FreeBSD Manual Pages

home | help

MOSQUITTO_CTRL(1) Commands MOSQUITTO_CTRL(1)

NAME
mosquitto_ctrl - a tool for initialising/configuring a Mosquitto broker
instance

SYNOPSIS

mosquitto_ctrl [connection-options | -o config-file] module-name
module-command [command-options]

connection-options:
{[-h hostname] [--unix socket path] [-p port-number] [-u username] [-P password]
| -L URL} [-A bind-address] [-c] [-d]
[-i client-id] [-q message-QoS] [--quiet]
[-V protocol-version]
[[{--cafile file | --capath dir} [--cert file] [--key file] [--ciphers ciphers] [--tls-version version] [--tls-alpn protocol] [--tls-engine engine] [--keyform {pem | engine}] [--tls-engine-kpass-sha1 kpass-sha1] [--insecure]]
|
[--psk hex-key --psk-identity identity [--ciphers ciphers] [--tls-version version]]]
[--proxy socks-url]

mosquitto_ctrl [--help]

DESCRIPTION
mosquitto_ctrl is a tool for helping configure a Mosquitto broker
instance.

ENCRYPTED CONNECTIONS
mosquitto_ctrl supports TLS encrypted connections. It is strongly
recommended that you use an encrypted connection for all remote use of
mosquitto_ctrl.

To enable TLS connections when using x509 certificates, one of either
--cafile or --capath must be provided as an option.

To enable TLS connections when using TLS-PSK, you must use the --psk
and the --psk-identity options.

MODULES
Dynamic security
Authentication, and role based access control with users and
groups. Uses the dynsec module name. See: mosquitto_ctrl_dynsec(1)

External modules
mosquitto_ctrl has the ability to load external modules in the form
of shared libraries. For example using the module name example will
try to load the external module mosquitto_ctrl_example.so or
mosquitto_ctrl_example.dll, depending on platform. This allows new
functionality to be added to Mosquitto by combining a plugin and
mosquitto_ctrl module, without having to recompile any Mosquitto
source code.

CONNECTION OPTIONS
The options below may be given on the command line, but may also be
placed in a config file located at $XDG_CONFIG_HOME/mosquitto_ctrl or
$HOME/.config/mosquitto_ctrl.

The config file may be specified manually with the -o config-file
option.

The config file should have one pair of -option value per line. The
values in the config file will be used as defaults and can be
overridden by using the command line. The exceptions to this are the
message type options, of which only one can be specified. Note also
that currently some options cannot be negated, e.g. -S. Config file
lines that have a # as the first character are treated as comments and
not processed any further.

-A
Bind the outgoing connection to a local ip address/hostname. Use
this argument if you need to restrict network communication to a
particular interface.

--cafile
Define the path to a file containing PEM encoded CA certificates
that are trusted. Used to enable SSL communication.

See also --tls-engine.

-L, --url
Specify specify user, password, hostname, port and topic at once as
a URL. The URL must be in the form:
mqtt(s)://[username[:password]@]host[:port]/topic

If the scheme is mqtt:// then the port defaults to 1883. If the
scheme is mqtts:// then the port defaults to 8883.

--nodelay
Disable Nagle's algorithm for the socket. This means that latency
of sent messages is reduced, which is particularly noticeable for
small, reasonably infrequent messages. Using this option may result
in more packets being sent than would normally be necessary.

-o config-file
Provide a path to a config file to load options from. The config
file should have one pair of -option value per line. The values in
the config file will be used as defaults and can be overridden by
using the command line. The exceptions to this are the message type
options, of which only one can be specified. Note also that
currently some options cannot be negated, e.g. -S. Config file
lines that have a # as the first character are treated as comments
and not processed any further.

-p, --port
Connect to the port specified. If not given, the default of 1883
for plain MQTT or 8883 for MQTT over TLS will be used.

-P, --pw
Provide a password to be used for authenticating with the broker.
Using this argument without also specifying a username is invalid
when using MQTT v3.1 or v3.1.1. See also the --username option.

--proxy
Specify a SOCKS5 proxy to connect through. "None" and "username"
authentication types are supported. The socks-url must be of the
form socks5h://[username[:password]@]host[:port]. The protocol
prefix socks5h means that hostnames are resolved by the proxy. The
symbols %25, %3A and %40 are URL decoded into %, : and @
respectively, if present in the username or password.

If username is not given, then no authentication is attempted. If
the port is not given, then the default of 1080 is used.

More SOCKS versions may be available in the future, depending on
demand, and will use different protocol prefixes as described in
curl(1).

--psk
Provide the hexadecimal (no leading 0x) pre-shared-key matching the
one used on the broker to use TLS-PSK encryption support.
--psk-identity must also be provided to enable TLS-PSK.

--psk-identity
The client identity to use with TLS-PSK support. This may be used
instead of a username if the broker is configured to do so.

-q, --qos
Specify the quality of service to use for messages, from 0, 1 and
2. Defaults to 1.

--quiet
If this argument is given, no runtime errors will be printed. This
excludes any error messages given in case of invalid user input
(e.g. using --port without a port).

--tls-alpn
Provide a protocol to use when connecting to a broker that has
multiple protocols available on a single port, e.g. MQTT and
WebSockets.

--tls-engine
A valid openssl engine id. These can be listed with openssl engine
command.

Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages