Skip to content

Latest commit



126 lines (97 loc) · 4.62 KB

File metadata and controls

126 lines (97 loc) · 4.62 KB


A cloud-native asynchronous MQTT V5 Broker written in Rust.

CI GitHub tag License issues - mcloudtt Commits/m


  • MQTT V5
  • Websocket
  • TLS
  • Authentication via TLS
  • BigQuery Logging
  • Redis Backend
  • Docker
  • Kubernetes
  • MQTT V3.1.1(maybe)
  • MQTT V3(not planned)

Architecture overview



view - Documentation

Getting started

Run to generate required keys and certificates in the certs folder.

After installing Rust, run cargo run --release to start the broker.

With the secure feature enabled, the broker will require TLS and authentication via TLS.

So to connect to the broker, you will need to provide a client certificate and key. The broker will also require a CA certificate to verify the client certificate.


To build the docker image, run:

cargo build --release --target x86_64-unknown-linux-musl --features docker
docker build -t mcloudtt .

Feature Guide

Feature Description
secure Enabled by default. Enables TLS and authentication via TLS. Disable only if you know what you are doing.
docker Enables the docker feature, which is as of now sets the right IP Address for the broker to listen on.
bq_logging Enables logging to BigQuery. Requires an sa.key file
redis Enables Redis as a backend. For distributed/Kubernetes setups
tokio_console Enables monitoring via the tokio console.

When deploying in a cluster, you can also use the BigQuery-Adapter instead of the broker-feature bq_logging.


The broker can be configured via a config.toml file. The default configuration is as follows:

websocket = true
timeout = 10

certfile = "certs/broker/broker.crt"
keyfile = "certs/broker/broker.key"

tcp = 1883
ws = 8080

project_id = "azubi-knowhow-building"
dataset_id = "mcloudttbq"
table_id = "topic-log"
credentials_path = "sa.key"

host = "redis"
port = 6379

Example Usage

Using mosquitto_sub to listen on a topic

mosquitto_sub -p 1883 -t "test" --cafile certs/ca.crt --cert certs/client/client.crt --key certs/client/client.key -d --insecure -V 5 -q 0

Using mosquitto_pub to publish to topic

mosquitto_pub -p 1883 -t "test" -m "test message" --cafi le certs/ca.crt --cert certs/client/client.crt --key certs /client/client.key -d --insecure -V 5 -q 0

Google Cloud

The project is meant to be deployed on a Google Cloud Kubernetes cluster (using Autopilot).

Creating cluster

cd infra
terraform apply

Deploying to cluster

gcloud container clusters get-credentials mcloudtt-dev-cluster --region REGION --project PROJECT_ID
kubectl create -f mcloudtt_manifest.yml


Performance currently is suboptimal. This is because all channels are behind a global Mutex.

  • Stop the reliance on global locks either via per-channel Locks or sharding


This project uses the webpki and ring crates by Brian Smith. For them the following license applies:


For security issues, please refer to the file.


BSchwind's MQTT Broker for the Package En/Decoding