(This is hastly jotted down. Updates may be needed…)

Add mosquitto’s PPA to ubuntu, in a terminal
sudo apt-add-repository ppa:mosquitto-dev/mosquitto-ppa

If the command does’t work, read more here

Run update
sudo apt-get update
Install the mosquitto server only
sudo apt-get install mosquitto
Install the mosquitto server and mosquitto pub/sub clients
sudo apt-get install mosquitto mosquitto-clients
Stop the mosquttio server
sudo /etc/init.d/mosquitto stop
Add users to mosquitto
sudo mosquitto_passwd -c /etc/mosquitto/users.passwd xxyyzz

Where ‘xxyyzz’ is the username. You will be asked to enter a password. Twice. Repeat for all your users…without the -c

sudo mosquitto_passwd /etc/mosquitto/users.passwd aabbcc
Change owner of the file:
sudo chown mosquitto /etc/mosquitto/users.passwd
Create TLS Certificates

You ‘MUST’ use certificates to avoid transfer usernames and password in the clear….
Here and Here (Explain, later, how…)

(Copy the CA cert-chain to /etc/mosquitto/ca_certificates)
(Copy the hosts cert and key to /etc/mosquitto/certs)

Create ACL file for permissions
sudo touch /etc/mosquitto/permissions.acl
sudo chown mosquitto /etc/mosquitto/permissions.acl

Edit the file:

sudo nano /etc/mosquitto/permissions.acl
user xxyyzz
topic read #
topic owntracks/xxyyzz/#

user aabbcc
topic read #
topic owntracks/aabbcc/#

More on permissions here

Settings file

The mosquitto package creates a default config-file here: /etc/mosquitto/mosquitto.conf
As stated in that file, all files in the directory /etc/mosquitto/conf.d/ with a .conf extension will be read and loaded by mosquitto at start…

Create custom conf-file
sudo touch /etc/mosquitto/conf.d/custom.mosquitto.conf
sudo chown mosquitto /etc/mosquitto/conf.d/custom.mosquitto.conf

Verify the permissions

ls -la /etc/mosquitto/conf.d

Output:

total 12
drwxr-xr-x 2 root      root 4096 Jan  6 18:05 .
drwxr-xr-x 5 root      root 4096 Jan  6 17:33 ..
-rw-r--r-- 1 root      root  142 Nov  9 16:12 README
-rw-r--r-- 1 mosquitto root    0 Jan  6 18:04 custom.mosquitto.conf
Add some settings to custom.mosquitto.conf

Verify paths and filename correctness

allow_anonymous false
allow_duplicate_messages false

autosave_interval 1800

connection_messages true
log_dest stderr
log_dest topic
log_type error
log_type warning
log_type notice
log_type information
log_type all
log_type debug
log_timestamp true

password_file /etc/mosquitto/users.passwd
acl_file /etc/mosquitto/permissions.acl

persistent_client_expiration 1d

# No TLS
listener 1883 127.0.0.1

# With TLS
listener 8883
#capath /etc/mosquitto/ca_certificates
cafile /etc/mosquitto/ca_certificates/ca.crt
certfile /etc/mosquitto/certs/box.example.com.crt
keyfile /etc/mosquitto/certs/box.example.com.key
require_certificate false

Transformed from this excellent page and this one