This is a guide for installation and basic setup of RabbitMQ with MQTT broker plugin on a VPS running Ubuntu Server 21.10.
RabbitMQ is an open source message broker supporting several protocols including AMQP, STOMP, and MQTT.
MQTT protocol is a lightweight publish/subscribe system which is great for IoT devices with constrained resources and bandwidth.
This guide will provide details on basic setup of the MQTT broker.
1. Install Ubuntu Server 21.10 with basic firewall
RabbitMQ can be installed on a basic low cost VPS. I use it on a $5 Droplet from Digital Ocean and it works great with relatively small number of connections.
- Switch to root environment
sudo -i - Obtain latest versions of installed packages
apt update - update all installed packages
apt upgrade - Configure basic firewall to close all ports except for SSH
ufw allow 22ufw enable - Create new user and add to sudo group. Replace friends with your own username.
adduser friends && usermod -aG sudo friendsexitexit - Close SSH connection and login using new user
2. Install RabbitMQ
- Install necessary packages
sudo apt-get install wget apt-transport-https -y - Install RabbitMQ repository signing key
wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add - - Add RabbitMQ repository
echo "deb https://dl.bintray.com/rabbitmq-erlang/debian focal erlang-22.x" | sudo tee /etc/apt/sources.list.d/rabbitmq.list - Install RabbitMQ
sudo apt-get install rabbitmq-server -y --fix-missing - Check status of RabbitMQ service. It should now be running
sudo systemctl status rabbitmq-server - Enable Web Managment Dashboard
sudo rabbitmq-plugins enable rabbitmq_management - Create Administrator Account to access dashboard.
User: admin
password: adminPassword (replace with your own)sudo rabbitmqctl add_user admin adminPasswordsudo rabbitmqctl set_user_tags admin administrator - Open up port on firewall for dashboard
sudo ufw allow 15672 - Open dashboard and login using admin account created previously
http://ip address:15672
3. Install MQTT Plugin
https://www.rabbitmq.com/mqtt.html
- Enable MQTT
sudo rabbitmq-plugins enable rabbitmq_mqtt - Restart server
sudo service rabbitmq-server restart
Configure MQTT Plugin
Create a basic configuration.
https://www.rabbitmq.com/mqtt.html#config
- Open configuration file
sudo nano /etc/rabbitmq/rabbitmq.conf - Copy the following into file and save
mqtt.listeners.ssl = none
mqtt.listeners.tcp.1 = 1883
mqtt.prefetch = 10
mqtt.vhost = /
mqtt.exchange = amq.topic
mqtt.allow_anonymous = false- Open port on firewall
sudo ufw allow 1883
Create User Accounts
https://www.rabbitmq.com/access-control.html
- Open dashboard and login using admin account created previously
http://ip address:15672 - Enter username and password in the “add a user” section. Save by pressing “add user” button
- New user should show up in the user list however it will show a yellow box that says “No access” under the “Can access virtual hosts” column.
- Select the user to open up permissions page.
- Press the “Set permission” button in the “Permissions” section. This will give full access to the default virtual host.
- In the “Topic permissions” section select amq.topic from the exchange drop down box.
- Press the “Set permission” button in the “topic permissions” section.
- This user should now have access to publish and subscribe to all topics
Configure Topic Authorization
https://www.rabbitmq.com/access-control.html#topic-authorisation
Often we might want to limit users to only publish or subscribe to specific topics. This is accomplished by using regexp.
- Edit the topic permissions section of the user as was done in the previous section.
- In the “Topic permissions” section select amq.topic from the exchange drop down box.
- In the Write regexp and Read regexp sections enter
^mytopic.*instead of.* - Press the “Set permission” button in the “topic permissions” section.
- This will allow user to publish/subscribe from topics beginning with mytopic.