moat mqtt broker¶
moat mqtt broker is a command-line script for running a MQTT 3.1.1 broker.
Usage¶
moat mqtt broker usage :
moat mqtt broker --version
moat mqtt broker (-h | --help)
moat mqtt broker [-c <config_file> ] [-d]
Options¶
| --version | MoaT-MQTT version information |
| -h, --help | Display moat mqtt broker usage help |
| -c | Set the YAML configuration file to read and pass to the client runtime. |
Configuration¶
If -c argument is given, moat mqtt broker will read specific MQTT settings for the given configuration file. This file must be a valid YAML file which may contains the following configuration elements :
listeners: network bindings configuration listtimeout-disconnect-delay: client disconnect timeout after keep-alive timeoutauth: authentication configuration
Without the -c argument, the broker will run with the following default configuration:
listeners:
default:
type: tcp
bind: 0.0.0.0:1883
sys_interval: 20
auth:
allow-anonymous: true
plugins:
- auth_file
- auth_anonymous
Using this configuration, moat mqtt broker will start a broker :
- listening on TCP port 1883 on all network interfaces.
- Publishing
$SYS``_ update messages every ``20seconds. - Allowing anonymous login, and password file bases authentication.
Configuration example¶
kv:
server:
host: '127.0.0.1'
port: 27586
topic: [test, mqtt]
base: [test, dist]
transparent:
- transp
- also/transp
listeners:
default:
max-connections: 50000
type: tcp
my-tcp-1:
bind: 127.0.0.1:1883
my-tcp-ssl-1:
bind: 127.0.0.1:8883
ssl: on
cafile: /some/cafile
capath: /some/folder
certfile: /some/certfile
keyfile: /some/key
my-ws-1:
bind: 0.0.0.0:8080
type: ws
timeout-disconnect-delay: 2
plugins:
- auth_anonymous
auth:
allow-anonymous: true
password-file: /some/passwd_file
This configuration example shows the use of every parameter.
The kv section controls routing of messages via MoaT-KV.
The
serversubsection mimics MoaT-KV’sconnectsection. See the MoaT-KV documentation for details.The
baselist tells MoaT-MQTT which MoaT-KV subtree to use for retained messages. Any changes to this subtree will be broadcast to MoaT-MQTT’s clients.Non-retained messages whose topic starts with one of the topics in the
transparentlist are exchanged across MQTT as they are, except that thebasetopic is prepended when sending / stripped when receiving. Use a list with an empty list in it to transfer everything that way:transparent: [[]]
Any other messages are encapsulated using the topic in
topic. This topic is not prepended withbaseand must not havebaseas a prefix.
The example listeners section defines 3 bindings :
my-tcp-1: a unsecured TCP listener on port 1883 allowing1000clients connections simultaneouslymy-tcp-ssl-1: a secured TCP listener on port 8883 allowing50000clients connections simultaneouslymy-ws-1: a unsecured websocket listener on port 8080 allowing50000clients connections simultaneously
Authentication allows anonymous logins and password file based authentication. Password files are required to be text files containing user name and password in the form
username:password
where password should be hashed. Use the mkpasswd -m sha-512 command to encode a passphrase. Password file example:
# Test user with 'test' password encrypted with sha-512
test:$6$l4zQEHEcowc1Pnv4$HHrh8xnsZoLItQ8BmpFHM4r6q5UqK3DnXp2GaTm5zp5buQ7NheY3Xt9f6godVKbEtA.hOC7IEDwnok3pbAOip.