Setting up a Low Cost SMQ IoT Broker

The following Internet of Things IoT tutorial will show how easy it is to build your own IoT cloud solution and connect thousands of devices. For the purpose of demonstration, we have selected a low-end Virtual Private Server (VPS) with 64Mb of memory that is capable of serving up to 10,000 unique devices (tested). Alternatively, the same software solution could easily scale to accommodate millions of connections by making use of a more sophisticated service providers, such as Amazon Elastic Cloud or Google Cloud.

The cost of the cloud solution, for the purpose of this tutorial, is approximately $12 per year, which includes a VPS and domain name. The addition of security is optional, and the tutorial also explains how to install an SSL certificate for the SMQ Broker.

We use the Mako Server Engine running as a background service on the Linux operating system to provide the device to SMQ Broker communications. Prior Linux experience is not required, however a working knowledge of a command line interface is necessary for terminal operations.

Signing up for VPS Service

Selecting a VPS Provider

We have selected Secure Dragon as the VPS provider in this tutorial, however, you may use any VPS provider. See Installing Mako Server on an Online VPS for alternatives.

  1. Navigate to securedragon.net, click OpenVZ, click O64, and click the Order Now button.
  2. On the next page in the Wizard, select Billing Cycle, select VPS location, and select Debian (7) as the operating system.
  3. Complete the wizard.

You will receive an email some time after signing up. The following shows an excerpt from such an email with details that you will need when configuring and installing software on the VPS.

We are pleased to tell you that the server you ordered has now been set up and is running the OS you picked during the order process. Server Details ============================= Server Plan: O64 Main IP: 162.253.179.15 Root Password: https://securedragon.net/xxxxxx

Use the "Root Password" link to retrieve the VPS root password. You will need this password when connecting using SSH (explained below).

Setting up a Domain Name

When you sign up for a VPS service you get a dedicated IP address that uniquely identifies your online server. You can navigate to the VPS by simply using the IP address, but it is more convenient to use a domain name. In the following section, we will show you how to connect a domain name to an IP address.

Navigate to http://www.freenom.com, signup, and select one of the free domain names. During the registration process, select Use DNS and enter the VPS IP address in the two fields. Select 12 month period and click Continue. Your VPS should now be accessible via the domain name you registered. Note that it may take up to 48 hours before it works.

If you did not setup the DNS during the registration, do as follows:

  1. In the control panel, click Domain -> My Domains.
  2. Click on your domain and click Manage Domain
  3. Click Manage Freenom DNS. You should see the page below (Figure 2).
  4. Leave the name field blank and enter the IP address in the Target. 
  5. If you also want the server to be accessible as http://www.your-domain-name, go to the "Add Record" and add www in the Name field and the IP address in the Target field.

Figure 2: The two name records that make the server accessible with or without the www prefix

Installing the Mako Server and the SMQ Broker

The server must be installed from a Linux console and your VPS is accessible via Secure Shell (SSH). You can login to the VPS using the information provided in the email you received after signing up for the VPS service. Install the Putty SSH client if you are using Windows as your host operating system.

Using SSH, enter the server's IP address (from the email you received). You can also use the new domain name if the DNS is ready. You can test this by pinging your domain name. The ping command should respond with your server's IP address if the DNS is ready.

Figure 3: Running Putty on Windows and connecting to online VPS using the domain name simplemq.tk

At the login prompt, enter the user 'root' and the password that is set for your VPS. You can proceed to installing the Mako Server and the broker as soon as you are logged in.

The Mako Server and the broker can be installed in two ways: automatically (by using a script we have prepared) or manually.

Option one: Install Mako Server and SMQ broker automatically.

Copy the following and paste into the Linux console (Putty)

wget http://makoserver.net/install/brokerX86/install.sh; chmod +x install.sh; ./install.sh

You will be asked for a username and password during the installation process. The username and password enable you to securely mount/map your online SMQ broker's 'www' directory as a WebDAV network drive.

Option two: Install Mako Server and SMQ broker manually.

Installing the server manually will give you a deeper understanding of how to manage and install software on an online VPS.

To manually install the Mako Server and configure the Mako Server, proceed to the tutorial Installing Mako Server as a Service on Linux and navigate back to this tutorial when you have completed the installation process.

When the server is installed, enter the following commands (or copy and paste) into the SSH terminal window (you must be running as root):

su mako; cd; cd www; wget http://makoserver.net/download/IoT-LED-Broker.tar.gz; tar xvzf IoT-LED-Broker.tar.gz; rm IoT-LED-Broker.tar.gz; exit; /etc/init.d/mako.sh restart;

The above commands download a prepackaged SMQ broker application (IoT-LED-Broker.tar.gz ) and install the package in the 'www' directory. The last command restarts the Mako Server, where the Mako Server loads the new SMQ broker application.

Testing the broker

After completing the installation, navigate to your domain name using your browser. Use the VPS IP address if your domain name is still not working (it takes time for DNS to replicate). You should see the LED demo. The LED demo's web pages are included in the broker setup package (IoT-LED-Broker.tar.gz) and enable you to quickly verify that everything is working. You can delete the LED demo when no longer needed.

You should also test that you can mount/map the online server as a WebDAV network drive. You should be able to directly work on the server's 'www' directory from your own computer as soon as you have the online server setup as a network drive.

WebDAV URL: http://server-address/fs/

We also recommend downloading the non secure SMQ LED client source code; then modify the example's C source code URL to point to your own domain name, compiling the example, and making sure you can connect the example to your own broker. Note, you cannot use the secure SMQ client at this time since you do not have an SSL certificate. The secure SMQ LED demo C code is setup such that the example requires an Elliptic Curve Cryptography (ECC) Certificate. We will go into details about how to install an ECC certificate at the end of the SSL Certificate instructions below.

SSL Certificate

Installing an SSL certificate is not required unless you need secure communication for your SMQ broker and/or web applications running on the server.

At a minimum, you need to follow the Server SSL Certificate Installation Tutorial. This tutorial is for installing an RSA certificate. You have some more work to do if you plan on using the secure SMQ device client (SharkMQ) and connecting this client to your online SMQ broker. The secure SMQ LED device demo is setup to use Elliptic Curve Cryptography (ECC) Certificates. You could change the example to use RSA certificates, but this solution introduces another problem. RSA certificates are big and our chained certificate signed by Comodo is even bigger. Chained RSA certificates are no good when communicating with resource constrained edge nodes. The solution is to use ECC certificates and no intermediaries.

The cool thing about the Mako Server is that we can set it up to use an RSA certificate signed by a well known CA and serve this RSA certificate to browsers and set up a different ECC certificate for edge nodes. A complete tutorial on how to set up a dual certificate RSA/ECC server can be found in the online SharkSSL documentation under section Certificate Management for IoT.

Posted in SimpleMQ