Skip to main content

Install EMQ-X MQTT Broker

Install Supporting Software

If installing as a single server with integrated database authentication, install the following:

 Install MariaDB

Install Apache

Install PHP 7.4

Install phpMyAdmin

Install EMQ-X

wget https://www.emqx.com/en/downloads/broker/4.3.10/emqx-ubuntu20.04-4.3.10-amd64.deb
sudo apt install ./emqx-ubuntu20.04-4.3.10-amd64.deb

Configure EMQ-X for HAProxy

 If installing behind a reverse proxy such as HAProxy you will need the following similar configuration inside your HAProxy server configuration:

Make sure to adjust accordingly for SSL and IP address

frontend mqtt_fe
        mode tcp
        option tcplog

        bind *:1883
        bind *:8883 ssl crt /etc/ssl/private

        # Reject connections that have an invalid MQTT packet
        tcp-request inspect-delay 10s
        tcp-request content reject unless { req.payload(0,0),mqtt_is_valid }
        default_backend mqtt_be

backend mqtt_be
        mode tcp
        balance roundrobin

        # Create a stick table for session persistence
        stick-table type string len 32 size 100k expire 30m

        # Use ClientID / client_identifier as persistence key
        stick on req.payload(0,0),mqtt_field_value(connect,client_identifier)

        server mqtt1 192.168.1.91:1883 check-send-proxy send-proxy-v2 check inter 10s fall 2 rise 5

Next, edit the EMQ-X configuration to accommodate the proxy:

sudo nano /etc/emqx/emqx.conf

Find the following section which will have the setting commented and uncomment the setting to look as follows:

## Enable the Proxy Protocol V1/2 if the EMQ X cluster is deployed
## behind HAProxy or Nginx.
##
## See: https://www.haproxy.com/blog/haproxy/proxy-protocol/
##
## Value: on | off
listener.tcp.external.proxy_protocol = on

Configure EMQ-X for Database Authentication using MySQL/MariaDB

Edit the EMQ-X Plugin configuration for MySQL:

sudo nano /etc/emqx/plugins/emqx_auth_mysql.conf

Edit the following sections according to your login information:

## MySQL server address.
##
## Value: Port | IP:Port
##
## Examples: 3306, 127.0.0.1:3306, localhost:3306
auth.mysql.server = 127.0.0.1:3306

## MySQL username.
##
## Value: String
auth.mysql.username = mqtt

## MySQL password.
##
## Value: String
auth.mysql.password = password

## MySQL database.
##
## Value: String
auth.mysql.database = mqtt

Change the following sections to set up passwords to be stored using salted and hashed passwords:

Make sure to comment out the existing line which only uses hashing with sha256!

## Authentication query.
##
## Note that column names should be 'password' and 'salt' (if used).
## In case column names differ in your DB - please use aliases,
## e.g. "my_column_name as password".
##
## Value: SQL
##
## Variables:
##  - %u: username
##  - %c: clientid
##  - %C: common name of client TLS cert
##  - %d: subject of client TLS cert
##
auth.mysql.auth_query = select password, salt from mqtt_user where username = '%u' limit 1
## auth.mysql.auth_query = select password_hash as password from mqtt_user where username = '%u' limit 1

## Password hash.
##
## Value: plain | md5 | sha | sha256 | bcrypt
## auth.mysql.password_hash = sha256

## sha256 with salt prefix
## auth.mysql.password_hash = salt,sha256

## bcrypt with salt only prefix
## auth.mysql.password_hash = salt,bcrypt

## sha256 with salt suffix
auth.mysql.password_hash = sha256,salt

Start EMQ-X

sudo service emqx start

Login to EMQ-X

Open your browser to the URL for the server: http://<IPAddr>:18083

The username is admin and the password is public

Be sure to change the password immediately!

Go to the plugins and enable the emqx_auth_mysql plugin.

Back to top