Skip to main content

Listener Configuration

Listeners define how YedMQ receives requests from MQTT clients and management tools. YedMQ supports multiple protocols to cater to different networking requirements.

Supported Protocols​

  • TCP: Standard MQTT (default port 1883)
  • TCP-TLS: Secure MQTT over TLS/SSL (default port 8883)
  • WebSocket (WS): MQTT over WebSockets (default port 8083)
  • WebSocket Secure (WSS): MQTT over Secure WebSockets (default port 8084)
  • API: REST Management API (default port 3456)

TCP Listener​

Configures the standard unencrypted MQTT connection.

[listener.tcp]
external = "0.0.0.0:1883"

[listener.tcp.rate_limit]
messages_rate = 1000
messages_burst = 100
  • external: The IP address and port to bind. 0.0.0.0 listens on all interfaces.
  • rate_limit.messages_rate: Maximum number of inbound MQTT PUBLISH packets allowed per second for this listener.
  • rate_limit.messages_burst: Maximum burst size for inbound MQTT PUBLISH packets within the rate limit window.
  • rate_limit: Set messages_rate <= 0 or messages_burst <= 0 to disable rate limiting for this listener.
  • rate_limit behavior: When rate limited, over-limit PUBLISH packets are dropped and the client connection remains open.

TCP-TLS Listener​

Configures encrypted MQTT connections.

[listener.tcp_tls]
external = "0.0.0.0:8883"
cert_file = "/path/to/cert.pem"
key_file = "/path/to/key.pem"
cacert_file = "/path/to/ca.pem" # Optional

[listener.tcp_tls.rate_limit]
messages_rate = 1000
messages_burst = 100
  • external: Binding address and port for TLS connections.
  • cert_file: Path to the PEM-encoded certificate chain file.
  • key_file: Path to the PEM-encoded private key file.
  • cacert_file: Path to the CA certificate file for verifying client certificates (if enabled).

WebSocket (WS) Listener​

Configures MQTT over WebSockets, useful for browser-based clients.

[listener.ws]
external = "0.0.0.0:8083"

[listener.ws.rate_limit]
messages_rate = 1000
messages_burst = 100
  • external: Binding address and port for WebSocket connections.

WebSocket Secure (WSS) Listener​

Configures encrypted MQTT over WebSockets.

[listener.wss]
external = "0.0.0.0:8084"
cert_file = "/path/to/cert.pem"
key_file = "/path/to/key.pem"
cacert_file = "/path/to/ca.pem" # Optional

[listener.wss.rate_limit]
messages_rate = 1000
messages_burst = 100
  • external: Binding address and port for secure WebSocket connections.
  • cert_file: Path to the certificate file.
  • key_file: Path to the private key file.

API Listener​

Configures the REST management API and its authentication.

[listener.api]
external = "0.0.0.0:3456"

[listener.api.auth]
users = [
    { username = "admin", password = "password" }
]
  • external: Binding address and port for the REST API.
  • auth.users: A list of authorized users (username and password) for Basic Authentication.