Template:Networking rutos manual mqtt: Difference between revisions
Gytispieze (talk | contribs) No edit summary |
No edit summary |
||
(19 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
{{Template: | {{Template: Networking_device_manual_fw_disclosure | ||
| | | series = {{{series}}} | ||
| series | | name = {{{name}}} | ||
| fw_version ={{Template: Networking_device_manual_latest_fw | |||
| series = {{{series}}} | |||
| name = {{{name}}} | |||
}} | |||
}} | }} | ||
{{#ifeq: {{{legacy}}} | | {{#ifeq: {{{series}}} | RUT9 |<br><i><b>Note</b>: <b>[[{{{name}}} MQTT (legacy WebUI)|click here]]</b> for the old style WebUI (FW version {{Template: Networking_device_manual_latest_fw | series = RUT9XX}} and earlier) user manual page.</i>|}} | ||
{{#ifeq: {{{series}}} | RUT2 |<br><i><b>Note</b>: <b>[[{{{name}}} MQTT (legacy WebUI)|click here]]</b> for the old style WebUI (FW version {{Template: Networking_device_manual_latest_fw | series = RUT2XX}} and earlier) user manual page.</i>|}} | |||
==Summary== | ==Summary== | ||
Line 13: | Line 18: | ||
{{#switch: {{{series}}} | {{#switch: {{{series}}} | ||
| #default = | | #default = | ||
| TRB2|RUT36X|RUT30X|RUT9|TCR1 = | | TRB2|RUT36X|RUT30X|RUT9|TCR1|RUT2|RUT2M|RUT9M|TRB2M|OTD140|RUT301|RUT14X = | ||
<u><b> | <u><b> | ||
Note:</b> MQTT is additional software that can be installed from the <b> | Note:</b> MQTT is additional software that can be installed from the <b>System → [[{{{name}}} Package Manager|Package Manager]]</b> page.</u> | ||
}} | }} | ||
==MQTT Broker== | ==MQTT Broker== | ||
The <b>MQTT Broker</b> is an entity that listens for connections on the specified port and relays received messages to MQTT client. To begin using this devices as an MQTT Broker, enable it in this page. In order to make the device accept MQTT connections from WAN (remote networks), you also need to turn the 'Enable Remote Access' slider on. | The <b>MQTT Broker</b> is an entity that listens for connections on the specified port and relays received messages to MQTT client. To begin using this devices as an MQTT Broker, enable it in this page. In order to make the device accept MQTT connections from WAN (remote networks), you also need to turn the 'Enable Remote Access' slider on. | ||
[[File: | [[File:Networking_rutos_manual_mqtt_broker_v3.png|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 33: | Line 39: | ||
<td>Enable</td> | <td>Enable</td> | ||
<td>off | on; default: <b>off</b></td> | <td>off | on; default: <b>off</b></td> | ||
<td> | <td>Turn MQTT Broker on or off.</td> | ||
</tr> | |||
<tr> | |||
<td>Custom configuration</td> | |||
<td>off | on; default: <b>off</b></td> | |||
<td>Enables reading of custom configuration.</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td>Local Port</td> | <td>Local Port</td> | ||
<td>integer [0..65535]; default: <b>1883</b></td> | <td>integer [0..65535]; default: <b>1883</b></td> | ||
<td>The TCP port on which the MQTT broker will listen for connections.</td> | <td>The TCP port(s) on which the MQTT broker will listen for connections. Click the plus sign to add multiple ports.</td> | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 53: | Line 64: | ||
The <b>Security</b> section is used to configure TLS/SSL . | The <b>Security</b> section is used to configure TLS/SSL . | ||
[[File: | [[File:Networking rutos manual mqtt broker settings security v3.png|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
<tr> | <tr> | ||
<th> | <th>Field name</th> | ||
<th>value</th> | <th>value</th> | ||
<th>description</th> | <th>description</th> | ||
Line 70: | Line 81: | ||
<td>Certificate based {{!}} <span style="color:darkred">Pre-shared key based</span>; default: '''Certificate based'''</td> | <td>Certificate based {{!}} <span style="color:darkred">Pre-shared key based</span>; default: '''Certificate based'''</td> | ||
<td>Select type of TLS.</td> | <td>Select type of TLS.</td> | ||
</tr> | |||
<tr> | |||
<td>Require certificate</td> | |||
<td>off | on; default: <b>on</b></td> | |||
<td>Demand client certificate and key from the client.</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 114: | Line 130: | ||
<b>Note</b>: this table has a coloring scheme to indicate which fields can be seen with different configuration. | <b>Note</b>: this table has a coloring scheme to indicate which fields can be seen with different configuration. | ||
[[File: | [[File:Networking_rutos_manual_mqtt_broker_settings_bridge_v2.png|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 163: | Line 179: | ||
</tr> | </tr> | ||
<tr> | <tr> | ||
<td><span style="color:blue">On:</span> Bridge | <td><span style="color:blue">On:</span> Bridge certificate File</td> | ||
<td>.crt file; default: <b>none</b></td> | <td>.crt file; default: <b>none</b></td> | ||
<td>Uploads a server (broker) certificate file. A certificate file is a type of digital certificate that is used by client systems to make authenticated requests to a remote server.</td> | <td>Uploads a server (broker) certificate file. A certificate file is a type of digital certificate that is used by client systems to make authenticated requests to a remote server.</td> | ||
Line 176: | Line 192: | ||
<td>tlsv1 | tlsv1.1 | tlsv1.2; default: <b>tlsv1</b></td> | <td>tlsv1 | tlsv1.1 | tlsv1.2; default: <b>tlsv1</b></td> | ||
<td>TLS version used by the other broker.</td> | <td>TLS version used by the other broker.</td> | ||
</tr> | |||
<tr> | |||
<td><span style="color:blue">On:</span> Bridge ALPN</td> | |||
<td>string; default: <b>none</b></td> | |||
<td>Configure the application layer protocol negotiation option for the TLS session. Useful for brokers that support both websockets and MQTT on the same port. </td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 191: | Line 212: | ||
<td>string; default: <b>none</b></td> | <td>string; default: <b>none</b></td> | ||
<td>Username for authentication to the remote broker.</td> | <td>Username for authentication to the remote broker.</td> | ||
</tr> | |||
<tr> | |||
<td><span style="color:red">On:</span> Require password</td> | |||
<td>on | off; default: <b>off</b></td> | |||
<td>Password for authentication to the remote broker.</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 206: | Line 232: | ||
<td>off | on; default: <b>off</b></td> | <td>off | on; default: <b>off</b></td> | ||
<td>When turned on, discards session state after connecting or disconnecting.</td> | <td>When turned on, discards session state after connecting or disconnecting.</td> | ||
</tr> | |||
<tr> | |||
<td>Enable notification</td> | |||
<td>off | on; default: <b>off</b></td> | |||
<td>Publish notification messages to the local and remote brokers giving information about the state of the bridge connection.</td> | |||
</tr> | |||
<tr> | |||
<td>Enable local notifications</td> | |||
<td>off | on; default: <b>off</b></td> | |||
<td>Only publish notification messages to the local broker giving information about the state of the bridge connection.</td> | |||
</tr> | |||
<tr> | |||
<td>Keepalive interval</td> | |||
<td>(5-65535); default: <b>60</b></td> | |||
<td>Set the keepalive interval for this bridge connection, in seconds.</td> | |||
</tr> | </tr> | ||
</table> | </table> | ||
Line 211: | Line 252: | ||
You can also create and manage MQTT topics in the <b>Topics</b> list below the Bridge section. To add a new topic, click the 'Add' button. | You can also create and manage MQTT topics in the <b>Topics</b> list below the Bridge section. To add a new topic, click the 'Add' button. | ||
[[File:Networking_rutos_manual_mqtt_broker_settings_bridge_topics_add_button.png|border|class=tlt-border]] | [[File:Networking_rutos_manual_mqtt_broker_settings_bridge_topics_add_button v2.png|border|class=tlt-border]] | ||
You can then configure the newly added topic from the same page. | You can then configure the newly added topic from the same page. | ||
[[File:Networking_rutos_manual_mqtt_broker_settings_bridge_topics.png|border|class=tlt-border]] | [[File:Networking_rutos_manual_mqtt_broker_settings_bridge_topics v2.png|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 244: | Line 285: | ||
The <b>Miscellaneous</b> section is used to configure MQTT broker parameters that are related to neither Security nor Bridge. | The <b>Miscellaneous</b> section is used to configure MQTT broker parameters that are related to neither Security nor Bridge. | ||
[[File:Networking_rutos_manual_mqtt_broker_settings_miscellaneous.png|border|class=tlt-border]] | [[File:Networking_rutos_manual_mqtt_broker_settings_miscellaneous v2.png|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 269: | Line 310: | ||
<tr> | <tr> | ||
<td>Allow Anonymous</td> | <td>Allow Anonymous</td> | ||
<td>off | on; default: <b> | <td>off | on; default: <b>off</b></td> | ||
<td>Turns anonymous access to this broker on or off.</td> | <td>Turns anonymous access to this broker on or off.</td> | ||
</tr> | |||
<tr> | |||
<td>Max queued messages</td> | |||
<td>[0..65535]; default: <b>1000</b></td> | |||
<td>The maximum number of QoS 1 and 2 messages to hold in a queue per client above those that are currently in-flight. Set to 0 for no maximum (not recommended).</td> | |||
</tr> | |||
<tr> | |||
<td>Maximum packet size</td> | |||
<td>[1..268435456]; default: <b>1048576</b></td> | |||
<td>Maximum size of packet before it will be dropped.</td> | |||
</tr> | </tr> | ||
</table> | </table> | ||
Line 280: | Line 331: | ||
<b>Note</b>: this table has coloring scheme to indicate which fields can be seen with different configuration. | <b>Note</b>: this table has coloring scheme to indicate which fields can be seen with different configuration. | ||
[[File: | [[File:Networking_rutos_manual_mqtt_publisher_v3.png|border|class=tlt-border]] | ||
<table class="nd-mantable"> | <table class="nd-mantable"> | ||
Line 302: | Line 353: | ||
<td>integer [0..65535]; default: <b>1883</b></td> | <td>integer [0..65535]; default: <b>1883</b></td> | ||
<td>Broker's port number.</td> | <td>Broker's port number.</td> | ||
</tr> | |||
<tr> | |||
<td>Client ID</td> | |||
<td>string; default: <b>empty</b></td> | |||
<td>Client ID to send with the data. If empty, a random client ID will be generated.</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 307: | Line 363: | ||
<td>string; default: <b>none</b></td> | <td>string; default: <b>none</b></td> | ||
<td>Username used for authentication to the Broker.</td> | <td>Username used for authentication to the Broker.</td> | ||
</tr> | |||
<tr> | |||
<td>Require password</td> | |||
<td>on | off; default: <b>off</b></td> | |||
<td>Requires password for authentication.</td> | |||
</tr> | </tr> | ||
<tr> | <tr> | ||
Line 357: | Line 418: | ||
<td>string; default: <b>none</b></td> | <td>string; default: <b>none</b></td> | ||
<td>The identity of this client. May be used as the username depending on the server settings.</td> | <td>The identity of this client. May be used as the username depending on the server settings.</td> | ||
</tr> | |||
<tr> | |||
<td>Publish topic prefix</td> | |||
<td>string; default: <b>empty</b></td> | |||
<td>Prefix of the topic to be used during publish. [[Monitoring_via_MQTT#How_MQTT_works|More information.]]</td> | |||
</tr> | |||
<tr> | |||
<td>Subscribe topic prefix</td> | |||
<td>string; default: <b>empty</b></td> | |||
<td>Prefix of the topic to be used during subscription. [[Monitoring_via_MQTT#How_MQTT_works|More information.]] </td> | |||
</tr> | </tr> | ||
</table> | </table> | ||
[[Category:{{{name}}} Services section]] | [[Category:{{{name}}} Services section]] |
Latest revision as of 14:16, 12 April 2024
The information in this page is updated in accordance with firmware version .
Summary
MQTT (MQ Telemetry Transport or Message Queue Telemetry Transport) is an ISO standard (ISO/IEC PRF 20922) publish-subscribe-based "lightweight" messaging protocol for use on top of the TCP/IP protocol. It is designed to send short messages from one client (publisher) to another (subscriber) through brokers, which are responsible for message delivery to the end point.
{{{name}}} devices support this functionality via an open source Mosquitto broker. The messages are sent this way: a client (subscriber) subscribes to a topic(s); a publisher posts a message to that specific topic(s). The broker then checks who is subscribed to that particular topic(s) and transmits data from the publisher to the subscriber.
This chapter is an overview of the MQTT page for {{{name}}} devices.
MQTT Broker
The MQTT Broker is an entity that listens for connections on the specified port and relays received messages to MQTT client. To begin using this devices as an MQTT Broker, enable it in this page. In order to make the device accept MQTT connections from WAN (remote networks), you also need to turn the 'Enable Remote Access' slider on.
Field | Value | Description |
---|---|---|
Enable | off | on; default: off | Turn MQTT Broker on or off. |
Custom configuration | off | on; default: off | Enables reading of custom configuration. |
Local Port | integer [0..65535]; default: 1883 | The TCP port(s) on which the MQTT broker will listen for connections. Click the plus sign to add multiple ports. |
Enable Remote Access | off | on; default: off | Turns remote access to this MQTT broker on or off. |
Broker Settings
Security
The Security section is used to configure TLS/SSL .
Field name | value | description |
---|---|---|
Use TLS/SSL | off | on; default: off | Turns the use of TLS/SSL for this MQTT connection on or off. |
TLS type | Certificate based | Pre-shared key based; default: Certificate based | Select type of TLS. |
Require certificate | off | on; default: on | Demand client certificate and key from the client. |
Certificate files from device | off | on; default: off | When turned on, provides the possibility to use certificate files generated on this device instead of uploading certificate files. You can generate TLS certificates on your device in the System → Administration → [[{{{name}}} Administration#Certificates|Certificates]] page. |
CA File | .ca file; default: none | Uploads a Certificate Authority (CA) file. A Certificate Authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. |
CERT File | .crt file; default: none | Uploads a server (broker) certificate file. A certificate file is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. |
Key File | .key file; default: none | Uploads a server (broker) key file. |
TLS version | tlsv1 | tlsv1.1 | tlsv1.2 | Support all; default: Support all | Specifies which TLS version(s) is will be supported by this broker. |
Pre-shared key based: Pre-Shared-Key | string; default: none | The pre-shared-key in hex format with no leading "0x". |
Pre-shared key based: Identity | string; default: none | The identity of this client. May be used as the username depending on the server settings. |
Bridge
An MQTT Bridge is used for the communication between MQTT brokers. The window of Bridge parameters is presented below.
Note: this table has a coloring scheme to indicate which fields can be seen with different configuration.
Field | Value | Description |
---|---|---|
Enable | off | on; default: off | Turns MQTT Bridge on and off. |
Connection Name | string; default: none | Name of the Bridge connection. This is used for easier management purposes. |
Protocol version | 3.1 | 3.1.1; default: 3.1 | Selects protocol version |
Remote Address | ip; default: none | Remote Broker’s address. |
Remote Port | integer [0..65535]; default: 1883 | Specifies which port the remote broker uses to listen for connections. |
Use Remote TLS/SSL | off | on; default: off | Enables the use of TSL/SSL certificates of the remote broker. If this is checked, you will be prompted to upload TLS/SSL certificates. More information can be found in the Security section of this chapter. |
On: Certificate files from device | off | on; default: off | When turned on, provides the possibility to use certificate files generated on this device instead of uploading certificate files. You can generate TLS certificates on your device in the System → Administration → [[{{{name}}} Administration#Certificates|Certificates]] page. |
On: Bridge CA File | .ca file; default: none | Uploads a Certificate Authority (CA) file. A Certificate Authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. |
On: Bridge certificate File | .crt file; default: none | Uploads a server (broker) certificate file. A certificate file is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. |
On: Bridge Key File | .key file; default: none | Uploads a server (broker) key file. |
On: Bridge TLS version | tlsv1 | tlsv1.1 | tlsv1.2; default: tlsv1 | TLS version used by the other broker. |
On: Bridge ALPN | string; default: none | Configure the application layer protocol negotiation option for the TLS session. Useful for brokers that support both websockets and MQTT on the same port. |
Use Remote Bridge Login | off | on; default: off | Indicates whether the remote side of the connection requires login information. If this is turned on, you will be required to enter a remote client ID, username and password. |
On: Remote ID | string; default: none | Identifier of the remote broker |
On: Remote Username | string; default: none | Username for authentication to the remote broker. |
On: Require password | on | off; default: off | Password for authentication to the remote broker. |
On: Remote Password | string; default: none | Password for authentication to the remote broker. |
Try Private | off | on; default: off | Check if the remote Broker is another instance of a daemon. |
Clean Session | off | on; default: off | When turned on, discards session state after connecting or disconnecting. |
Enable notification | off | on; default: off | Publish notification messages to the local and remote brokers giving information about the state of the bridge connection. |
Enable local notifications | off | on; default: off | Only publish notification messages to the local broker giving information about the state of the bridge connection. |
Keepalive interval | (5-65535); default: 60 | Set the keepalive interval for this bridge connection, in seconds. |
You can also create and manage MQTT topics in the Topics list below the Bridge section. To add a new topic, click the 'Add' button.
You can then configure the newly added topic from the same page.
Field | value | description |
---|---|---|
Topic Name | string; default: none | The name of the topics that the broker will subscribe to. |
Direction | OUT | IN | BOTH; default: OUT | The direction that the messages will be shared. |
QoS Level | At most once (0) | At least once (1) | Exactly once (2); default: At most once (0) | Sets the publish/subscribe QoS level used for this topic. |
Miscellaneous
The Miscellaneous section is used to configure MQTT broker parameters that are related to neither Security nor Bridge.
field name | value | description |
---|---|---|
ACL File | ACL file; default: none | Uploads an ACL file. The contents of this file are used to control client access to topics of the broker. |
Password File | password file; default: none | Uploads a password. A password file stores usernames and corresponding passwords, used for authentication. |
Persistence | off | on; default: off | When turned on, connection, subscription and message data will be written to the disk. Otherwise, the data is stored in the device memory only. |
Allow Anonymous | off | on; default: off | Turns anonymous access to this broker on or off. |
Max queued messages | [0..65535]; default: 1000 | The maximum number of QoS 1 and 2 messages to hold in a queue per client above those that are currently in-flight. Set to 0 for no maximum (not recommended). |
Maximum packet size | [1..268435456]; default: 1048576 | Maximum size of packet before it will be dropped. |
MQTT Publisher
An MQTT Publisher is a client instance that can send messages to the Broker, who can forward these messages to other clients (subscribers).
Note: this table has coloring scheme to indicate which fields can be seen with different configuration.
Field | Value | Description |
---|---|---|
Enable | off | on; default: off | Toggles the MQTT Publisher ON or OFF. |
Hostname | host | ip; default: none | Broker’s IP address or hostname. |
Port | integer [0..65535]; default: 1883 | Broker's port number. |
Client ID | string; default: empty | Client ID to send with the data. If empty, a random client ID will be generated. |
Username | string; default: none | Username used for authentication to the Broker. |
Require password | on | off; default: off | Requires password for authentication. |
Password | string; default: none | Password used for authentication to the Broker. |
TLS | off | on; default: off | Turns the use of Transport Layer Security (TLS) on or off. |
On: Allow insecure connection | off | on; default: off | Allows connections without verifying server authenticity. |
TLS type | Certificate based | Pre-shared key based; default: Certificate based | Select type of TLS. |
On: Certificate files from device | off | on; default: off | When turned on, provides the possibility to use certificate files generated on this device instead of uploading certificate files. You can generate TLS certificates on your device in the System → Administration → [[{{{name}}} Administration#Certificates|Certificates]] page. |
On: CA file | .ca file; default: none | Certificate authority file used in Transport Layer Security. |
On: Certificate file | .crt file; default: none | Certificate file used in Transport Layer Security. |
On: Key file | .key file; default: none | Key file used in Transport Layer Security. |
Pre-shared key based: Pre-Shared-Key | string; default: none | The pre-shared-key in hex format with no leading "0x". |
Pre-shared key based: Identity | string; default: none | The identity of this client. May be used as the username depending on the server settings. |
Publish topic prefix | string; default: empty | Prefix of the topic to be used during publish. More information. |
Subscribe topic prefix | string; default: empty | Prefix of the topic to be used during subscription. More information. |
[[Category:{{{name}}} Services section]]