Mako Server and Arduino IoT Christmas Light Controller

The Holiday Light Controller is a fun project that lets you provide public access to your outdoor lights during the holiday season. Perfect for homeowners, parties, café, restaurants, and church displays to allow admiring visitors a selection of lighting transitions such as Wave, Psychedelic, Sequence On/Off, and Overlapping commands via a mobile phone.

Arduino ESP8266 IoT Light Controller


This DIY tutorial shows how to connect one or several relay/triack WiFi modules to an online server and how to enable visitors to control the relay/triack WiFi modules via a web interface provided by the online server.

We will go over everything in detail below, but here is what you need to get started:

  • ESP8266 WiFi Module with relays or triacs
  • Light Controller Device Software - (See download below)
  • Home WiFi Internet Access
  • Virtual Private Server or use a free service (server information below)
  • a (free) Domain Name

ESP8266 WiFi Module

The device firmware is designed for ESP8266, and in particular for the ESP8266 WiFi Four Relay board. You can use any Arduino ESP8266 board, but that will require modifications for the GPIO settings in the firmware source code. The benefit in using the ESP8266 WiFi Four Relay board is that it comes ready to use with four relays and a power supply. Other ESP8266 boards may require that you also assemble your own I/O hardware and relay banks.

The ESP8266 WiFi Four Relay board, which supports both U.S. and European voltage, is connected directly to your household electric power (mains). The actual lights must be wired to the ESP8266 WiFi Four Relay board as shown in the following figure:

Installing the Arduino ESP8266 Firmware

Download the Light Controller Device Software, unpack the ZIP file and open the Sketch in the Arduino IDE. Compile the code and upload the code to the ESP8266 board.

If you are new to the Arduino IDE and to the ESP8266 Arduino IDE plugin, follow one of the getting started guides such as this one or watch an ESP8266 video on YouTube.

Note that one ESP8266 is referred to as a light bank, and the ESP8266 WiFi Four Relay board provides a bank of four lights. You can connect any number of light banks to the online server. The server will then merge the light banks into one coherent user interface, enabling you to control any number of lights.

Other ready to use relay boards you may use:

The ebay seller Aptinum provides two alternative boards that may be used as a replacement for the ESP8266 WiFi Four Relay Board.

You may use the Aptinex ESP8266 IOT Triac Module - 4 Channel Module or the Aptinex ESP8266 IOT WIFI 4 Channel Relay Module.

The Aptinum boards are almost half the price, but the boards do not come with a USB connector, thus a UART to USB device is required for uploading the firmware using the Arduino IDE. See the DZone article Programming the ESP8266 With the Arduino IDE in 3 Simple Steps for information on how to flash the firmware for these two boards.

#define RELAY_1 12
#define RELAY_2 13
#define RELAY_3 14
#define RELAY_4 15

The Aptinex boards use different GPIOs for the relay/triacs. If you use these boards, set the GPIO settings as shown to the right in the Arduino firmware source code file LightController.ino.

Installing the Light Controller Server Solution

An online server is needed for hosting the server side Light Controller software. You can either use a standard Virtual Private Server or use a free cloud server (test account) provided by providers such as Microsoft Azure and Google Cloud.

An online VPS enables you to remotely login by using SSH (Secure Shell). If your own computer is running Windows, download the SSH client Putty, and start the executable from any directory. Mac and Windows computers typically include a command line SSH client, thus you can simply type ssh in a command line on Linux and Mac.

When you sign up for a VPS service, such as the budget securedragon VPS, you will receive an email with instructions for how to remotely log into your VPS by using SSH. The instructions include the IP address of your new VPS and the root (admin) password. The following figure shows how to enter the IP address in Putty and how to login as user root in the command line window.


To install the complete Light Controller Server Software, copy all of the following and paste the commands into the SSH console window.

source <(wget -q -O-

The above script will ask you to enter a name for an administrator and the password. When the server is installed, the administrator credentials will enable you to log into the web based administrator user interface. Use your browser and navigate to the IP address of the online server as soon as the installation script completes.

VPS Alternative:

The Google Cloud Platform provides free services for low capacity web applications. The DZone article Dockerizing Your Homemade IoT Christmas Light Controller explains how to use a (free) alternative to using a VPS.

Domain Name

Control our Christmas Lights

The server solution requires that you use at least one domain name. You can sign up for free domain names using, for example, freenom. A suggestion is to select a name such as your last name or your street address. You could then create a sign and display this sign on your front yard. The sign could for example say:

Download the Powerpoint representation of the image to the left by clicking on the image.

Light Controller Manual

The Manual, which explains how to use the online web interface and how to initially configure the ESP8266 using a browser, can be downloaded as a PDF: LightControllerManual.pdf. The manual is also integrated into the online web interface and can be accessed after installing the Light Controller server solution.

Assembling the Hardware

  • $1 Pencil Case
  • Relay/Triac Board
  • Holiday Time Christmas Lights Cord 3-Outlet (you need two for one box or four for three boxes)
  • Spray paint for plastic (green)
  • Gorilla Glue (for initial hardening of cables in the Pencil Case)
  • Silicone caulk (for additional hardening of cables and for making it waterproof)
Christmas Light Controller Box

Implementation Notes

The following section is for computer programmers:

The Light Controller Application is designed for the Mako Server and uses the SMQ protocol for real time communication between browsers, the Light Controller Server App, and devices (Light Controller banks).

The web based Light Controller App is powered by JavaScript and enables the user of the web interface to control the lights in real time by sending one-to-one and pub/sub SMQ messages to the light controller devices via the online server.


The light controller security concept was inspired by the DZone article Have We Forgotten the Ancient Lessons About Building Defense Systems?

A problem with many pub/sub protocols is that they typically cannot be used without authentication since this would leave the door completely open, especially for pub/sub protocols that enable wildcard subscription. See MQTT was hacked to pieces by Lucas Lundgren and we also hacked MQTT to pieces.

However, the web-based Light Controller App would not be very user-friendly if visitors were forced to register and login prior to being able to control the lights. We wanted the app to be user friendly; thus the Light Controller solution was designed to not enforce authentication for the SMQ protocol.

You are probably at this point thinking, hey wait minute, the Light Controller App must be totally insecure. However, that is not the case, since the SMQ protocol enables us to enforce strict authorization.

The Light Controller solution uses two lines of defense: (1) working in stealth mode, and (2) strict authorization. Authentication would have added one additional line of defense, however, the solution is designed to be sufficiently secure without having to use authentication.

Hackers first need to identify a solution before they can attempt to exploit it. The ESP8266 light controller devices operate as network clients (TCP/IP clients), thus they cannot be identified nor can they be directly compromised. Although the SMQ brokers operate as servers and can be detected, it is unlikely since an automated port scanner cannot easily see the difference between a web server and the SMQ broker. In addition, the SMQ broker cannot be found by going directly to the IP address of the server. The broker can only be found by using one of the registered domain names.

Should a hacker still find the broker, the second line of defense kicks in. The Light Controller Server App is designed to enforce strict authorization, where an attacker will be identified and temporarily banned. The exact authorization logic implemented for the Light Controller Server App is best understood by studying the Lua source code.