Install TBMQ PE with Docker (Linux or Mac OS)

• Prerequisites
• Get the license key
• Installation
• Logs, stop and start commands
• Upgrading
  • Backup and restore (Optional)
  • Upgrade from TBMQ CE to TBMQ PE (v2.2.0)
  • Run upgrade
• Enabling MQTTS (MQTT over SSL/TLS)
• Next steps

This guide will help you install and start standalone TBMQ PE using Docker on Linux or macOS. If you are looking for a cluster installation instruction, please visit cluster setup page.

Prerequisites

To run TBMQ PE on a single machine, you will need at least 2Gb of RAM.

• Install Docker

Don’t forget to add your linux user to the docker group. See Manage Docker as a non-root user.

Get the license key

Before proceeding, make sure you’ve selected your subscription plan or chosen to purchase a perpetual license. If you haven’t done this yet, please visit the Pricing page to compare available options and obtain your license key.

Note: Throughout this guide, we’ll refer to your license key as YOUR_LICENSE_KEY_HERE.

Installation

Execute the following commands to download the script that will install and start TBMQ PE:

1
2
wget https://raw.githubusercontent.com/thingsboard/tbmq-pe-docker-compose/release-2.2.0/basic/tbmq-install-and-run.sh &&
sudo chmod +x tbmq-install-and-run.sh && ./tbmq-install-and-run.sh

The script downloads the docker-compose.yml file, creates necessary docker volumes, installs the database for TBMQ, and starts TBMQ. Key configuration points for TBMQ in the docker-compose file:

• TBMQ_LICENSE_SECRET: YOUR_LICENSE_KEY_HERE - placeholder for your license secret obtained earlier;

• 8083:8083 - connect local port 8083 to exposed internal HTTP port 8083;
• 1883:1883 - connect local port 1883 to exposed internal MQTT port 1883;

• 8084:8084 - connect local port 8084 to exposed internal MQTT over WebSockets port 8084;

• tbmq-valkey-data:/data - maps the tbmq-valkey-data volume to TBMQ Valkey database data directory;

• tbmq-postgres-data:/var/lib/postgresql/data - maps the tbmq-postgres-data volume to TBMQ Postgres database data directory;

• tbmq-kafka-data:/var/lib/kafka/data - maps the tbmq-kafka-data volume to Kafka data directory;

• tbmq-logs:/var/log/thingsboard-mqtt-broker - maps the tbmq-logs volume to TBMQ logs directory;
• tbmq-data:/data - maps the tbmq-data volume to TBMQ data directory that contains .firstlaunch file after the DB is installed;
• tbmq - friendly local name of this machine;
• restart: always - automatically start TBMQ in case of system reboot and restart in case of failure.

Update your docker-compose.yml file with the license secret you obtained earlier. Open the file, find the TBMQ_LICENSE_SECRET environment variable, and replace YOUR_LICENSE_KEY_HERE with your actual license secret. After updating the file, restart TBMQ by running the following command.

1
./tbmq-install-and-run.sh

Note: In case the TBMQ is being installed on the same host where ThingsBoard is already running, the following issue can be seen:

1
Error response from daemon: ... Bind for 0.0.0.0:1883 failed: port is already allocated

In order to fix this, you need to expose another host’s port for the TBMQ container, i.e. change the 1883:1883 line in the downloaded docker-compose.yml file with, for example, 1889:1883. After that re-run the script.

1
./tbmq-install-and-run.sh

Once the installation process is complete you can access TBMQ UI by visiting the following URL http://{your-host-ip}:8083 in your browser (e.g. http://localhost:8083).

You should see TBMQ login page. Use the following default credentials for System Administrator:

Username:

1
[email protected]

Password:

1
sysadmin

On the first user log-in you will be asked to change the default password to the preferred one and then re-login using the new credentials.

Logs, stop and start commands

In case of any issues you can examine service logs for errors. For example to see TBMQ logs execute the following command:

1
docker compose logs -f tbmq

To stop the containers:

1
docker compose stop

To start the containers:

1
docker compose start

Upgrading

Review the release notes and upgrade instruction for detailed information on the latest changes.

If the documentation does not cover the specific upgrade instructions for your case, please contact us so we can provide further guidance.

Backup and restore (Optional)

While backing up your PostgreSQL database is highly recommended, it is optional before proceeding with the upgrade. For further guidance, follow the next instructions.

Upgrade from TBMQ CE to TBMQ PE (v2.2.0)

To upgrade your existing TBMQ Community Edition (CE) to TBMQ Professional Edition (PE), ensure you are running the latest TBMQ CE 2.2.0 version before starting the process. Do not forget to configure the license key.

The upgrade procedure requires a file named .tbmq-upgrade.env located in the same directory as your docker-compose.yml. This file is only used during the upgrade.

Create the .tbmq-upgrade.env file

From the directory containing docker-compose.yml, run:

1
2
3
cat > .tbmq-upgrade.env <<'EOF'
JAVA_TOOL_OPTIONS=-Dinstall.upgrade.from_version=ce
EOF

Important Notes

• Required: The upgrade script will fail if .tbmq-upgrade.env is missing.
• After creating the file, proceed with the upgrade process.

Run upgrade

In order to update to the latest version, execute the following commands:

1
2
wget -O tbmq-upgrade.sh https://raw.githubusercontent.com/thingsboard/tbmq-pe-docker-compose/release-2.2.0/basic/tbmq-upgrade.sh &&
sudo chmod +x tbmq-upgrade.sh && ./tbmq-upgrade.sh

NOTE: replace valkey_url, db_url, db_username, and db_password variables in the script with the corresponding values used during DB initialization.

If you need to upgrade to a specific version, such as TBMQ v2.0.0, replace the release branch in the command above with the target branch name, e.g., release-2.0.0.

Enabling MQTTS (MQTT over SSL/TLS)

To enable MQTT over SSL/TLS (MQTTS) in TBMQ, you need to provide valid SSL certificates and configure TBMQ to use them.

For details on supported formats and configuration options, see the MQTT over SSL guide.

Prepare SSL Certificates

Obtain a valid SSL certificate and private key. For example:

• mqttserver.pem – Public certificate (may include the full chain)
• mqttserver_key.pem – Private key

Self-signed certificates are supported for testing, but we recommend using certificates from a trusted Certificate Authority for production environments.

Mount Certificates into the Container

In your docker-compose.yml, mount the directory containing the certificates:

1
2
volumes:
  - PATH_TO_CERTS:/config/certificates

Replace PATH_TO_CERTS with the path to your certificate files. Ensure TBMQ has read access to these files.

Configure Environment Variables

Add the following variables to enable SSL in docker-compose.yml:

1
2
3
4
LISTENER_SSL_ENABLED: "true"
LISTENER_SSL_PEM_CERT: "/config/certificates/mqttserver.pem"
LISTENER_SSL_PEM_KEY: "/config/certificates/mqttserver_key.pem"
LISTENER_SSL_PEM_KEY_PASSWORD: "server_key_password"

Leave LISTENER_SSL_PEM_KEY_PASSWORD empty if your private key is not password-protected.

Expose the MQTTS Port

In docker-compose.yml:

1
2
ports:
  - "8883:8883"

Restart TBMQ

Apply the changes by restarting TBMQ:

1
./tbmq-install-and-run.sh

Once restarted, MQTT clients can securely connect to port 8883 using TLS/SSL.

Next steps

• Getting started guide - This guide provide quick overview of TBMQ.

• Security guide - Learn how to enable authentication and authorization for MQTT clients.

• Configuration guide - Learn about TBMQ configuration files and parameters.

• MQTT client type guide - Learn about TBMQ client types.

• Integration with ThingsBoard - Learn about how to integrate TBMQ with ThingsBoard.