dev-resources.site
for different kinds of informations.
Securing MQTT: A Guide to Basic Authentication
Instant Payments for IoT
Woovi wants to enable instant payments everywhere.
To make this possible for IoT devices, like vending machines, we are working on our infrastructure to make this integration easy and secure.
MQTT
After looking for an IoT messaging solution, we decided to use the standard MQTT.
It is lightweight and efficient, it uses Publish / Subscribe Architecture.
And it is securely enabled.
This enables us to send and receive messages from IoT related to payment events.
Adding basic authentication for the MQTT Server
MQTT server enables unauthenticated access, access over username and password, and also using auth plugins. You can read more about it here authentication-methods.
We are using mosquitto as our MQTT server.
For our basic use case, we only need 2 users, one to read and write on any topic, and another user that can only read.
This is our docker compose for mosquito as MQTT server
mosquitto:
image: eclipse-mosquitto:latest
restart: always
command: mosquitto -c /mosquitto/config/mosquitto.conf
ports:
- '1884:1883'
- '8081:8080'
volumes:
- ./docker/mosquitto/mosquitto.conf:/mosquitto/config/mosquitto.conf
- ./docker/mosquitto/acl.conf:/mosquitto/config/acl.conf
- ./docker/mosquitto/passwd.txt:/mosquitto/config/passwd.txt
mosquitto.conf
autosave_on_changes false
persistence true
persistence_location /mosquitto/data/
log_dest file /mosquitto/log/mosquitto.log
listener 1883
listener 8080
protocol websockets
password_file /mosquitto/config/passwd.txt
acl_file /mosquitto/config/acl.conf
allow_anonymous false
acl.conf
user writer
topic readwrite #
user reader
topic read #
passwd.txt
writer:***
reader:***
mosquitto.conf
provides configuration for the MQTT server,
allow_anonymous false
will disable access unauthenticated access.
acl.conf
describes read and write permissions for topics per user.
passwd.txt
has the hashes of the passwords of the users, not the real passwords.
How to generate the passwd.txt?
Create a passwd.txt
file with your users and passwords
writer:secret-writer
reader:secret-reader
Run mosquitto_password
CLI to generate the password hashes
mosquitto_passwd -U passwd.txt
In Summary
This guide shows how to set up basic authentication on a MQTT server using a password file.
For simple use cases, like a few users, this works well, but if you need more specific security needs you need to move to auth plugins to create users and manage ACL in a dynamic way.
Check auth plugin for more complex use cases.
Woovi
Woovi is a Startup that enables shoppers to pay as they like. Woovi provides instant payment solutions for merchants to accept orders to make this possible.
If you want to work with us, we are hiring!
Photo by Joshua Sortino on Unsplash
Featured ones: