time and simplify your life: it only takes 5 minutes to try Stackhero's Mosquitto MQTT cloud hosting solution!
In this example, a remote server will connect to a Stackhero instance using a dedicated user with TLS encryption for maximum security.
First, create a new user on the Stackhero MQTT instance. Let us call it bridge-1, with the password secretPassword.
Next, on the remote Mosquitto server, you can edit the mosquitto.conf configuration file (usually located at /etc/mosquitto/mosquitto.conf) by adding the following lines at the end:
# TODO: replace "<XXXXXX>.stackhero-network.com" and "<PORT_TLS>" with your Stackhero instance information
connection <XXXXXX>.stackhero-network.com
address <XXXXXX>.stackhero-network.com:<PORT_TLS>
# TODO: replace "bridge-1" and "secretPassword" with the newly created user's credentials
remote_clientid bridge-1
remote_username bridge-1
remote_password secretPassword
start_type automatic
try_private true
# Topics to share, direction, and QOS.
# Note that "both" seems to not work for an unknown reason.
topic # out 2
topic # in 2
# Enable TLS connection to encrypt data between your remote Mosquitto server and your Stackhero instance.
bridge_insecure false
bridge_capath /etc/ssl/certs
Before restarting Mosquitto with its new configuration, ensure that TLS certificates exist on your remote server.
Check that the /etc/ssl/certs directory exists and contains files with the command:
ls /etc/ssl/certs
If it exists and contains files, you can simply restart your Mosquitto server.
If it does not exist, you might consider executing one of these commands:
-
On Ubuntu/Debian, you can run:
sudo apt-get install ca-certificates -
On Alpine Linux, you might run:
apk add ca-certificates
Alternatively, you can manually download the certificate. To do this, download the CA certificate to /etc/mosquitto/isrgrootx1.pem using the following command:
wget https://letsencrypt.org/certs/isrgrootx1.pem -O /etc/mosquitto/isrgrootx1.pem
Then, edit the mosquitto.conf file to replace bridge_capath /etc/ssl/certs with bridge_cafile /etc/mosquitto/isrgrootx1.pem.
Finally, restart your Mosquitto server.
For more information on bridge configuration, you can refer to the official Mosquitto documentation.