RUT955 MQTT: Difference between revisions

From Teltonika Networks Wiki
No edit summary
No edit summary
 
(8 intermediate revisions by 4 users not shown)
Line 1: Line 1:
==Summary==
{{Template: Networking_rutos_manual_mqtt_rut2_rut9
 
<!------------------------DEVICE----------------------->
'''MQTT (MQ Telemetry Transport or Message Queue Telemetry Transport)''' is an ISO standard (ISO/IEC PRF 20922) publish-subscribe-based "lightweight" messaging protocol for use on top of the TCP/IP protocol. It is designed to send short messages from one client ('''publisher''') to another ('''subscriber''') through '''brokers''', which are responsible for message delivery to the end point. RUT routers support this functionality via an open source Mosquitto broker. The messages are sent this way: a client ('''subscriber''') subscribes to a topic(s); a publisher posts a message to that specific topic(s). The '''broker''' then checks who is subscribed to that particular topic(s) and transmits data from the publisher to the subscriber. This chapter is a summary of the MQTT function in RUT routers.
| name   = RUT955
 
| series  = RUT9
For in-depth MQTT configuration examples, refer to this page: '''[[Monitoring via MQTT]]'''
}}
==MQTT Broker==
 
The '''Broker''' will “listen” for connections on the specified Local port. In order to accept connections from WAN, you also need to check Enable Remote Access.
 
[[Image:Services mqtt broker.PNG]]
 
<table class="nd-mantable">
    <tr>
        <th>field name</th>
      <th>value</th>
      <th>description</th>
    </tr>
    <tr>
      <td>Enable</td>
      <td>yes | no; Default: '''no'''</td>
      <td>Toggles MQTT Broker ON or OFF</td>
    </tr>
    <tr>
      <td>Local Port</td>
      <td>integer [0..65535]; Default: "1883"</td>
      <td>Specifies the local port that the MQTT broker will listen to</td>
    </tr>
    <tr>
    <td>Enable Remote Access</td>
        <td>yes | no; Default: '''no'''</td>
        <td>If enabled, MQTT Broker will be reachable by remote user (from WAN)</td>
    </tr>
</table>
 
===Security===
----
The MQTT '''Security''' tab is used to establish MQTT connection security via TLS/SSL.
 
[[Image:Services mqtt broker settings security.PNG]]
 
<table class="nd-mantable">
    <tr>
        <th>field name</th>
      <th>value</th>
      <th>description</th>
    </tr>
    <tr>
      <td>Use TLS/SSL</td>
      <td>yes | no; Default: '''no'''</td>
      <td>Toggles the use of TLS/SSL certificates ON or OFF</td>
    </tr>
    <tr>
      <td>CA File</td>
      <td>.ca file; Default: " "</td>
      <td>'''Certificate authority''' is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate</td>
    </tr>
    <tr>
    <td>CERT File</td>
        <td>.crt file; Default: " "</td>
        <td>Certificate file is a type of digital certificate that is used by client systems to make authenticated requests to a remote server. Client certificates play a key role in many mutual authentication designs, providing strong assurances of a requester's identity</td>
    </tr>
    <tr>
    <td>Key File</td>
        <td>.key file; Default: " "</td>
        <td>Private key for client to establish connection</td>
    </tr>
    <tr>
    <td>TLS version</td>
        <td>tlsv1.1 | tlsv1.2 | Support all; Default: '''Support all'''</td>
        <td>Authenticates a client to a server and establishes precisely who they are</td>
    </tr>
</table>
 
===Bridge===
----
The MQTT Broker also supports a functionality called '''Bridge'''. An MQTT Bridge is used for the communication between two MQTT Brokers. The window of Bridge parameters is presented below. Some of these are mandatory as they are needed to create a connection: Connection Name, Remote Address and Remote Port. For more information on '''MQTT Bridge''' parameters you can read the official mosquitto.conf manual page.
 
[[Image:Services mqtt broker settings bridge.PNG]]
 
<table class="nd-mantable">
    <tr>
        <th>field name</th>
      <th>value</th>
      <th>description</th>
    </tr>
    <tr>
      <td>Use TLS/SSL</td>
      <td>yes | no; Default: '''no'''</td>
      <td>Toggles MQTT Bridge ON or OFF</td>
    </tr>
    <tr>
      <td>Connection Name</td>
      <td>string; Default: " "</td>
      <td>Name of the Bridge connection. Although this is used for easier management purposes, this field is mandatory</td>
    </tr>
    <tr>
    <td>Remote Address</td>
        <td>ip; Default: " "</td>
        <td>Remote Broker’s address</td>
    </tr>
    <tr>
    <td>Remote Port</td>
        <td>integer [0..65535]; Default: '''1883'''</td>
        <td>Specifies which port the remote broker uses to listen for connections</td>
    </tr>
    <tr>
      <td>Use Remote TLS/SSL</td>
      <td>yes | no; Default: '''no'''</td>
      <td>Enables the use of TSL/SSL certificates of the remote broker. If this is checked, you will be prompted to upload TLS/SSL certificates. More information can be found in the [[#Security|Security]] section of this chapter</td>
    </tr>
    <tr>
      <td>Use Remote Bridge Login</td>
      <td>yes | no; Default: '''no'''</td>
      <td>Enables the use of Remote login data. If this is checked, you will be prompted to enter a remote client ID, username and password</td>
    </tr>
    <tr>
    <td>Topic</td>
        <td>string; Default: " "</td>
        <td>Specifies the names of the Topics that your Broker will subscribe to</td>
    </tr>
    <tr>
    <td>Try Private</td>
        <td>yes | no; Default: '''no'''</td>
        <td>Check if the remote Broker is another instance of a daemon</td>
    </tr>
    <tr>
    <td>Clean Session</td>
        <td>yes | no; Default: '''no'''</td>
        <td>Check to discard session state after connecting or disconnecting</td>
    </tr>
</table>
 
===Micellaneous===
----
The last section of MQTT Broker parameters is called '''Miscellaneous'''. It contains parameters that are related to neither Security nor Bridge.
 
[[Image:Services mqtt broker settings misc.PNG| border| class=tlt-border]]
 
<table class="nd-mantable">
    <tr>
        <th>field name</th>
      <th>value</th>
      <th>description</th>
    </tr>
    <tr>
      <td>ACL File</td>
      <td>.ACL file; Default: " "</td>
      <td>The contents of this file are used to control client access to topics of the broker</td>
    </tr>
    <tr>
      <td>Password File</td>
      <td>password file; Default: " "</td>
      <td>The Password file stores user names and corresponding passwords, used for authentication</td>
    </tr>
    <tr>
    <td>Persistence</td>
        <td>yes | no; Default: '''no'''</td>
        <td>If enabled, connection, subscription and message data will be written to the disk. Otherwise, the data is stored in the router’s memory only</td>
    </tr>
    <tr>
    <td>Allow Anonymous</td>
        <td>yes | no; Default: '''yes'''</td>
        <td>If enabled, the Broker allows anonymous access</td>
    </tr>
</table>
 
==MQTT Publisher==
 
An '''MQTT Publisher''' is a client that sends messages to the Broker, who then forwards these messages to the Subscriber.
 
[[Image:Services mqtt publisher.PNG |border| class=tlt-border]]
 
<table class="nd-mantable">
    <tr>
        <th>field name</th>
      <th>value</th>
      <th>description</th>
    </tr>
    <tr>
      <td>Enable</td>
      <td>yes | no; Default: '''no'''</td>
      <td>Toggles the MQTT Publisher ON or OFF</td>
    </tr>
    <tr>
      <td>Hostname</td>
      <td>host | ip; Default: " "</td>
      <td>Broker’s IP address or hostname</td>
    </tr>
    <tr>
    <td>Port</td>
        <td>integer [0..65535]; Default: " "</td>
        <td>Specifies the port used for connecting to the Broker</td>
    </tr>
    <tr>
    <td>Username</td>
        <td>string; Default: " "</td>
        <td>User name used for authentication when connecting to the Broker</td>
    </tr>
    <tr>
    <td>Password</td>
        <td>string; Default: " "</td>
        <td>Password used for authentication when connecting to the Broker</td>
    </tr>
</table>
 
[[Category:RUT955 WebUI]]

Latest revision as of 11:07, 9 April 2024

Main Page > EOL Products > RUT955 > RUT955 Manual > RUT955 WebUI > RUT955 Services section > RUT955 MQTT

The information in this page is updated in accordance with firmware version RUT9_R_00.07.06.16.
Note: click here for the old style WebUI (FW version RUT9XX_R_00.06.09.5 and earlier) user manual page.

Summary

MQTT (MQ Telemetry Transport or Message Queue Telemetry Transport) is an ISO standard (ISO/IEC PRF 20922) publish-subscribe-based "lightweight" messaging protocol for use on top of the TCP/IP protocol. It is designed to send short messages from one client (publisher) to another (subscriber) through brokers, which are responsible for message delivery to the end point.

RUT955 devices support this functionality via an open source Mosquitto broker. The messages are sent this way: a client (subscriber) subscribes to a topic(s); a publisher posts a message to that specific topic(s). The broker then checks who is subscribed to that particular topic(s) and transmits data from the publisher to the subscriber.

This chapter is an overview of the MQTT page for RUT955 devices.

Note: MQTT is additional software that can be installed from the System → Package Manager page.

MQTT Broker

The MQTT Broker is an entity that listens for connections on the specified port and relays received messages to MQTT client. To begin using this devices as an MQTT Broker, enable it in this page. In order to make the device accept MQTT connections from WAN (remote networks), you also need to turn the 'Enable Remote Access' slider on.

Field Value Description
Enable off | on; default: off Turn MQTT Broker on or off.
Custom configuration off | on; default: off Enables reading of custom configuration.
Local Port integer [0..65535]; default: 1883 The TCP port(s) on which the MQTT broker will listen for connections. Click the plus sign to add multiple ports.
Enable Remote Access off | on; default: off Turns remote access to this MQTT broker on or off.

Broker Settings

Security


The Security section is used to configure TLS/SSL .

Field name value description
Use TLS/SSL off | on; default: off Turns the use of TLS/SSL for this MQTT connection on or off.
TLS type Certificate based | Pre-shared key based; default: Certificate based Select type of TLS.
Require certificate off | on; default: on Demand client certificate and key from the client.
Certificate files from device off | on; default: off When turned on, provides the possibility to use certificate files generated on this device instead of uploading certificate files. You can generate TLS certificates on your device in the System → Administration → Certificates page.
CA File .ca file; default: none Uploads a Certificate Authority (CA) file. A Certificate Authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.
CERT File .crt file; default: none Uploads a server (broker) certificate file. A certificate file is a type of digital certificate that is used by client systems to make authenticated requests to a remote server.
Key File .key file; default: none Uploads a server (broker) key file.
TLS version tlsv1 | tlsv1.1 | tlsv1.2 | Support all; default: Support all Specifies which TLS version(s) is will be supported by this broker.
Pre-shared key based: Pre-Shared-Key string; default: none The pre-shared-key in hex format with no leading "0x".
Pre-shared key based: Identity string; default: none The identity of this client. May be used as the username depending on the server settings.

Bridge


An MQTT Bridge is used for the communication between MQTT brokers. The window of Bridge parameters is presented below.

Note: this table has a coloring scheme to indicate which fields can be seen with different configuration.

Field Value Description
Enable off | on; default: off Turns MQTT Bridge on and off.
Connection Name string; default: none Name of the Bridge connection. This is used for easier management purposes.
Protocol version 3.1 | 3.1.1; default: 3.1 Selects protocol version
Remote Address ip; default: none Remote Broker’s address.
Remote Port integer [0..65535]; default: 1883 Specifies which port the remote broker uses to listen for connections.
Use Remote TLS/SSL off | on; default: off Enables the use of TSL/SSL certificates of the remote broker. If this is checked, you will be prompted to upload TLS/SSL certificates. More information can be found in the Security section of this chapter.
On: Certificate files from device off | on; default: off When turned on, provides the possibility to use certificate files generated on this device instead of uploading certificate files. You can generate TLS certificates on your device in the System → Administration → Certificates page.
On: Bridge CA File .ca file; default: none Uploads a Certificate Authority (CA) file. A Certificate Authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.
On: Bridge certificate File .crt file; default: none Uploads a server (broker) certificate file. A certificate file is a type of digital certificate that is used by client systems to make authenticated requests to a remote server.
On: Bridge Key File .key file; default: none Uploads a server (broker) key file.
On: Bridge TLS version tlsv1 | tlsv1.1 | tlsv1.2; default: tlsv1 TLS version used by the other broker.
On: Bridge ALPN string; default: none Configure the application layer protocol negotiation option for the TLS session. Useful for brokers that support both websockets and MQTT on the same port.
Use Remote Bridge Login off | on; default: off Indicates whether the remote side of the connection requires login information. If this is turned on, you will be required to enter a remote client ID, username and password.
On: Remote ID string; default: none Identifier of the remote broker
On: Remote Username string; default: none Username for authentication to the remote broker.
On: Require password on | off; default: off Password for authentication to the remote broker.
On: Remote Password string; default: none Password for authentication to the remote broker.
Try Private off | on; default: off Check if the remote Broker is another instance of a daemon.
Clean Session off | on; default: off When turned on, discards session state after connecting or disconnecting.
Enable notification off | on; default: off Publish notification messages to the local and remote brokers giving information about the state of the bridge connection.
Enable local notifications off | on; default: off Only publish notification messages to the local broker giving information about the state of the bridge connection.
Keepalive interval (5-65535); default: 60 Set the keepalive interval for this bridge connection, in seconds.

You can also create and manage MQTT topics in the Topics list below the Bridge section. To add a new topic, click the 'Add' button.

You can then configure the newly added topic from the same page.

Field value description
Topic Name string; default: none The name of the topics that the broker will subscribe to.
Direction OUT | IN | BOTH; default: OUT The direction that the messages will be shared.
QoS Level At most once (0) | At least once (1) | Exactly once (2); default: At most once (0) Sets the publish/subscribe QoS level used for this topic.

Miscellaneous


The Miscellaneous section is used to configure MQTT broker parameters that are related to neither Security nor Bridge.

field name value description
ACL File ACL file; default: none Uploads an ACL file. The contents of this file are used to control client access to topics of the broker.
Password File password file; default: none Uploads a password. A password file stores usernames and corresponding passwords, used for authentication.
Persistence off | on; default: off When turned on, connection, subscription and message data will be written to the disk. Otherwise, the data is stored in the device memory only.
Allow Anonymous off | on; default: off Turns anonymous access to this broker on or off.
Max queued messages [0..65535]; default: 1000 The maximum number of QoS 1 and 2 messages to hold in a queue per client above those that are currently in-flight. Set to 0 for no maximum (not recommended).
Maximum packet size [1..268435456]; default: 1048576 Maximum size of packet before it will be dropped.

MQTT Publisher

An MQTT Publisher is a client instance that can send messages to the Broker, who can forward these messages to other clients (subscribers).

Note: this table has coloring scheme to indicate which fields can be seen with different configuration.

Field Value Description
Enable off | on; default: off Toggles the MQTT Publisher ON or OFF.
Hostname host | ip; default: none Broker’s IP address or hostname.
Port integer [0..65535]; default: 1883 Broker's port number.
Client ID string; default: empty Client ID to send with the data. If empty, a random client ID will be generated.
Username string; default: none Username used for authentication to the Broker.
Require password check | uncheck; default: Uncheck Requires password for authentication.
Password string; default: none Password used for authentication to the Broker.
TLS off | on; default: off Turns the use of Transport Layer Security (TLS) on or off.
On: Allow insecure connection off | on; default: off Allows connections without verifying server authenticity.
TLS type Certificate based | Pre-shared key based; default: Certificate based Select type of TLS.
On: Certificate files from device off | on; default: off When turned on, provides the possibility to use certificate files generated on this device instead of uploading certificate files. You can generate TLS certificates on your device in the System → Administration → Certificates page.
On: CA file .ca file; default: none Certificate authority file used in Transport Layer Security.
On: Certificate file .crt file; default: none Certificate file used in Transport Layer Security.
On: Key file .key file; default: none Key file used in Transport Layer Security.
Pre-shared key based: Pre-Shared-Key string; default: none The pre-shared-key in hex format with no leading "0x".
Pre-shared key based: Identity string; default: none The identity of this client. May be used as the username depending on the server settings.
Publish topic prefix string; default: empty Prefix of the topic to be used during publish. More information.
Subscribe topic prefix string; default: empty Prefix of the topic to be used during subscription. More information.