Deploy Eclipse Mosquitto, the lightweight MQTT broker that enables IoT devices, sensors, and home automation systems to communicate reliably.
Grab the automated bash script from GitHub to follow along with the video.
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/iot/mosquitto/mosquitto-ubuntu.sh
chmod +x mosquitto-ubuntu.sh
sudo bash mosquitto-ubuntu.shThe script installs Docker, configures the Mosquitto broker with a default configuration file, and starts the container. Mosquitto will be listening on ports 1883 (plain MQTT), 8883 (MQTT over TLS), and 9001 (WebSocket MQTT).
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/iot/mosquitto/mosquitto-ubuntu.sh
chmod +x mosquitto-ubuntu.sh
sudo bash mosquitto-ubuntu.shInstall the mosquitto-clients package to test publish and subscribe from the command line. Open two terminal windows — one to subscribe and one to publish — to verify the broker is routing messages correctly.
# Install client tools
sudo apt install -y mosquitto-clients
# Terminal 1 — subscribe to a test topic
mosquitto_sub -h <your-server-ip> -t "test/topic" -u username -P password
# Terminal 2 — publish a test message
mosquitto_pub -h <your-server-ip> -t "test/topic" -m "Hello MQTT" -u username -P passwordEdit the mosquitto.conf file to enable username/password authentication. Use mosquitto_passwd to create credentials, then set allow_anonymous false to block unauthenticated clients. Restart the container to apply changes.
# Create password file with a new user
docker exec -it mosquitto mosquitto_passwd -c /mosquitto/config/passwords myuser
# Edit config to require auth
# Add to mosquitto.conf:
# allow_anonymous false
# password_file /mosquitto/config/passwords
# Restart the broker
docker restart mosquittoConfigure your ESP32, Arduino, Home Assistant, or other IoT devices to connect to your Mosquitto broker. Set the broker IP address and the credentials you created. For ESP32 with Arduino IDE, use the PubSubClient library. For Home Assistant, add the MQTT integration and point it to your server IP on port 1883.
# Home Assistant configuration.yaml example
mqtt:
broker: <your-server-ip>
port: 1883
username: myuser
password: mypassword| Port | Purpose |
|---|---|
| 1883 | MQTT (plain) |
| 8883 | MQTT over TLS |
| 9001 | WebSocket MQTT |
Eclipse Mosquitto is a lightweight, open-source MQTT broker used for IoT device communication. It implements the MQTT protocol for publish-subscribe messaging, connecting sensors, smart home devices, and applications with minimal bandwidth. It is the standard MQTT broker for home automation with Home Assistant, Zigbee2MQTT, and similar tools.
Running your own Mosquitto broker keeps all IoT device data on your home or office network. Devices publish sensor readings and receive commands without data leaving your premises. It is also required for tools like Zigbee2MQTT and many Home Assistant integrations that need a local MQTT broker.
Mosquitto listens on port 1883 for plain MQTT and port 9001 for WebSocket connections. Port 1883 should be accessible only from trusted internal networks or VPN. If TLS is configured, use port 8883 for encrypted MQTT. Never expose plain MQTT (1883) to the public internet.
Alternatives include HiveMQ (enterprise, cloud and self-hosted), EMQ X (EMQX, highly scalable open source), VerneMQ (distributed, Erlang-based), and NanoMQ (lightweight, edge focused). Choose Mosquitto for simplicity, reliability, and universal compatibility with IoT tools.
Avoid Mosquitto if you need clustering for high availability or tens of thousands of concurrent connections — EMQX or HiveMQ are better suited. Mosquitto is designed for simplicity and efficiency on a single node.
PrismaTechWork provides end-to-end infrastructure services — from initial deployment and security hardening to ongoing monitoring, automated backups, and dedicated support. Whether you need a single-server setup or a multi-site network, our team ensures your infrastructure is built right, secured properly, and maintained reliably.
MQTT is a lightweight publish-subscribe messaging protocol designed for constrained devices and low-bandwidth networks. Devices publish messages to topics and subscribers receive them. It requires far less bandwidth than HTTP and is ideal for battery-powered sensors, microcontrollers, and unreliable network connections typical in IoT.
In Home Assistant, go to Settings then Devices and Services, then Add Integration and search for MQTT. Enter your Mosquitto server IP, port 1883, and the username and password you configured. Home Assistant will then discover MQTT-enabled devices and allow you to use MQTT automations.
Use the mosquitto_passwd tool inside the container to create a password file: docker exec -it mosquitto mosquitto_passwd -c /mosquitto/config/passwd USERNAME. Then add password_file /mosquitto/config/passwd and allow_anonymous false to your mosquitto.conf and restart the container.
Port 1883 is the standard unencrypted MQTT port. Port 8883 is the MQTT over TLS encrypted port. Use 8883 with TLS certificates for any connection over the internet or untrusted networks. The WebSocket listener on port 9001 is used by browser-based MQTT clients.
Yes. Use MQTT Explorer (a desktop GUI) or the mosquitto_pub and mosquitto_sub command-line tools. For example: mosquitto_pub -h YOUR_SERVER -t test/topic -m hello sends a message, and mosquitto_sub -h YOUR_SERVER -t test/topic listens for messages on that topic.
Create an ACL file listing which users can publish or subscribe to which topics. Set acl_file /mosquitto/config/acl in mosquitto.conf. Each line in the ACL file specifies a user and allowed topic pattern with read or write permission. This prevents devices from accessing topics belonging to other devices.