Installing and configuring Mosquitto on Debian

Eclipse Mosquitto is an open source (EPL/EDL licensed) message broker that implements the MQTT protocol versions 5.0, 3.1.1 and 3.1. Mosquitto is lightweight and is suitable for use on all devices from low power single board computers to full servers. The MQTT protocol provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for Internet of Things messaging such as with low power sensors or mobile devices such as phones, embedded computers or microcontrollers. The Mosquitto project also provides a C library for implementing MQTT clients, and the very popular mosquitto_pub and mosquitto_sub command line MQTT clients. Mosquitto is part of the Eclipse Foundation, is an project and is sponsored by


sudo apt-key add mosquitto-repo.gpg.key
cd /etc/apt/sources.list.d/
sudo wget
apt-get update
apt-get install mosquitto


Create file /etc/mosquitto/conf.d/listener.conf:

bind_address x.x.x.x

Create file /etc/mosquitto/conf.d/authorisation.conf:

listener 1883 x.x.x.x

Create a user and password:

mosquitto_passwd -c <password file> <username>
kill -HUP <process id of mosquitto>

Result in /var/log/mosquitto/mosquitto.log:

1636747458: New connection from x.x.x.x:59620 on port 1883.
1636747458: New client connected from x.x.x.x:59620 as y (p2, c1, k60, u'client').
1636747843: New connection from x.x.x.x:5709 on port 1883.
1636747843: New client connected from x.x.x.x:5709 as z (p2, c0, k60, u'client').


Backup and restore ArangoDB data

You can easily back-up and restore the ArangoDB database from Windows. All you need is WinSCP, Putty, and some diskspace. I’m running the batch script below every time I login to my workstation automatically to backup the configuration database:

plink -batch -pw xxx -t root@ "systemctl stop arangodb3"
plink -batch -pw xxx -t root@ "cd /data/backup && zip -r /data/arangodb/data"
plink -batch -pw xxx -t root@ "systemctl start arangodb3"
pscp -pw xxx -v -r root@  G:\IoT\ArangoDB\
plink -batch -pw xxx -t root@ "rm /data/backup/"

You can restore the database by installing ArangoDB on another system and copying the data back into the correct directory. Make sure you stop the ArangoDB service before you restore the data.

When the ArangoDB version on the target system is newer then the ArangoDB version on the source system you need to upgrade the database first. Stop the ArangoDB service and start it in the console with the – parameter:

systemctl stop arangodb
/usr/sbin/arangod --uid arangodb --gid arangodb --pid-file /var/run/arangodb3/ --temp.path /var/tmp/arangodb3 --log.foreground-tty true

Install ArangoDB on Debian


curl -OL 
sudo apt-key add - < Release.key 
echo 'deb /' | sudo tee /etc/apt/sources.list.d/arangodb.list
sudo apt-get update 
sudo apt-get install arangodb3

Change database directory

Change the database directory in: /etc/arangodb3/arangod.conf

directory = /data/arangodb/data

Ensure the arangodb has access rights to this directory: /etc/systemd/system/arangodb3.service

chown -R arangodb:arangodb /data/arangodb
chmod 700 /data/arangodb

Change endpoint and secure connection

ArangoDB configuration file location: /etc/arangodb3/arangod.conf

endpoint = ssl:// 
keyfile = /var/lib/arangodb3/server.pem

Generate the server certificate:

# create private key in file "server.key" 
openssl genpkey -out /var/lib/arangodb3/server.key -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -aes-128-cbc 

# create certificate signing request (csr) in file "server.csr" 
openssl req -new -key /var/lib/arangodb3/server.key -out /var/lib/arangodb3/server.csr 

# copy away original private key to "" 
cp /var/lib/arangodb3/server.key /var/lib/arangodb3/ 

# remove passphrase from the private key 
openssl rsa -in /var/lib/arangodb3/ -out /var/lib/arangodb3/server.key 

# sign the csr with the key, creates certificate PEM file "server.crt" 
openssl x509 -req -days 10000 -in /var/lib/arangodb3/server.csr -signkey /var/lib/arangodb3/server.key -out /var/lib/arangodb3/server.crt 

# combine certificate and key into single PEM file "server.pem" 
cat /var/lib/arangodb3/server.crt /var/lib/arangodb3/server.key > /var/lib/arangodb3/server.pem



Login with the specified root password.

Installing the UniFi Network Application on Raspberry Pi

Unfortunately MongoDB does not have an ARM64 bit package for Raspberry Pi yet, so I’m installing this on a Raspberry Pi with a 32-bit (Debian-based) Raspberry Pi OS:

sudo apt update && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt-get autoclean -y
sudo apt install openjdk-8-jre-headless jsvc libcommons-daemon-java -y
sudo apt install haveged -y
sudo apt install mongodb-server mongodb-clients -y

echo 'deb stable ubiquiti' | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.list
sudo wget -O /etc/apt/trusted.gpg.d/unifi-repo.gpg
sudo apt update && sudo apt install unifi -y

Go to your UniFi Controller via the IP address and port, for example:

Updating Eclipse Ditto

Stop running containers using docker-compose and remove the containers.

docker-compose stop
docker rm docker_nginx_1
docker rm docker_connectivity_1
docker rm docker_gateway_1 
docker rm docker_things_1 
docker rm docker_concierge_1 
docker rm docker_things-search_1
docker rm docker_policies_1
docker rm docker_mongodb_1
docker rm docker_swagger-ui_1 
docker system prune -a

Download the latest Ditto zip from Github and re-run docker-compose.yaml.

This folder contains an example docker-compose.yml which can be used to start Eclipse Ditto with its backing Database – MongoDB – and a reverse proxy – nginx – in front of the HTTP and WebSocket API.

Eclipse Ditto :: Docker


Configure nginx

The nginx’s configuration is located in the nginx.conf file and contains a “Basic authentication” for accessing the HTTP and WebSocket API. The users for this sample authentication are configured in the nginx.httpasswd file also located in this directory.

In order to add a new entry to this file, use the “openssl passwd” tool to create a hashed password:

openssl passwd -quiet
 Password: <enter password>
 Verifying - Password: <enter password>

Append the printed hash in the nginx.httpasswd file placing the username who shall receive this password in front like this:


Configuration of the services

You may configure each service via passing variables to the java VM in the entrypoint section for each service.

# Alternative approach for configuration of the service
command: java -Dditto.gateway.authentication.devops.password=foobar -jar starter.jar

To get a list of available configuration options you may retrieve them from a running instance via:

# Substitute gateway with the service you are interested in
curl http://devops:foobar@localhost:8080/devops/config/gateway/?path=ditto

Or by going through the configuration files in this repository e.g. /services/gateway/starter/src/main/resources/gateway.conf.

Start Eclipse Ditto

docker-compose up -d

Check the logs after starting up:

docker-compose logs -f

Stop Eclipse Ditto

docker-compose down

Installing .NET 6 on a Raspberry PI (Debian)

Create a folder, for example /app/dotnet6, and assign ownership to the right user:

sudo mkdir /app/dotnet6
sudo chown -R pi /app/

Download the .NET 6 SDK at Microsoft:


Extract the tar.gz file in the /app/dotnet6 directory:

sudo tar zxf dotnet-sdk-6.0.100-linux-arm64.tar.gz -C /app/dotnet6

Test the .NET6 installation by browsing to the installation directory and execute the dotnet –info command:

cd /app/dotnet6
./dotnet --info
.NET SDK (reflecting any global.json):
 Version:   5.0.101
 Commit:    d05174dc5a

Runtime Environment:
 OS Name:     debian
 OS Version:  10
 OS Platform: Linux
 RID:         debian.10-arm64
 Base Path:   /app/dotnet/sdk/5.0.101/

Host (useful for support):
  Version: 5.0.1
  Commit:  b02e13abab

.NET SDKs installed:
  5.0.101 [/app/dotnet/sdk]

.NET runtimes installed:
  Microsoft.AspNetCore.App 5.0.1 [/app/dotnet/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 5.0.1 [/app/dotnet/shared/Microsoft.NETCore.App]

To install additional .NET runtimes or SDKs: