Many moons ago I set up a sonoff basic power relay with tasmota firmware and a Mosquitto MQTT Message Broker on a raspberry pi so that I can switch my 3D printer on and off remotely.

I've recently added a few more tasmota devices in my apartment for home automation, and wanted a more stable platform for my mosquitto MQTT broker. I've also been playing with Docker on my Synology NAS (installed via the Synology Package Manager), and since that has a redundant storage, a UPS, and is already running 24/7, I figured why not run Mosquitto on it. I've already installed a few other applications under Docker on the NAS, which has worked out quite well.

Here are my setup notes.

Create Docker Container

I ssh'd into the nas using an admin account, and created some folders for use by the mosquitto container:
mkdir -p /volume1/docker/mosquitto /volume1/docker/mosquitto/config /volume1/docker/mosquitto/data /volume1/docker/mosquitto/log
cd /volume1/docker/mosquitto
chmod 777 config data log
I then created the file /volume1/docker/mosquitto/docker-compose.yaml with the following contents:

version: '3'
services:
server:
image: eclipse-mosquitto
ports:
- "1883:1883"
- "9001:9001"
volumes:
- "/volume1/docker/mosquitto/config/mosquitto/config"
- "/volume1/docker/mosquitto/data:/mosquitto/data"
- "/volume1/docker/mosquitto/log:/mosquitto/log"
And also a file /mnt/nas1/Docker/mosquitto/config/mosquitto.conf:
persistence true
persistence_location /mosquitto/data/

log_dest file /mosquitto/log/mosquitto.log

allow_anonymous false
password_file /mosquitto/config/passwd
Note: If you don't want logs saved to disk, you can leave out the "log_dest" line above. Logs can then be viewed in the Docker UI in Synology DSM.

Now I can use docker-compose to bring up the container:
cd /volume1/docker/mosquitto/
touch /volume1/docker/mosquitto/config/passwd
sudo docker-compose up --no-start
Pulling server (eclipse-mosquitto:)...
latest: Pulling from library/eclipse-mosquitto
c87736221ed0: Pulling fs layer
0a668b6832af: Downloading [> ] c87736221ed0: Downloading [> ] c87736221ed0: Extracting [> ] c87736221ed0: Extracting [=> ] c87736221ed0: Extracting [==============> ] c87736221ed0: Extracting [===========================================> ] c87736221ed0: Extracting [==================================================>] c87736221ed0: Pull complete
0a668b6832af: Extracting [=> ] 0a668b6832af: Extracting [===> ] 0a668b6832af: Extracting [===============================================> ] 0a668b6832af: Extracting [==================================================>] 0a668b6832af: Extracting [==================================================>] 0a668b6832af: Pull complete
07bc6cc597a2: Extracting [==================================================>] 07bc6cc597a2: Extracting [==================================================>] 07bc6cc597a2: Pull complete
Digest: sha256:f2986c43a34b123565a8c497593baa27b93df4142f80928019f08ba568a1da3b
Status: Downloaded newer image for eclipse-mosquitto:latest
Creating mosquitto_server_1 ... done

sudo docker-compose start
Starting server ... done

Create user accounts

I've set up mosquitto to require a user id and password whenever something wants to connect to it. To create mosquitto user accounts, I typed in the NAS terminal, replacing "USER" with the name of the account to create.
sudo docker exec -it "mosquitto_server_1" mosquitto_passwd /mosquitto/config/passwd USER
You can also delete an account using:
sudo docker exec -it "mosquitto_server_1" mosquitto_passwd -D /mosquitto/config/passwd USER
After making changes to the accounts, you need to restart the docker process:
sudo docker restart "mosquitto_server_1"
Restarting docker can also be done from the Docker UI in the synology DSM.

Note: if there are zero users in the password file, mosquitto will allow anonymous connections.


Testing

In a terminal on my Desktop PC, I installed the mosquitto_clients package:
sudo apt install mosquitto_clients
Then in a terminal, I set up a subscriber. This simulates someting listening to a particular channel ("/test/one") on the broker:
mosquitto_sub -h nas1 -p 1883 -u USER -P PASSWORD -t "/test/one" -v
In another terminal, I set up a client to publish some text into the "/test/one" channel:
mosquitto_pub -h nas1 -p 1883 -u USER -P PASSWORD -t "/test/one" -m "HELLO"
If everything is set up correctly, the following text will appear in the subscriber terminal window:
/test/one HELLO
And there we have it: A mosquitto MQTT broker running under Docker on a Synology NAS !