Mosquitto 2 MQTT Broker on Ubuntu 24.04 on Azure User Guide

Overview

Eclipse Mosquitto is the canonical lightweight MQTT broker — used in millions of IoT deployments. The cloudimg image installs Mosquitto 2.x from Ubuntu noble universe with allow_anonymous false, a per-VM cloudimg user password rotated at first boot, and persistence enabled.

What is included:

• Mosquitto 2.x from Ubuntu 24.04 noble universe
• mosquitto-clients (mosquitto_pub, mosquitto_sub)
• Listener on TCP 1883 (MQTT)
• Per-VM cloudimg password rotated at firstboot via mosquitto_passwd
• Anonymous connections rejected
• /etc/mosquitto/conf.d/cloudimg.conf overrides
• mosquitto.service running as mosquitto:mosquitto
• Persistence at /var/lib/mosquitto
• 24/7 cloudimg support

Prerequisites + Step 1-3

Standard B2s, NSG: TCP 22 + 1883 from your IoT/client networks.

Step 4: Verify

sudo systemctl status mosquitto.service --no-pager
sudo ss -tln | grep 1883

Step 5: Read the Password

sudo cat /stage/scripts/mosquitto-credentials.log

Step 6: Pub/Sub Round-Trip

PASS=$(sudo grep '^MOSQUITTO_PASSWORD=' /stage/scripts/mosquitto-credentials.log | cut -d= -f2-)

# Terminal A: subscribe to all topics
mosquitto_sub -h localhost -u cloudimg -P "${PASS}" -t '#' -v

# Terminal B: publish
mosquitto_pub -h localhost -u cloudimg -P "${PASS}" -t sensors/temp -m 22.5
mosquitto_pub -h localhost -u cloudimg -P "${PASS}" -t devices/01/state -m online

Step 7: Components

Step 8: Security

• Restrict NSG so 1883 only reaches IoT clients
• Enable TLS on port 8883 with cert + ca files in conf.d/
• Per-client ACLs via acl_file in conf.d/
• Patch monthly: apt-get update && apt-get upgrade && reboot

Licensing

Mosquitto is EPL-2.0 / EDL-1.0 — free. cloudimg provides commercial support separately. support@cloudimg.co.uk.