Mosquitto MQTT broker

Set up Mosquitto as MQTT broker.

  "plain": true,
  "ssl": false,
  "anonymous": true,
  "logins": [
    {"username": "testuser", "password": "mypw"}
  "customize": {
    "active": false,
    "folder": "mosquitto"
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"

Make sure you use logins and disable anonymous access if you want to secure the system.

Configuration variables:

  • plain (Optional): Listen on port 1883 without SSL/TLS. Defaults to true.
  • ssl (Optional): Listen on port 8883 with SSL/TLS. This requires certificates. Defaults to false.
  • anonymous (Optional): Allow anonymous connections. If logins is set, the anonymous user can only read data. Defaults to true.
  • logins (Optional): A list of users that will be created with username and password.
  • customize (Optional): If you enable it, it reads additional configuration files (*.conf) from /share/mosquitto.

Home Assistant configuration

To use the Mosquitto as broker, add the following entry to the configuration.yaml file.

# Example configuration.yaml entry
  broker: core-mosquitto

If username and password are set up in add-on, your configuration.yaml file should contain that data.

  broker: core-mosquitto
  username: YOUR_USERNAME
  password: YOUR_PASSWORD

Listening simultaneously on SSL/TLS (8883) and insecure (1883) ports

  1. Configure SSL/TLS as normal.
  2. Set customize flag to true in your configuration.
  3. Create a file in /share/mosquitto named insecure.conf with the following contents:
listener 1883
protocol mqtt
  1. Restart MQTT

It’s recommened that you only open your firewall to the SSL/TLS port (8883) and only use the insecure port (1883) for local devices.