avatarJ3

Summary

The web content provides a detailed guide on how to bridge two Mosquitto MQTT brokers to create an international sensor network, including step-by-step configurations and testing procedures.

Abstract

The article titled "Mosquitto Bridge" explains the concept of bridging in the context of MQTT (Message Queuing Telemetry Transport) protocol, specifically using the Mosquitto broker software. It guides readers through the process of connecting two Mosquitto brokers, referred to as broker0 and broker1, to facilitate communication between devices spread across the globe. The author outlines the necessary configuration changes for both brokers, including setting up secure connections using TLS/SSL, and provides example commands for testing the bridge functionality. The guide emphasizes the importance of security measures such as disallowing anonymous clients, implementing access control lists (ACLs), and using certificates for authentication. The author also shares a personal anecdote of satisfaction with the successful setup of the bridge, indicating the effort involved in preparing the tutorial.

Opinions

  • The author is enthusiastic about the potential of bridging Mosquitto brokers, emphasizing the coolness of creating an international sensor network.
  • There is a sense of pride and accomplishment in presenting the guide, as the author mentions the effort involved in bringing the experiment to the readers.
  • The author assumes a level of familiarity with MQTT and Mosquitto, suggesting that readers may have followed previous episodes or tutorials on the subject.
  • The use of visual aids, such as diagrams and screenshots, is encouraged to help readers understand the bridge setup.
  • The author believes that the step-by-step approach, including downloadable configuration files and command-line instructions, will make the process clear and achievable for the reader.
  • There is an appreciation for the security aspects of the setup, with a focus on using TLS/SSL and proper authentication to ensure secure communication between brokers.

Mosquitto Bridge

How To Bridge Two Mosquitto Brokers — MQTT — Episode # 06

Mosquitto has a feature called bridging which basically lets you connect two (or more) brokers together.

Here are our bridge configurations(br-me-to-broker0):

Fig 1. Our bridge set up. The default mosquito.conf file will be our broker0 and a modified broker1 mosquitto_br.conf file will implement our br-me-to-broker0 (see that tunneling is extended on the right side) — by working like this we can have devices (0,1,2) spread around the world. A true international sensor network! Can you imagine how cool is it? Cool! Very nice! This is where the fun happens!

We will open two instances of the brokers, broker0, and broker1;

The broker1 will be responsible for implementing the bridge solution (for this we will modify the conf file at the BRIDGE session — see Table 1 below);

To fully understand this lesson, you can download the two configuration files from my google drive and open them in your notepad++.

I’m sure it will worth the effort!

Let’s get it on!

01#Step — For broker0, Open conf file in your notepad++ and edit theses lines in mosquitto.conf (assumed you’ve come from the last MQTT episode):

Line#Description
210 # Port to use for the default listener.
211 port 1883
...
310 tls_version tlsv1.2
...
373 # listener port-number [ip address/host name]
374 listener 8883
...
431 # Certificate based SSL/TLS support453 # Path to the PEM encoded    server certificate.
...
450 cafile C:\Program Files\mosquitto\certs\ca.crt
...
454 certfile C:\Program Files\mosquitto\certs\server.crt
...
457 keyfile C:\Program Files\mosquitto\certs\server.key
... 
651 allow_anonymous false
...
669 password_file C:\Program Files\mosquitto\passwordfile.pwd
...
728 acl_file C:\Program Files\mosquitto\acl.acl

In summary: the default configuration plus TLS/SSL; no anonymous client and ACL rules, as usual, nothing fancy, right? (you can download this file from my google drive right away:).

Please refer to the second and third MQTT episodes to fully understand it all:)

Fine! So far, so good!

02#Step — For broker1, Copy/paste mosquitto.conf and save it as mosquitto_br.conf (this will implement the bridge, named br-me-to-broker0);

Here is the configurations line by line (do not worry about details now; in Table 1 I’ll explain everything — just get it running in front of you!):

Line#Description
210 # Port to use for the default listener.
211 port 1884
...
310 tls_version tlsv1.2
...
373 # listener port-number [ip address/host name]
374 #listener
...
431 # Certificate based SSL/TLS support453 # Path to the PEM encoded    server certificate.
...
450 #cafile 
...
454 #certfile 
...
457 #keyfile
... 
651 allow_anonymous false
...
669 password_file C:\Program Files\mosquitto\passwordfile.pwd
...
728 acl_file C:\Program Files\mosquitto\acl.acl
...
755# =========================================================
756 # Bridges
757# =========================================================
...
792 connection br-me-to-broker0
793 address LAPTOP-JAYTHREE:8883
794 topic # both 0
...
817 cleansession false
...
839 notifications false
...
851 remote_clientid broker0
...
857 remote_password 123
...
863 remote_username admin
...
909 start_type automatic
...
922 try_private true
...
936 bridge_cafile C:\Program Files\mosquitto\certs\ca.crt
...
952 bridge_insecure false
...
955 bridge_certfile :\Program Files\mosquitto\certs\server.crt
...
958 bridge_keyfile C:\Program Files\mosquitto\certs\server.key

Save mosquitto_br.conf file. Now testing…

03#Step — For the test, open 6 prompts Terminals (2 of them as Administrator:)

Come on, it is a piece of cake!

At Terminal #1 (as admin), type:

mosquitto -c mosquitto.conf -v

Mosquitto will listen on Ports 1883 & 8883.

Fine!

At Terminal #2 (as admin), type:

mosquitto -c mosquitto_br.conf -v

The mosquitto will listen only on Port 1884 and, internally, by DN LAPTOP-JAYTHREE:8883 connect to the bridge. See Fig 2:

Fig 2. Now the two brokers are connected \o/

Watch out for the initialization message on both brokers;

The broker1 will connect to broker0 through the bridge named br-me-to-broker0 (via LAPTOP-JAYTHREE:8883) and will subscribe to all topics at broker0 (Fig 2 red frames).

Let’s publish and subscribe topic temperature with a common user1 (contained inside acl.acl file):

On Terminal #3 (subscription — broker0 to broker1 way):

mosquitto_sub -h localhost -p 1884 -u user1 -P 321 -t temperature

On Terminal #4 (publishing):

mosquitto_pub -h LAPTOP-JAYTHREE -p 8883 -u user1 -P 321 --cafile ca.crt -t temperature -m 47

On Terminal #5 (subscription — broker1 to broker0 way):

mosquitto_sub -h LAPTOP-JAYTHREE -p 8883 -u user1 -P 321 --cafile ca.crt -t temperature

On Terminal #6(publishing):

mosquitto_pub -h localhost -p 1884 -u user1 -P 321 -t temperature -m 48
Fig 3. Here is the final result. Huge success! (To access the certifications we need to be at \certs directory)

Tested and approved in both directions; both the certified and non-certified sides send published messages and the other side receives all messages perfectly.

Our bridge is working fine!

Although the mosquitto_br.conf instance disables the secure port (8883, no Extra listener), it does use it in the bridge (via LAPTOP-JAYTHREE:8883); this instance is responsible for loading all communication certificates that will be used between the brokers. This fact is very curious about this solution!

Summary table:

I hope you enjoy this experiment!

It takes all day to bring it to you on a silver tray:)

That’s all for now.

Thanks!

Bye!

Download All Files For This Project

Summary (cmds)

mosquitto -c mosquitto.conf -v
mosquitto -c mosquitto_bd.conf -v
mosquitto_sub -h localhost -p 1884 -u user1 -P 321 -t temperature
mosquitto_pub -h LAPTOP-JAYTHREE -p 8883 -u user1 -P 321 --cafile ca.crt -t temperature -m 47
mosquitto_sub -h LAPTOP-JAYTHREE -p 8883 -u user1 -P 321 --cafile ca.crt -t temperature
mosquitto_pub -h localhost -p 1884 -u user1 -P 321 -t temperature -m 48

Related Posts

01# Episode — Mosquitto Intro To MQTT — It is Suitable for the Internet of Things Applications — MQTT

02# Episode — Mosquitto — User Access Configurations Setups — Editing mosquitto.conf File to Configure SSL Authentications — MQTT

03# Episode — MosquittoACLs — Wildcards & ACL — access control lists — MQTT

04# Episode — Mosquitto — MQTT QoS — How To Set QoS at Mosquitto Broker — MQTT

05# Episode — Mosquitto — Bulletproof TLS & SSL Mosquitto — How To Set Up Mosquitto Broker/Client Keys & Certificates — MQTT

06# Episode — Mosquitto — Mosquitto Bridge — How To Bridge Two Mosquitto Brokers — MQTT(this one)

07…be tuned for the upcoming post about MQTT and IoT o/

Credits & References

Microgênios — Treinamento em Sistemas Embarcados — Microchip Regional Partner — Microchip Certified Brazilian Training Education Company & A Simplício-Owned-Awesome Enterprise o/

Bridging by owntracks.org

Want to clarify things around Certs?— please, visit: https://codebayblog.wordpress.com/2016/07/17/first-blog-post/ — (credits: larryl79 Nov/2021)

Mqtt
Mqtt Broker
Bridge Protocol
Tts Ssl
Mosquitto
Recommended from ReadMedium
avatarAustin Starks
I used OpenAI’s o1 model to develop a trading strategy. It is DESTROYING the market

It literally took one try. I was shocked.

8 min read
avatarAlexander Nguyen
The resume that got a software engineer a $300,000 job at Google.

1-page. Well-formatted.

4 min read
avatarAbdur Rahman
Python is No More The King of Data Science

5 Reasons Why Python is Losing Its Crown

6 min read
avatarHarendra
How I Am Using a Lifetime 100% Free Server

Get a server with 24 GB RAM + 4 CPU + 200 GB Storage + Always Free

3 min read
avatarZalwert
How to build next-gen search engine using Apache Tika (with python code)

In this article, you will learn how to set up & run Apache Tika and use it in Python for semantic search.

8 min read
avatarNetflix Technology Blog
Introducing Netflix’s TimeSeries Data Abstraction Layer

By Rajiv Shringi, Vinay Chella, Kaidan Fullerton, Oleksii Tkachuk, Joey Lynch

18 min read