RabbitMQ MQTT Broker on Ubuntu

This is a guide for installation and basic setup of RabbitMQ with MQTT broker plugin on a VPS running Ubuntu Server 21.10.

RabbitMQ is an open source message broker supporting several protocols including AMQP, STOMP, and MQTT.
MQTT protocol is a lightweight publish/subscribe system which is great for IoT devices with constrained resources and bandwidth.

This guide will provide details on basic setup of the MQTT broker.

Table of Contents

    1. Install Ubuntu Server 21.10 with basic firewall

    RabbitMQ can be installed on a basic low cost VPS. I use it on a $5 Droplet from Digital Ocean and it works great with relatively small number of connections.

    1. Switch to root environment
      sudo -i
    2. Obtain latest versions of installed packages
      apt update
    3. update all installed packages
      apt upgrade
    4. Configure basic firewall to close all ports except for SSH
      ufw allow 22
      ufw enable
    5. Create new user and add to sudo group. Replace friends with your own username.
      adduser friends && usermod -aG sudo friends
      exit
      exit
    6. Close SSH connection and login using new user

    2. Install RabbitMQ

    1. Install necessary packages
      sudo apt-get install wget apt-transport-https -y
    2. Install RabbitMQ repository signing key
      wget -O- https://www.rabbitmq.com/rabbitmq-release-signing-key.asc | sudo apt-key add -
    3. Add RabbitMQ repository
      echo "deb https://dl.bintray.com/rabbitmq-erlang/debian focal erlang-22.x" | sudo tee /etc/apt/sources.list.d/rabbitmq.list
    4. Install RabbitMQ
      sudo apt-get install rabbitmq-server -y --fix-missing
    5. Check status of RabbitMQ service. It should now be running
      sudo systemctl status rabbitmq-server
    6. Enable Web Managment Dashboard
      sudo rabbitmq-plugins enable rabbitmq_management
    7. Create Administrator Account to access dashboard.
      User: admin
      password: adminPassword (replace with your own)
      sudo rabbitmqctl add_user admin adminPassword
      sudo rabbitmqctl set_user_tags admin administrator
    8. Open up port on firewall for dashboard
      sudo ufw allow 15672
    9. Open dashboard and login using admin account created previously
      http://ip address:15672

    3. Install MQTT Plugin

    https://www.rabbitmq.com/mqtt.html

    1. Enable MQTT
      sudo rabbitmq-plugins enable rabbitmq_mqtt
    2. Restart server
      sudo service rabbitmq-server restart

    Configure MQTT Plugin

    Create a basic configuration.
    https://www.rabbitmq.com/mqtt.html#config

    1. Open configuration file
      sudo nano /etc/rabbitmq/rabbitmq.conf
    2. Copy the following into file and save
    mqtt.listeners.ssl = none
    mqtt.listeners.tcp.1 = 1883
    mqtt.prefetch         = 10
    mqtt.vhost            = /
    mqtt.exchange         = amq.topic
    mqtt.allow_anonymous  = false
    1. Open port on firewall
      sudo ufw allow 1883

    Create User Accounts

    https://www.rabbitmq.com/access-control.html

    1. Open dashboard and login using admin account created previously
      http://ip address:15672
    2. Enter username and password in the “add a user” section. Save by pressing “add user” button
    3. New user should show up in the user list however it will show a yellow box that says “No access” under the “Can access virtual hosts” column.
    4. Select the user to open up permissions page.
    5. Press the “Set permission” button in the “Permissions” section. This will give full access to the default virtual host.
    6. In the “Topic permissions” section select amq.topic from the exchange drop down box.
    7. Press the “Set permission” button in the “topic permissions” section.
    8. This user should now have access to publish and subscribe to all topics

    Configure Topic Authorization

    https://www.rabbitmq.com/access-control.html#topic-authorisation
    Often we might want to limit users to only publish or subscribe to specific topics. This is accomplished by using regexp.

    1. Edit the topic permissions section of the user as was done in the previous section.
    2. In the “Topic permissions” section select amq.topic from the exchange drop down box.
    3. In the Write regexp and Read regexp sections enter ^mytopic.* instead of .*
    4. Press the “Set permission” button in the “topic permissions” section.
    5. This will allow user to publish/subscribe from topics beginning with mytopic.