This document provides a detailed guide for installing and configuring the Mosquitto MQTT broker with Redis authentication on CentOS 7.1. It outlines the necessary software installations, configuration changes, and commands to set up user authentication and access control lists using Redis. Additionally, it includes instructions for testing the setup using published and subscribed messages.

1. 08-Nov-2015
SAKURA Internet Research Center.
Senior Researcher / Naoto MATSUMOTO

2. mosquitto-auth-plug install
1) kernerl update & install preparation (CentOS 7.1/x86_64)
# uname -sr; cat /etc/redhat-release
Linux 3.10.0-229.el7.x86_64
CentOS Linux release 7.1.1503 (Core)
# yum update -y; sync; sync; sync; reboot
# cd /opt/
# yum groupinstall "Development Tools" -y
# yum install wget openssl-devel c-ares-devel libuuid-devel libcurl-devel epel-release -y
# yum update
# yum install redis.x86_64 hiredis-devel -y
# wget http://mosquitto.org/files/source/mosquitto-1.4.4.tar.gz
# tar xzvf /opt/mosquitto-1.4.4.tar.gz
# git clone https://github.com/jpmens/mosquitto-auth-plug.git
2) software installation
# cd /opt/mosquitto-1.4.4
# make; make install
# echo "/usr/local/lib" >> /etc/ld.so.conf
# ldconfig
# cd /etc/mosquitto/ ; cp -p mosquitto.conf.example mosquitto.conf
# cd /opt/mosquitto-auth-plug/
# cp -p config.mk.in config.mk
# sed -i -e "s/BACKEND_MYSQL ?= yes/BACKEND_MYSQL ?= no/" config.mk
# sed -i -e "s/BACKEND_REDIS ?= no/BACKEND_REDIS ?= yes/" config.mk
# sed -i -e "s|^MOSQUITTO_SRC =|MOSQUITTO_SRC = /opt/mosquitto-1.4.4/|g" config.mk
# systemctl start redis
# make
# cp -p /opt/mosquitto-auth-plug/auth-plug.so /etc/mosquitto/
# cp -p /opt/mosquitto-auth-plug/np /etc/mosquitto/
# cp -p /opt/mosquitto-auth-plug/README.md /etc/mosquitto/
SOURCE: SAKURA Internet Research Center. 11/2015
mosquitto
redis
mosquitto_pub
mosquitto_sub
redis_cli
MQTT
Auth/ACL

3. configure mosquitto with redis
3) edit mosquitto.conf and boot
# cat <<EOF >> /etc/mosquitto/mosquitto.conf
auth_opt_backends redis
auth_plugin /etc/mosquitto/auth-plug.so
auth_opt_redis_host 127.0.0.1
auth_opt_redis_port 6379
auth_opt_redis_userquery GET %s
auth_opt_redis_aclquery GET %s-%s
EOF
# groupadd mosquitto
# useradd -g mosquitto mosquitto
# /usr/local/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf
1447011024: mosquitto version 1.4.4 (build date 2015-11-09 02:09:56+0900) starting
1447011024: Config loaded from /etc/mosquitto/mosquitto.conf.
1447011024: |-- *** auth-plug: startup
1447011024: |-- ** Configured order: redis
4) Add username/password and "topic" ACL on redis server
# /etc/mosquitto/np -p secret
PBKDF2$sha256$901$8bgGySmAtaFpIWHa$7pw6May2cH4meIgCIupuPx/azYmQ5qPA
# redis-cli -h 127.0.0.1 SET john 'PBKDF2$sha256$901$8bgGySmAtaFpIWHa$7pw6May2cH4meIgCIupuPx/azYmQ5qPA'
# redis-cli -h 127.0.0.1 SET john-topic 2
5) Check Pub/Sub with Auth+ACL over MQTT
# watch -n 1 mosquitto_pub -h 127.0.0.1 -t "topic" -m testing123 -u john -P secret &
# mosquitto_sub -h 127.0.0.1 -t "topic" -u john -P secret
testing123
testing123
testing123
SOURCE: SAKURA Internet Research Center. 11/2015
mosquitto_pub
mosquitto_sub
redis_cli
mosquitto
redis