Mosquitto: Bridges
How to connect Mosquitto servers together (bridge)
👋 Welcome to the Stackhero documentation!
Stackhero offers a ready-to-use Mosquitto MQTT cloud solution that provides a host of benefits, including:
- Unlimited message exchanges and transfers.
- Unlimited devices authentication via an external API.
- Advanced ACLs on topics, users and actions.
- Customizable domain name secured with HTTPS (for example, https://mqtt.your-company.com).
- Effortless updates with just a click.
- Optimal performance and robust security powered by a private and dedicated VM.
Save time and simplify your life: it only takes 5 minutes to try Stackhero's Mosquitto MQTT cloud hosting solution!
Connecting multiple MQTT brokers allows seamless data exchange across different locations.
Imagine having a Mosquitto server at a warehouse with several devices connected. You can connect this remote broker to a Stackhero instance (Mosquitto MQTT) using the "bridge" feature. This setup allows devices connected to the Stackhero instance and those at the warehouse to communicate as if they were connected to the same broker.
For advanced usages, you can customize which topics need to be shared. You can also add remote topics to a sub-topic like "warehouse", where "warehouse/#" will catch all your remote devices. This is achieved using the
topicoption inmosquitto.conf. While this guide will not cover this advanced configuration, you can find more information in the official Mosquitto documentation.
Configuring Mosquitto to connect to another server (bridge)
In this example, a remote server will connect to a Stackhero instance using a dedicated user with TLS encryption for maximum security.
First, create a new user on the Stackhero MQTT instance. Let us call it bridge-1, with the password secretPassword.
Next, on the remote Mosquitto server, you can edit the mosquitto.conf configuration file (usually located at /etc/mosquitto/mosquitto.conf) by adding the following lines at the end:
# TODO: replace "<XXXXXX>.stackhero-network.com" and "<PORT_TLS>" with your Stackhero instance information
connection <XXXXXX>.stackhero-network.com
address <XXXXXX>.stackhero-network.com:<PORT_TLS>
# TODO: replace "bridge-1" and "secretPassword" with the newly created user's credentials
remote_clientid bridge-1
remote_username bridge-1
remote_password secretPassword
start_type automatic
try_private true
# Topics to share, direction, and QOS.
# Note that "both" seems to not work for an unknown reason.
topic # out 2
topic # in 2
# Enable TLS connection to encrypt data between your remote Mosquitto server and your Stackhero instance.
bridge_insecure false
bridge_capath /etc/ssl/certs
Before restarting Mosquitto with its new configuration, ensure that TLS certificates exist on your remote server.
Check that the /etc/ssl/certs directory exists and contains files with the command:
ls /etc/ssl/certs
If it exists and contains files, you can simply restart your Mosquitto server.
If it does not exist, you might consider executing one of these commands:
-
On Ubuntu/Debian, you can run:
sudo apt-get install ca-certificates -
On Alpine Linux, you might run:
apk add ca-certificates
Alternatively, you can manually download the certificate. To do this, download the CA certificate to /etc/mosquitto/isrgrootx1.pem using the following command:
wget https://letsencrypt.org/certs/isrgrootx1.pem -O /etc/mosquitto/isrgrootx1.pem
Then, edit the mosquitto.conf file to replace bridge_capath /etc/ssl/certs with bridge_cafile /etc/mosquitto/isrgrootx1.pem.
Finally, restart your Mosquitto server.
For more information on bridge configuration, you can refer to the official Mosquitto documentation.
Testing the Mosquitto bridge configuration
Mosquitto does not provide extensive logs to verify that your bridge is working.
The best way to ensure its functionality is to test it directly.
You can connect to your remote server and subscribe to the testBridge topic using an existing user (and password) declared on the remote server:
mosquitto_sub -h 127.0.0.1 -u <user> -P <password> -t "testBridge" -v
In another terminal, you can connect to your Stackhero Mosquitto instance using an existing user (and password) declared on your Stackhero Mosquitto instance:
mosquitto_sub -h <XXXXXX>.stackhero-network.com -p <PORT_TLS> -u <user> -P <password> -t "testBridge" -v
Open a third terminal and send a test message using your Stackhero instance (and a corresponding user):
mosquitto_pub -h <XXXXXX>.stackhero-network.com -p <PORT_TLS> -u <user> -P <password> -t "testBridge" -m "Message from Stackhero broker"
You should see the "Message from Stackhero broker" on your first two terminals.
Finally, send a test message using your remote Mosquitto instance:
mosquitto_pub -h 127.0.0.1 -u <user> -P <password> -t "testBridge" -m "Message from remote broker"
Congratulations! You now have your two MQTT servers connected securely, with authentication and encryption!