====Mosquitto MQTT====


===Install===
<code>
sudo apt install mosquitto mosquitto-clients mosquitto-dev
</code>

===Disable===

Stop and disable mosquitto server for now. Later start it using `runit'

<code>
/etc/init.d/mosquitto stop
update-rc.d mosquitto disable
systemctl disable mosquitto
systemctl mask mosquitto
</code>

===Setup===

==Private LAN==

Create and edit local config

<code>
vi /etc/mosquitto/conf.d/local.conf
</code>

Add the following

<code>
listener 1883
allow_anonymous true
</code>

==Public WAN==

Create password file and add a user

<code>
touch /etc/mosquitto/pwfile
mosquitto_passwd -b /etc/mosquitto/pwfile username password
</code>

Create and edit local config

<code>
vi /etc/mosquitto/conf.d/local.conf
</code>

Add the following

<code>
listener 8883
allow_anonymous false
password_file /etc/mosquitto/pwfile

certfile /etc/mosquitto/certs/cert.pem
cafile   /etc/mosquitto/certs/fullchain.pem
keyfile  /etc/mosquitto/certs/key.pem
</code>

===Runit===

<code>
#! /bin/bash
sleep 1

#LOG
exec 2>&1
ulimit -l unlimited
ulimit -i unlimited
ulimit -q unlimited
ulimit -n 8192
ulimit -aH

#RUN
mkdir -p /var/lib/mosquitto
chown -R mosquitto:mosquitto /var/lib/mosquitto
mkdir -p /var/log/mosquitto
chown -R mosquitto:mosquitto /var/log/mosquitto
mkdir -p /run/mosquitto
chown -R mosquitto:mosquitto /run/mosquitto
exec /usr/sbin/mosquitto -c 
</code>

===Test===

==Private LAN==

<code>
mosquitto_sub -h 192.168.0.13 -t '#'
</code>

==Public WAN==

<code>
mosquitto_sub -v -h hostname.example.com -p 8883 -u username -P password -t '#'
</code>

The hostname must match the name in the TLS certificate.