You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

Introduction

The introduction of the container feature into the RouterOS made it possible to run all kinds of servers for all sorts of tasks inside the router. This is especially relevant for people, who want to reduce the number of devices in their network. Instead of running a server on a separate device/machine, why not run it inside the router?

In this guide, we will showcase how to install a basic MQTT broker (or in other words, server) called eclipse-mosquitto. MQTT protocol is a very popular choice, especially in IoT topologies. It is an open OASIS and ISO standard lightweight, publish-subscribe network protocol that transports messages between devices. A typical topology consists of an MQTT publisher (a device that sends information), an MQTT broker (a server where the data is stored), and an MQTT subscriber (a device that listens to the data published on the server).

RouterOS supports MQTT publish feature and, now, we can also run the MQTT broker as well.

The image that we are going to use, can be found by following the hub.docker link.

Summary

Sub-menu: /container

note: container package is required.

Make sure to study our container guide before proceeding with the configuration. Make sure to check the disclaimer and requirements sections to understand all the risks and necessary steps you might be required to do.

You can find supported architectures by following the link.

At the time, when the guide was published, eclipse-mosquitto image was available for ARM32, ARM64, and AMD64 (CHR and x86) devices. In this example, we will run it on an ARM32 architecture device → RB1100AHx4.

Container configuration

Container mode

Enable container mode:

/system/device-mode/update container=yes

You will need to confirm the device-mode with a press of the reset button, or a cold reboot, if using container on X86.

Networking

Add veth interface for the container:

/interface/veth/add name=veth2 address=172.19.0.2/24 gateway=172.19.0.1

Create a bridge for containers and add veth to it:

/interface/bridge/add name=msqt
/ip/address/add address=172.19.0.1/24 interface=msqt
/interface/bridge/port add bridge=msqt interface=veth2

Forward TCP 1883 for non-SSL MQTT:

/ip firewall nat add action=dst-nat chain=dstnat dst-address=192.168.88.1 dst-port=1883 protocol=tcp to-addresses=172.19.0.2 to-ports=1883

Getting image

To simplify the configuration, we will get the image from an external library but you can also import it via the .tar file.

Make sure that you have "Registry URL" set accordingly, limit RAM usage (if necessary), and set up a directory for the image.

/container/config/set registry-url=https://registry-1.docker.io tmpdir=disk7/pull

Pull image:

/container/add remote-image=eclipse-mosquitto:latest interface=veth2 root-dir=disk7/mosquitto logging=yes

After running the command, RouterOS should start "extracting" the package. Check "File System" for newly created folders and monitor container status with the command /container/print.

Starting the container

After you make sure that the container has been added and the status changed to status=stopped after using /container/print → you can initiate it:

/container/start 0

If you enabled container logging, you would see something like this in the Logs section:

 11:27:14 container,info,debug 1675416434: mosquitto version 2.0.15 starting
 11:27:14 container,info,debug 1675416434: Config loaded from /mosquitto/config/mosquitto.conf.
 11:27:14 container,info,debug 1675416434: Starting in local only mode. Connections will only be possible from clients running on this machine.
 11:27:14 container,info,debug 1675416434: Create a configuration file which defines a listener to allow remote access.
 11:27:14 container,info,debug 1675416434: For more details see https://mosquitto.org/documentation/authentication-methods/
 11:27:14 container,info,debug 1675416434: Opening ipv4 listen socket on port 1883.
 11:27:14 container,info,debug 1675416434: Opening ipv6 listen socket on port 1883.
 11:27:14 container,info,debug 1675416434: mosquitto version 2.0.15 running

Altering mosquitto configuration file

In this example, we will do a very basic, not secure, and quick configuration demonstration, that should be used only for testing purposes within your local network. Make sure to check mosquitto documentation page for more information about additional options and settings you can implement. If you want to use it for production please make sure to harden the security in any way possible:

  • Firewall, so that access to the container is allowed only from the trusted IP addresses;
  • Increasing security from the mosquitto broker/server-side → use strong passwords, non-standard ports ...etc.

To access the mosquttio.conf file, we will need to use SFTP (file transfer over SSH) protocol, so make sure that SSH service is enabled.

Open your command terminal ("CMD", as Administrator, for Windows users, or "Linux Shell or Command Terminal" for Linux users) and navigate it to the directory where you want to download the configuration file. For example, to "Container" folder on your "Desktop":

C:\WINDOWS\system32>cd C:\Users\Administrator\Desktop\Container

C:\Users\Administrator\Desktop\Container>

Initiate SFTP to the device's IP address:

C:\Users\Administrator\Desktop\Container>sftp admin@192.168.88.1
The authenticity of host '192.168.88.1 (192.168.88.1)' can't be established.
RSA key fingerprint is SHA256:lfxxs+xMrXlvP7hiHi9ZAEZlPi6/c5US+r6J7ljhkaA.
Are you sure you want to continue connecting (yes/no/[fingerprint])?yes
Warning: Permanently added '192.168.88.1' (RSA) to the list of known hosts.
Connected to 192.168.88.1.
sftp>

While the container is running, go to the mosquitto configuration file folder (use dir or ls command to see the content of the folder you are in and cd command to go to the folder of our choice). By default, per the container logs from RouterOS, the configuration was loaded from the "/mosquitto/config/mosquitto.conf", so, navigate there and use get command to download it:

sftp> cd disk7/mosquitto/mosquitto/config
sftp> dir
mosquitto.conf
sftp> get mosquitto.conf
Fetching /disk7/mosquitto/mosquitto/config/mosquitto.conf to mosquitto.conf
/disk7/mosquitto/mosquitto/config/mosquitto.conf

Open "mosquitto.conf" via your preferred text editor (notepad or any other), and just overwrite it with two lines shown below (or you could have just created a new/fresh file, named it "mosquitto.conf" and added the two lines there via any text editor → same result):

listener 1883
allow_anonymous true
  • The first line, listener 1883, will make the installation listen for incoming network connection on the specified port.
  • The second line, allow_anonymous true, determines whether clients that connect without providing a username are allowed to connect.

Re-save the file/overwrite it using the same mosquitto.conf file name.

Once again, use SFTP from the directory where this newly edited file is located and put it back (overwrite the default file within the container):

C:\Users\Administrator\Desktop\Container>dir
 Directory of C:\Users\Administrator\Desktop\Container

02/03/2023  12:09 PM    <DIR>          .
02/03/2023  12:09 PM    <DIR>          ..
02/03/2023  12:09 PM            40,449 mosquitto.conf
               1 File(s)         40,449 bytes
               2 Dir(s)  76,166,430,720 bytes free

C:\Users\Administrator\Desktop\Container>sftp admin@192.168.88.1
Connected to 192.168.88.1.
sftp> cd disk7/mosquitto/mosquitto/config
sftp> dir
mosquitto.conf
sftp> put mosquitto.conf
Uploading mosquitto.conf to /disk7/mosquitto/mosquitto/config/mosquitto.conf
mosquitto.conf                                                                        100%   40KB   2.5MB/s   00:00

Restart the container:

[admin@MikroTik] > /container/stop 0
[admin@MikroTik] > /container/start 0

Make sure to wait for the container to stop (status=stopped should be shown after using /container/print command) before initiating it again.

MQTT publish

note: iot package is required.

Add an MQTT broker:

/iot/mqtt/brokers/add name=mosquitto username=test address=172.19.0.2

Publish a static MQTT message:

/iot/mqtt/publish broker="mosquitto" topic="test/topic" message="{\"test\":\"123\"}"

Result verification

You can use MQTT software (MQTT clients) to see the actual content of the topic/message that you have just posted or check the logs (if enabled) instead:

 12:47:28 container,info,debug 1675421248: New connection from 172.19.0.1:42240 on port 1883.
 12:47:28 container,info,debug 1675421248: New client connected from 172.19.0.1:42240 as MTD8580EC793C4 (p2, c1, k60, u'test').
 12:47:38 container,info,debug 1675421258: Client MTD8580EC793C4 disconnected.
  • No labels