Setting up your own local, private and secure ‘Internet of Things’ (IoT) server is easy with Mosquitto, Node Red and a Raspberry Pi. Sometimes this route is preferable to a cloud-based IoT solution. Because ‘the cloud‘ is just someone else’s computer, and you never know where your data will end up or when they will alter or terminate their services.
In this tutorial we will set up a basic server/broker using a Raspberry Pi (any model), Mosquitto and Node Red.
Mosquitto MQTT broker
MQTT (Message Queue Telemetry Transport) is a machine-to-machine messaging protocol for use on top of the TCP/IP protocol. It is designed to provide lightweight publish/subscribe communication to “Internet of Things” devices. It is commonly used for geo-tracking fleets of vehicles, home automation, sensor networks, and utility-scale data collection.
Mosquitto is a popular MQTT server (‘broker’) that has great community support and is easy to install and configure.
Node-RED is a programming tool developed by IBM for wiring together hardware devices, APIs and online services. It provides a browser-based editor that makes it easy to wire together flows using a wide range of nodes that can be deployed to its runtime in a single click.
Preparing the Raspberry Pi
Download Raspbian Lite and write the image to your SD card. Install the SD card in the Raspberry Pi and boot the system. Log in to your Pi locally with the username ‘pi‘ and password ‘raspberry‘.
Start the configuration tool ‘raspi-config’: sudo raspi-config
Change the username and password
Change the hostname
Go to ‘interfacing options’ > ‘SSH’ and enable SSH
Enabe I2C and SPI if you want to use the GPIO pins
Exit the configuration tool and reboot the Pi: sudo reboot
After rebooting, you can log in remotely using SSH and update the Raspbian package lists: sudo apt-get update
Installing the Mosquitto MQTT broker
Download and install the required packages: sudo apt-get install mosquitto mosquitto-clients
The MQTT broker is now operating on your Pi’s TCP port 1883.
By default, Mosquitto will allow anonymous access. We will now set Mosquitto up to require usernames and passwords from clients before they can connect. Use the utility mosquitto_passwd to generate the passwords file /etc/mosquitto/passwd:
You can now test Mosquitto again with MQTT Lens. It will be unable to connect to the broker unless you configure it to use your username and password.
Installing Node Red
sudo apt-get install nodejs
Install Node Red:
sudo apt-get install nodered
Make Node Red start automatically when the Pi boots:
sudo systemctl enable nodered.service
Start Node Red:
Now you can find the browser-based GUI of Node Red at http://<IP address of your Pi>:1880
Installing the Node Red dashboard
The dashboard extension for Node Red can be installed using either the Node Red GUI or using the shell. Using the shell commands in your Node-RED user directory (typically ~/.node-red):
sudo apt-get install npm sudo npm i -g firstname.lastname@example.org sudo npm install node-red-dashboard
A restart of Node Red may be required.
Or using the Node Red GUI:
Enter the main menu (horizontal bars, top right)
Select “Manage palette”
Select the “Install” tab
Enter “node-red-dashboard” in the search box
Click the “install” button
After installing is done, click the ‘done’ buton
Reload the Node Red GUI in the browser (press F5)
You will find the tab “dashboard” on the right hand side
The dashboard is available at http://<IP address of your Pi>:1880/ui
Securing the Node Red GUI with a password
The security settings for Node Red can be found in the file /home/pi/.node-red/settings.js:
You need to uncomment the adminAuth sectiom, change the username and password hash.
To generate a new password hash, install the ‘node-red-admin’ tool: sudo npm install -g node-red-admin
And generate a new hash: node-red-admin hash-pw
Then edit the adminAuth sectiom to look like this:
Do not forget to insert your new username and password hash. Next time when you access the Node Red GUI, you will be asked for your username and password.