Mosquitto MQTT broker


Set up Mosquitto as MQTT broker.

{
  "logins": [
    {"username": "local-user", "password": "mypw"}
  ],
  "anonymous": false,
  "customize": {
    "active": false,
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

Make sure you use logins and disable anonymous access if you want to secure the system.

Configuration Variables

anonymous

(boolean)(Optional)Allow anonymous connections. If logins is set, the anonymous user can only read data.

Default value: false

logins

(list)(Optional)A list of local users that will be created with username and password. You don’t need do this because you can use Home Assistant users too without any configuration.

customize

(boolean | string)(Optional)If you enable it, it reads additional configuration files (*.conf) from /share/mosquitto.

Home Assistant user management

This add-on is attached to the Home Assistant user system, so mqtt clients can make use of these credentials. Local users may also still be set independently within the configuration options for the add-on. For the internal Hass.io ecosystem we register homeassistant and addons, so these may not be used as user names.

Home Assistant configuration

To use the Mosquitto as broker, go to the integration page and install the configuration with one click. If you have old MQTT settings available, remove this old integration and restart Home Assistant to see the new one.

Disable listening on insecure (1883) ports

Remove the ports from the add-on page network card (set them as blank) to disable them.

Access Control Lists (ACLs)

It is possible to restrict access to topics based upon the user logged in to Mosquitto. In this scenario it is recommended to create individual users for each of your clients and create an appropriate ACL.

See the following links for more information:

Add the following configuration to enable ACLs:

  1. Set the active flag within the customize section to true in your configuration.
  2. Create a file in /share/mosquitto named acl.conf with the following contents:
    acl_file /share/mosquitto/accesscontrollist
    
  3. Create a file in /share/mosquitto named accesscontrollist and add contents according to your requirements.

The /share folder can be found on the host filesystem under /usr/share/hassio/share, or via the Share folder through SMB (Samba).