Template:Networking rutos manual mqtt: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
{{Template:Networking_rutos_manual_fw_disclosure | {{Template:Networking_rutos_manual_fw_disclosure | ||
| fw_version = {{{series}}}_R_00.02.03.1 | | fw_version = {{{series}}}_R_00.02.03.1 | ||
| series = {{{series}}} | | series = {{{series}}} | ||
}} | }} | ||
==Summary== | ==Summary== |
Revision as of 11:10, 19 May 2020
Template:Networking rutos manual fw disclosure
Summary
MQTT (MQ Telemetry Transport or Message Queue Telemetry Transport) is an ISO standard (ISO/IEC PRF 20922) publish-subscribe-based "lightweight" messaging protocol for use on top of the TCP/IP protocol. It is designed to send short messages from one client (publisher) to another (subscriber) through brokers, which are responsible for message delivery to the end point. {{{name}}} devices support this functionality via an open source Mosquitto broker. The messages are sent this way: a client (subscriber) subscribes to a topic(s); a publisher posts a message to that specific topic(s). The broker then checks who is subscribed to that particular topic(s) and transmits data from the publisher to the subscriber. This chapter is a summary of the MQTT function in {{{name}}} devices.
MQTT Broker
The Broker will “listen” for connections on the specified Local port. In order to accept connections from WAN, you also need to check Enable Remote Access.
File:Networking rutx manual mqtt broker settings v1.png
field name | value | description |
---|---|---|
Enable | off | on; default: off | Toggles MQTT Broker between on and off. |
Local Port | integer [0..65535]; default: 1883 | Specifies the local port that the MQTT broker will listen to. |
Enable Remote Access | off | on; default: off | If enabled, MQTT Broker will be reachable by remote user (from WAN). |
Security
The MQTT Security tab is used to establish MQTT connection security via TLS/SSL.
File:Networking rutx manual mqtt broker security settings v1.png
field name | value | description |
---|---|---|
Use TLS/SSL | off | on; default: off | Toggles the use of TLS/SSL certificates between on and off. |
CA File | .ca file; default: none | Certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. |
CERT File | .crt file; default: none | Certificate file is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. Client certificates play a key role in many mutual authentication designs, providing strong assurances of a requester's identity. |
Key File | .key file; default: none | Private key for client to establish connection. |
TLS version | tlsv1 | tlsv1.1 | tlsv1.2 | Support all; default: Support all | Authenticates a client to a server and establishes precisely who they are. |
Bridge
The MQTT Broker also supports a functionality called Bridge. An MQTT Bridge is used for the communication between two MQTT Brokers. The window of Bridge parameters is presented below. Some of these are mandatory as they are needed to create a connection: Connection Name, Remote Address and Remote Port. For more information on MQTT Bridge parameters you can read the official mosquitto.conf manual page.
File:Networking rutx manual mqtt broker bridge settings v1.png
field name | value | description |
---|---|---|
Enable | off | on; default: off | Toggles MQTT Bridge between on and off. |
Connection Name | string; default: none | Name of the Bridge connection. Although this is used for easier management purposes, this field is mandatory. |
Remote Address | ip; default: none | Remote Broker’s address. |
Remote Port | integer [0..65535]; default: 1883 | Specifies which port the remote broker uses to listen for connections. |
Use Remote TLS/SSL | off | on; default: off | Enables the use of TSL/SSL certificates of the remote broker. If this is checked, you will be prompted to upload TLS/SSL certificates. More information can be found in the Security section of this chapter. |
On: Bridge CA File | .ca file; default: none | Certificate authority is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. |
On: Bridge CERT File | .crt file; default: none | Certificate file is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. Client certificates play a key role in many mutual authentication designs, providing strong assurances of a requester's identity. |
On: Bridge Key File | .key file; default: none | Private key for bridge connection. |
On: Bridge TLS version | tlsv1 | tlsv1.1 | tlsv1.2; default: tlsv1 | Authenticates a client to a server and establishes precisely who they are. |
Use Remote Bridge Login | off | on; default: off | Enables the use of Remote login data. If this is checked, you will be prompted to enter a remote client ID, username and password. |
On: Remote ID | string; default: none | Identifier for remote connection. |
On: Remote Username | string; default: none | Username used in remote connection. |
On: Remote Password | string; default: none | Password used in remote connection. |
Try Private | off | on; default: off | Check if the remote Broker is another instance of a daemon. |
Clean Session | off | on; default: off | Check to discard session state after connecting or disconnecting. |
Note: this table has coloring scheme to indicate which fields can be seen with different configuration.
You can also create and manage MQTT topics when opened Bridge tab.
field name | value | description |
---|---|---|
Topic | string; default: none | Specifies the names of the Topics that your Broker will subscribe to. |
Direction | OUT | IN | BOTH; default: OUT | The direction that the messages will be shared in. |
QoS Level | At most once (0) | At least once (1) | Exactly once (2); default: At most once (0) | The publish/subscribe QoS level used for this topic. |
Miscellaneous
The last section of MQTT Broker parameters is called Miscellaneous. It contains parameters that are related to neither Security nor Bridge.
File:Networking rutx manual mqtt broker miscellaneous settings v1.png
field name | value | description |
---|---|---|
ACL File | ACL file; default: none | The contents of this file are used to control client access to topics of the broker. |
Password File | password file; default: none | The Password file stores usernames and corresponding passwords, used for authentication. |
Persistence | off | on; default: off | If enabled, connection, subscription and message data will be written to the disk. Otherwise, the data is stored in the device memory only. |
Allow Anonymous | off | on; default: on | If enabled, the Broker allows anonymous access. |
MQTT Publisher
An MQTT Publisher is a client that sends messages to the Broker, who then forwards these messages to the Subscriber.
File:Networking rutx manual mqtt publisher settings v1.png
field name | value | description |
---|---|---|
Enable | off | on; default: off | Toggles the MQTT Publisher ON or OFF. |
Hostname | host | ip; default: none | Broker’s IP address or hostname. |
Port | integer [0..65535]; default: 1883 | Specifies the port used for connecting to the Broker. |
Username | string; default: none | Username used for authentication when connecting to the Broker. |
Password | string; default: none | Password used for authentication when connecting to the Broker. |
TLS | off | on; default: off | Toggles the Transport Layer Security between on or off. |
On: Allow insecure connection | off | on; default: off | Allow not verifying server authenticity. |
On: CA file | .ca file; default: none | Certificate authority file used in Transport Layer Security. |
On: Certificate file | .crt file; default: none | Certificate file used in Transport Layer Security. |
On: Key file | .key file; default: none | Key file used in Transport Layer Security. |
Note: this table has coloring scheme to indicate which fields can be seen with different configuration.
[[Category:{{{name}}} Services section]]