Setup a Secure Mosquitto Broker MQTT Broker on AWS EC2

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hello so initially i wanted to make a video on how you can use username and password with aws id for authentication and in that video i wanted to show how you can migrate from let's say a mosquito broker where you're using username and password and then you can migrate onto aws iot using the same authentication method right so for that i had to create a mosquito messaging broker on aws i found a few blogs for that like this one and this one as well however i kept facing some of the other issue so some command would work some error would coming and i just could not figure it out so i spent some time did the research and i created my own guide so in this video uh i'll go through exactly what you need to do in order to set up your own mosquito broker on aws so in this case you will be able to authenticate with username and password and also be able to use your own custom domain so in this case we are using the custom domain name mosquito dot the swap developer dot win great so that out of the way let's get started all right so on the right i'll have the set of steps open and on the left i'll have the aws console open now if you're going to be following the guide exactly you need to have two prerequisites the first one is going to be that you need to manage your dns from route 53 so here i have the swap developer dot win managed from the router 53 console and you need to also have issued certificates for that domain name so here i have certificates issued for both the swap developer dot win as well as star dot swap developer dot win that being said let's go ahead and start following the steps so the first one is to create an ubuntu instance so i'll go to ec2 and launch an instance i'll search for ubuntu and select the latest one here i will choose the free tier eligible make sure that the public ip will be enabled select the default storage default tags and here i need to add a few ports i'll add the ports for mqtt http https and the last one is going to be 1883 all right so i'd also make sure it's available everywhere and launch i'll use my own rsa key for authentication and launch the instance while that is being created i'll go ahead and select the public ip for this instance and create a route53 entry to point this domain to that ip and i'll create a a record for that so i'll go ahead and create a record a record is selected by default i'll add the ib name and i'll also give the name of the domain and click on create record great so now we have this domain pointing to the ec2 instance where we'll be running our mosquito server a few minutes later now that the broker is in running state let's go ahead and connect to it to do that we'll use the termias application here i have to go ahead and create the new host we'll call it mosquito the address will be the public dns of the ec2 instance username is going to be ubuntu and password will be the rsa key right so let's save that and connect great [Music] i'll go ahead and clear the screen i'll also increase the font and let's start copying the commands the first one is going to be for an update so let's do that next we'll install mosquito mosquitoes installed uh let's test this out by subscribing to a topic right so this means that i am able to subscribe cool now we have to allow a few ports on the local firewall so the first one is 1883 the next one is going to be uh 22 for ssh and let's enable the firewall and yes okay perfect now we need to restart mosquito to make sure that the firewall is in place great so uh in the next step uh we will go ahead and start issuing the certificate for the domain name for this broker first we need surport then do an update uh then install server next we need to allow the ports for http we'll do that and then enable that as well perfect in this step we'll go ahead and create certificates for that domain name here we need to add our email address so i'll add that that done we need to agree i don't want any emails and that's it so our certificate is i think created perfect next we need to create a cron job for these certificates to be rotated here i'll use vim and i'll paste this at the end right perfect next we need to create a user for uh mosquito so essentially you know adding the username and password authentication so in here the username is the swap developer and the password is going to be secret password perfect now we need to go into the configuration file and make sure that authentication is only allowed via username and password so for that we need to paste these two lines next we need to restart mosquito to make sure that the changes take effect now let's test this out so i'll try to make a subscribe call using the credential so here username is going to be the swap developer and password is going to be secret password so great i'm able to subscribe i'll create a duplicate terminal for that and try to publish a message to that topic and we can see that we are getting messages over here so i'll try sending it again and here we saw the same hello world message over there great so let's move on to the next step next we need to make sure that the mosquito broker is using the domain name certificates so that we can include a ca while making the connect call or subscriber publish right so for that we need to make a few changes in the configuration file so here is our configuration file for now and we'll go ahead and add the following details now uh what i've done is i've replaced the value of the domain name and if you have uh your own domain name you need to change that value as well perfect so next i'll go ahead and restart mosquito cool so since we are having a listener on triple h3 we need to allow the ports for triple h3 as well so we'll enable that port on the firewall as well now i've added the rule and i'll enable it as well perfect and lastly if we want to make a connect call from outside of the broker we need to get access uh to the cert so this is the csr that the broker has awesome so essentially our configuration is complete so we have done all three things we have installed the mqtt broker uh we have added certificates uh for that domain name and also we have enabled username and password authentication right so for now we have this one user that uses this password and going forward if there is going to be a connection from outside the broker they need to use a certificate as well also since i will be using this certificate uh to connect from my machine i need to copy it and store it on my local device so i'll go ahead and save that as well [Music] i'll use the mqtt.fx software to make a connection with the broker so here are the details that we need the broker address is going to be this next we need the port so we're connecting overport triple h3 the client id uh we'll just add it doesn't really matter but we're going to add the swap developer next we need credentials right so for credentials we need a username and we need the password as secret password lastly we also need to give the ca certificate because we made sure to add that in the config file so here i'll enable ssl tls and i'll use a ca certificate file and then i'll choose that uh file where i downloaded it right and then i'll click on okay right and then let's try to connect perfect so we are able to create a connection with the iot broker right so what i'll do is i'll make a subscribe call here subscribe to your topic and publish messages on it to demonstrate to subscribe i have the command right over here so mkriti sub here you can see that we're using the ca path for that and we're using the domain name and we're using the username and password so let's go ahead and subscribe and on mqtt fx let's publish a message on the test topic so here [Music] this is the test and when i publish i get the message over here right so this is working we can do one more test where we can publish a message from the mosquito server itself using the same details so in here using the username and password and we are also using the topic called test okay so publish was successful and we got the message here as well awesome so as you can see it was pretty straightforward we just had to follow a few commands if you want to dive deep into what we actually did you can follow these blogs i'll link them down in the description uh and if you have any questions feel free to ask them in the comments lastly if you're trying to run these commands uh the cli commands from your mac os i've added a few steps where you can download the search directory directly into your mac os uh and then make the published calls so that will work just fine thank you so much for going through this journey with me you can find all the links in the description and please subscribe for more videos
Info
Channel: The Suave Developer
Views: 3,391
Rating: undefined out of 5
Keywords:
Id: kdw65EFgQco
Channel Id: undefined
Length: 12min 56sec (776 seconds)
Published: Sun Oct 10 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.