This project provides an MQTT broker boilerplate specifically designed for Meshtastic mesh network moderation. It handles encrypted mesh packets, validates messages, and can be configured to run with SSL.
- MQTT server implementation for Meshtastic devices
- Allows for more precise access control than Mosquito ACLs
- Support for encrypted mesh packet handling and validation
- Support for validating client connections and subscriptions
- SSL support for secure MQTT connections
- Built using C# / .NET 9.0 with MQTTnet
- Multi-platform support
- Can be easily be packaged to run as a portable standalone binary
- Configurable logging with Serilog
- Docker installed on your system
- Certificate file (if using SSL mode)
-
Clone the repository:
git clone https://github.com/meshtastic/mqtt cd mqtt -
Build the Docker image:
docker build -t meshtastic-mqtt-broker .
To run with SSL enabled:
- Place your certificate file (
certificate.pfx) in the project directory. (see MQTTnet Server Wiki) - Run the container with the SSL environment variable:
docker run -p 8883:8883 -v $(pwd)/certificate.pfx:/app/certificate.pfx meshtastic-mqtt-brokerversion: '3'
services:
mqtt-broker:
build: .
ports:
- "8883:8883"
volumes:
- ./certificate.pfx:/app/certificate.pfx
restart: unless-stopped- Certificate: Mount your PFX certificate file to
/app/certificate.pfxin the container or preferably modify it in the parent folder after git cloning. - Ports: The application uses 8883 for SSL MQTT (default).
- Rate-limiting a packet we've heard before
- Rate-limiting packets per node
- "Zero hopping" certain packets
- Blocking unknown topics or undecryptable packets (from unknown channels)
- Blocking or rate-limiting certain portnums
- Fail2ban style connection moderation
- Banning from known bad actors list
- Ensure proper network access to the Docker container
- Check that certificates are correctly formatted
- Review logs using
docker logs [container-id]
