One Mosquitto broker to supervise every tracker in the plant
A locked-down mosquitto.conf
Users per role, not per device
ID maps that tie MQTT to the field
A snippet from the implementation
Straight from the example as deployed on the Central server — copy it freely:
set -e
# === 1. Broker installation ===================================================
apt-get update
apt-get install -y mosquitto mosquitto-clients
# === 2. Main configuration: /etc/mosquitto/conf.d/central.conf ===============
# - Port 1883 on the plant's internal network only.
# - allow_anonymous false: every tracker authenticates.
# - persistence: keeps the last state of each tracker across restarts.
cat > /etc/mosquitto/conf.d/central.conf << 'EOF'
# --- Main listener (plant internal network) ---
listener 1883
allow_anonymous false
password_file /etc/mosquitto/passwd
# --- Persistence of retained messages and sessions ---
persistence true
persistence_location /var/lib/mosquitto/
# --- Logging ---
log_dest file /var/log/mosquitto/mosquitto.log
log_type error
log_type warning
log_type notice
connection_messages true
# --- Conservative limits for a fleet of trackers ---
max_connections 256
max_keepalive 120The full example is a complete program — wiring header, setup and main loop — ready to adapt to your application.
Frequently asked questions
Why CSV files instead of a database for the ID maps?
At fleet scale the map changes rarely and is tiny. CSVs are versionable, diffable and editable in the field without tooling. The dashboard loads them at startup; a database becomes worthwhile only with thousands of devices.
How should the topic hierarchy be structured?
The deployment uses seguidores/plant/id/estado for telemetry and seguidores/plant/id/comando for orders. This lets the dashboard subscribe to seguidores/# while each PLC subscribes only to its own command topic.
Should the broker use TLS as well as passwords?
On an isolated plant network, password authentication is the common baseline. If trackers connect across shared or public infrastructure, add a TLS listener on 8883 with certificates — Mosquitto supports both listeners simultaneously.