IoT server: Mosquitto and Node Red on Raspberry Pi
Setting up your own local, private and secure ‘Internet of Things’ (IoT) server is easy with Mosquitto, Node Red and a Raspberry Pi. Sometimes this route is preferable to a cloud-based IoT solution. Because ‘the cloud‘ is just someone else’s computer, and you never know where your data will end up or when they will alter or terminate their services.
In this tutorial we will set up a basic server/broker using a Raspberry Pi (any model), Mosquitto and Node Red.
Mosquitto MQTT broker
MQTT (Message Queue Telemetry Transport) is a machine-to-machine messaging protocol for use on top of the TCP/IP protocol. It is designed to provide lightweight publish/subscribe communication to “Internet of Things” devices. It is commonly used for geo-tracking fleets of vehicles, home automation, sensor networks, and utility-scale data collection.
Mosquitto is a popular MQTT server (‘broker’) that has great community support and is easy to install and configure.
Node Red
Node-RED is a programming tool developed by IBM for wiring together hardware devices, APIs and online services. It provides a browser-based editor that makes it easy to wire together flows using a wide range of nodes that can be deployed to its runtime in a single click.
Preparing the Raspberry Pi
Download Raspbian Lite and write the image to your SD card. Install the SD card in the Raspberry Pi and boot the system. Log in to your Pi locally with the username ‘pi‘ and password ‘raspberry‘.
Start the configuration tool ‘raspi-config’:
sudo raspi-config
- Change the username and password
- Change the hostname
- Go to ‘interfacing options’ > ‘SSH’ and enable SSH
- Enabe I2C and SPI if you want to use the GPIO pins
Exit the configuration tool and reboot the Pi:
sudo reboot
After rebooting, you can log in remotely using SSH and update the Raspbian package lists:
sudo apt-get update
Installing the Mosquitto MQTT broker
Download and install the required packages:
sudo apt-get install mosquitto mosquitto-clients
The MQTT broker is now operating on your Pi’s TCP port 1883.
If you are using the Chrome browser, you can test Mosquitto by installing the ‘MQTT Lens’ extension for Google Chrome.
Securing MQTT with passwords
By default, Mosquitto will allow anonymous access. We will now set Mosquitto up to require usernames and passwords from clients before they can connect. Use the utility mosquitto_passwd to generate the passwords file /etc/mosquitto/passwd:
sudo mosquitto_passwd -c /etc/mosquitto/passwd yourusernamehere
Replace ‘yourusernamehere’ with your new username. Then create a new (empty) configuration file which tells Mosquitto to use the passwords file:
sudo nano /etc/mosquitto/conf.d/default.conf
In the file, copy and paste the following two lines:
allow_anonymous false
password_file /etc/mosquitto/passwd
Save the file and restart the broker:
sudo systemctl restart mosquitto
You can now test Mosquitto again with MQTT Lens. It will be unable to connect to the broker unless you configure it to use your username and password.
Installing Node Red
Install the latest node.js, the run-time environment for executing JavaScript code server-side:
sudo apt-get install nodejs
Install Node Red:
sudo apt-get install nodered
Make Node Red start automatically when the Pi boots:
sudo systemctl enable nodered.service
Start Node Red:
sudo node-red
Now you can find the browser-based GUI of Node Red at http://<IP address of your Pi>:1880
Installing the Node Red dashboard
The dashboard extension for Node Red can be installed using either the Node Red GUI or using the shell. Using the shell commands in your Node-RED user directory (typically ~/.node-red):
sudo apt-get install npm
sudo npm i -g [email protected]
sudo npm install node-red-dashboard
A restart of Node Red may be required.
Or using the Node Red GUI:
- Enter the main menu (horizontal bars, top right)
- Select “Manage palette”
- Select the “Install” tab
- Enter “node-red-dashboard” in the search box
- Click the “install” button
- After installing is done, click the ‘done’ buton
- Reload the Node Red GUI in the browser (press F5)
- You will find the tab “dashboard” on the right hand side
The dashboard is available at http://<IP address of your Pi>:1880/ui
Securing the Node Red GUI with a password
The security settings for Node Red can be found in the file /home/pi/.node-red/settings.js:
// Securing Node-RED
// -----------------
// To password protect the Node-RED editor and admin API, the following
// property can be used. See http://nodered.org/docs/security.html for details.
//adminAuth: {
// type: "credentials",
// users: [{
// username: "admin",
// password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
// permissions: "*"
// }]
//},
You need to uncomment the adminAuth sectiom, change the username and password hash.
To generate a new password hash, install the ‘node-red-admin’ tool:
sudo npm install -g node-red-admin
And generate a new hash:
node-red-admin hash-pw
Then edit the adminAuth sectiom to look like this:
// Securing Node-RED
// -----------------
// To password protect the Node-RED editor and admin API, the following
// property can be used. See http://nodered.org/docs/security.html for details.
adminAuth: {
type: "credentials",
users: [{
username: "[your new username here]",
password: "[your new password hash here]",
permissions: "*"
}]
},
Do not forget to insert your new username and password hash. Next time when you access the Node Red GUI, you will be asked for your username and password.
See also the next blog post: “IoT server: secure MQTT communication using TLS“.
Thanks for the very clear and well written tutorial!
I just got a little problem at the end…
After installing the node-red-dashboard and rebooting the system I’ve got he following error trying to initialize Node Red:
[info] Node-RED version: v0.17.4
…
[warn] Communication server error: Error: listen EADDRINUSE 0.0.0.0:1880
[error] Unable to listen on http://127.0.0.1:1880/
[error] Error: port in use
Any idea of what could be wrong?
You’re welcome! The error says there is some other service already listening on port 1880. Did you use a fresh install of Raspbian? Did you install other applications that might be also using port 1880?
You can try to find conflicting services on port 1880 by executing this command on your Raspberry Pi:
netstat -l -p |grep 1880I want to ask How i can access it through internet and not only locally.
I want a IP that can be accessed from anywhere. Is that possible. If yes then How?
All ypu need to do is type ‘killall node-red’
then ‘sudo node-red’ to start server
Worked for me.
I would like to ask how i could add 5 reed switches and show their status. Eg door 1 is open, door2 is closed and so on
I got my RPI up and running with node red and mqtt as in your tutorial. I got a few esp8266 that publish each one to a specific topic. Once the value of a sensor changes for 0 to 1 i would like to execute a separatescript for each topic. I would appreciate any help available, please.
hi i want to run adafruit dashboard to control raspberry with node red
Hi Munish, I am not familiar with the Adafruit dashboard yet. What are you trying to accomplish?
Thank you very much for this great tutorial. After unsuccessful attempts with other instructions, I finally found this masterpiece of a tutorial that helped me set up my Pi the way I wanted.
Thank you for your message, I am glad it was useful for you!
Thanks for the tutorial, it is amazing. I am facing issues securing node red. I have installed node red and it runs as a service. So after every reboot i do not have to type anything in the terminal to start node red. if i follow the above instructions to secure node red and then type node-red stop and then node-red start i am getting a login page and i can login properly. Once i reboot the system, there is not login page.
is there a way to fix this, please?