User Tools

Site Tools


Raspberry Pi local broker

Raspberry Pi is credit card sized, and probably most popular, single board computer. It can easily be used as local MQTT broker. This tutorial expects Raspbian operating system is already installed. If you are already using Raspberry Pi with other operating system, this tutorial can be easily adjusted.


RPi v1 RPi v2 RPi v3
SoC BCM2835 BCM2836
CPU ARM1176JZF-S ARM Cortex-A7
Frequency 700 MHz 900 MHz
Cores Single core Quad core
RAM 512 MiB 1024 MiB
Storage SD Micro SD Micro SD
USB ports 2x USB 2.0 4x USB 2.0 4x USB 2.0
Real-time clock No No No
Powering Micro USB Micro USB Micro USB

Configure local MQTT broker

Install mosquitto.

pi@raspberry:~$ sudo apt-get install mosquitto

To be able to connect to central broker, we must configure resolving its hostname to IP address. Easiest way how to do that is add following line to /etc/hosts:

<ip_address>    central-broker

Replace <ip_address> by actual public IP address of you central MQTT broker.

Configure domain name lookup is crucial step for establishing SSL connection. When your client opens connection to some hostname, server on other side have to send certificate request with common name of that hostname. If both hostnames doesn't match, client should reject this connection. This security mechanism can detect possible MITM attack. It is possible to disable this check, but it is strongly recommended to keep in enabled and use correct domain name lookup.

mosquitto configuration

mosquitto creates its configuration files in /etc/mosquitto. It uses main configuration file /etc/mosquitto/mosquitto.conf which loads other files located in /etc/mosquitto/conf.d/ directory.

# Place your local configuration in /etc/mosquitto/conf.d/
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example

pid_file /var/run/

persistence true
persistence_location /var/lib/mosquitto/

log_dest file /var/log/mosquitto/mosquitto.log

include_dir /etc/mosquitto/conf.d

To configure local broker, create /etc/mosquitto/conf.d/bridge.conf file with following content:

# listen port
listener 1883

# bridge configuration
connection central-broker
address central-broker:1883
clientid pce-eliska-bridge
topic # both 0 "" area-name/
bridge_cafile /etc/mosquitto/ca_certificates/ca.crt
bridge_certfile /etc/mosquitto/certs/your-cert-request.crt
bridge_keyfile /etc/mosquitto/certs/your-keyfile.key

# authentication
username user
password pass

There are few directives which have to be configured based on your needs:

  • topic - Defines MQTT topic which will be prepended to outgoing messages. Put here correct area name.
  • bridge_cafile - Path to CA file. Will be discussed later.
  • bridge_certfile - Path to certificate request file. Will be discussed later.
  • bridge_keyfile - Path to key file. Will be discussed later.
  • user - Username for local broker.
  • password - Password for local broker.

CA and cert files

Last step of configuring broker if provide CA and cert files. You can fin instruction how to generate them on certificates page. It is good practice to put your CA file into /etc/mosquitto/ca_certificates and *.crt and *.key files into /etc/mosquitto/certs directory.

After you have successfully created these files, copy them in proper directories and configure bridge_cafile, bridge_certfile and bridge_keyfile in your /etc/mosquitto/conf.d/bridge.conf configuration file.

brokers/raspberry_pi.txt · Last modified: 2016/05/09 10:24 (external edit)