Why Mosquitto is Still “King” in Real-World IoT Projects?
When deploying Smart Home or industrial sensor systems, the biggest challenge is connecting hundreds of devices (ESP32, Raspberry Pi) without crashing the server. After over six months of operating a real-world system, I still choose Mosquitto. It’s incredibly lightweight. A low-end VPS with 512MB RAM can smoothly handle over 1,000 concurrent connections while consuming less than 10MB of resources.
MQTT operates on a Publish/Subscribe mechanism. Instead of devices calling each other directly, they push messages through a central coordination station called a Broker. Mosquitto is that coordination station. It complies perfectly with MQTT standards from v3.1 to v5.0.
I’ve struggled with packet loss during peak hours. At that time, messages were delayed by tens of seconds, and devices kept reconnecting due to default configurations that weren’t optimized for poor network conditions. This guide will help you take a shortcut and avoid those silly mistakes from the start.
Installing Mosquitto on Linux (Ubuntu/Debian)
Most Linux distributions today come with Mosquitto available. I’ll be working on Ubuntu 22.04, but the process is identical for Debian or Raspberry Pi OS.
First, clean and update your system:
sudo apt update && sudo apt upgrade -y
Install the Broker and the Client package (for quick command testing) with a single command:
sudo apt install mosquitto mosquitto-clients -y
After installation, check if the service is running:
sudo systemctl status mosquitto
If you see the active (running) line in green, you’re good to go. But don’t use it just yet. From version 2.0 onwards, Mosquitto is extremely strict about security. If you don’t reconfigure it, external devices won’t be able to connect.
Security Configuration: Closing Dangerous Vulnerabilities
By default, Mosquitto only allows connections from localhost and doesn’t require a password. For real-world projects, we need to open ports and set up authentication.
1. Setting up Listeners and Authentication
Don’t edit the main config file. Create a separate file in conf.d for easier management and future backups.
sudo nano /etc/mosquitto/conf.d/default.conf
Paste the following configuration content:
# Open port 1883 for all IP access
listener 1883 0.0.0.0
# Require an account for connections
allow_anonymous false
# Specify the password storage file
password_file /etc/mosquitto/passwd
2. Managing User Accounts
Now, create your first user (e.g., admin_user). The system will prompt you to enter a password twice.
sudo mosquitto_passwd -c /etc/mosquitto/passwd admin_user
Note: The -c parameter will wipe all existing users to create a new file. If you want to add a second user, omit -c to avoid losing data.
3. Optimizing Persistence (State Storage)
To prevent message loss when the server restarts or when the network is unstable, add the following lines to the end of the default.conf file:
persistence true
persistence_location /var/lib/mosquitto/
# Save data to disk every 30 minutes
autosave_interval 1800
Restart to apply all changes:
sudo systemctl restart mosquitto
Testing the System with Real Commands
To ensure everything is working correctly, we’ll simulate a device sending data and an app receiving data.
Receiving Data (Subscribe)
Open a Terminal and run this command to wait for messages from the living room sensor:
mosquitto_sub -h localhost -t "home/livingroom/temp" -u "admin_user" -P "your_password"
Sending Data (Publish)
Open a second Terminal and send a packet simulating a temperature of 28.5 degrees Celsius:
mosquitto_pub -h localhost -t "home/livingroom/temp" -m "28.5" -u "admin_user" -P "your_password"
If the first Terminal immediately displays 28.5, your broker is ready for action.
Operational Experience and Advanced Security
When exposing the system to the Internet, a username/password isn’t enough. Data running through port 1883 is plain text and can easily be intercepted.
- Deploy SSL/TLS: Always use port 8883 with Let’s Encrypt certificates to encrypt the entire transmission.
- Use ACL (Access Control List): Implement granular permissions. Don’t allow a temperature sensor to have the right to send a door unlock command (topic
door/unlock). - Health Monitoring: Subscribe to the topic
$SYS/broker/clients/connected. If this number spikes unusually, the system might be under a DDoS attack or a device might have a connection loop error.
Mastering Mosquitto isn’t difficult, but keeping it stable in a volatile real-world network environment is another story. I hope these insights help you build a more robust IoT system. If you encounter errors while configuring SSL or ACL, feel free to leave a comment, and I’ll help you out!

