BunkerM
🚀 BunkerM: All-in-one Mosquitto MQTT management platform, featuring dynamic security, MQTT ACL management, monitoring,and AI integrations
Install / Use
/learn @bunkeriot/BunkerMREADME
📋 Table of Contents
- What is BunkerM?
- Quick Start
- Core Features
- Feature Comparison
- Community vs BunkerAI
- Troubleshooting
- Support the Project
- Contact & Links
- License
🔍 What is BunkerM?
BunkerM is a free, open-source, containerized MQTT management platform. It bundles Eclipse Mosquitto with a full-featured web dashboard, packaging everything into a single Docker container — one command to get a production-ready MQTT broker with a management UI.
On top of the core broker management, BunkerM includes a local statistical engine (smart anomaly detection) and a local automation engine (schedulers and watchers) that run entirely inside your container. BunkerAI is the AI intelligence layer — an optional cloud service that adds a natural-language assistant to your BunkerM instance, reachable via Telegram, Slack, or a built-in web chat.
What you get out of the box:
- Pre-configured Eclipse Mosquitto broker (MQTT 3.1.1 + 5)
- Web-based ACL management — clients, roles, groups, topic permissions
- Real-time monitoring dashboard, connected clients, and event logs
- MQTT Explorer — live topic tree with publish-from-browser
- Statistical anomaly detection (Z-score, EWMA, spike, silence detectors)
- Local automation agents — cron schedulers and condition-based watchers
- AWS IoT Core and Azure IoT Hub bridge configuration
- Optional BunkerAI subscription — natural-language assistant powered by Claude
🚀 Quick Start
Prerequisites
- Docker installed
Minimal — one command
docker run -d -p 1900:1900 -p 2000:2000 bunkeriot/bunkerm:latest
Open http://localhost:2000 and set up your first Admin account.
| Port | Service |
|------|---------|
| 1900 | MQTT broker |
| 2000 | Web UI |
Default MQTT credentials: username bunker / password bunker
Persistent deployment (recommended)
docker run -d \
-p 1900:1900 \
-p 2000:2000 \
-v mosquitto_data:/var/lib/mosquitto \
-v mosquitto_conf:/etc/mosquitto \
-v auth_data:/data \
bunkeriot/bunkerm:latest
Remote access
docker run -d \
-p 1900:1900 \
-p 2000:2000 \
-e HOST_ADDRESS=<YOUR_IP_OR_DOMAIN> \
bunkeriot/bunkerm:latest
Docker Compose
services:
bunkerm:
image: bunkeriot/bunkerm:latest
ports:
- "1900:1900"
- "2000:2000"
volumes:
- mosquitto_data:/var/lib/mosquitto
- mosquitto_conf:/etc/mosquitto
- auth_data:/data
environment:
- HOST_ADDRESS=localhost # change to your IP/domain for remote access
# - BUNKERAI_API_KEY=bkai_... # optional: connect to BunkerAI
restart: unless-stopped
volumes:
mosquitto_data:
mosquitto_conf:
auth_data:
First steps after launch
- Open http://localhost:2000 and create your Admin account (first-time setup wizard)
- Go to ACL → Clients and create an MQTT client with a username and password
- Connect your MQTT device or client to
localhost:1900using those credentials - Explore the Dashboard to see live broker stats
⭐ Core Features
Broker Dashboard
Real-time overview of your broker health:
- Connected clients count and history
- Message publish/receive rates
- Byte throughput (in/out)
- Subscription and retained message counts
- Recent MQTT connection events (connect, disconnect, subscribe, publish)
🔒 ACL & Client Management
Full dynamic security management powered by Mosquitto's Dynamic Security plugin:
Client Management
- Create, update, and delete MQTT clients
- Set credentials (username + password hash)
- Enable / disable clients individually
- Assign clients to groups
Role Management
- Create roles with fine-grained topic ACL rules
- Define
allow/denypermissions per topic - Wildcard topic support (
#,+) - ACL types:
publishClientSend,subscribeLiteral, and more
Group Management
- Create groups and assign roles to them
- Add / remove clients from groups
- Set role priorities within groups
ACL Import / Export
Back up and restore your complete security configuration in one click:
- Export — downloads a JSON snapshot of all clients (including password hashes), roles, and groups
- Import — upload a previously exported JSON to fully restore your configuration; the broker reloads automatically
- Available in ACL → Clients next to the Create Client button
🔭 MQTT Explorer
Inspect and interact with live broker traffic directly from the browser:
- Live topic tree — full hierarchy of all active topics, refreshed every 3 seconds
- Per-topic metadata — latest value, message count, QoS, retain flag, last-updated timestamp
- Search & filter — instantly narrow the tree by typing a topic path fragment
- Publish panel — send messages from the browser: pick a client, enter a topic, choose payload type (RAW / JSON / XML with built-in validation), set QoS and retain flag
🤖 Smart Anomaly Detection
A fully local statistical engine that continuously monitors your MQTT traffic and raises alerts when behavior deviates from the baseline. No cloud dependency — everything runs inside the container.
How it works
The engine polls the broker every 10 seconds, builds statistical baselines over 1-hour and 24-hour sliding windows, and runs four independent detectors every 60 seconds:
| Detector | What it catches | |----------|-----------------| | Z-score | Values that deviate more than 3σ from the rolling mean | | EWMA | Gradual drift via exponentially weighted moving average | | Spike | Sudden burst in message rate (>3× the 30-minute baseline) | | Silence | Topics that stop publishing for longer than 2× their normal interval |
Alerts are generated with severity levels: low / medium / high / critical.
Monitoring pages (Monitoring sidebar section)
| Page | Description | |------|-------------| | Metrics | Per-topic baselines — mean, std dev, message count for 1h and 24h windows | | Anomalies | All detected anomalies with entity, type, severity, and raw detection context | | Alerts | Actionable alert feed with severity badges and one-click Acknowledge |
⚙️ Agents — Schedulers & Watchers
A local automation engine built into every BunkerM instance. Agents run entirely on your infrastructure — no cloud connectivity required after creation.
Schedulers
Publish MQTT messages on a recurring cron schedule:
- Full cron expression support with built-in presets (every minute, hourly, daily, weekly, etc.)
- Live cron preview showing next 5 run times
- Tracks last fired time and total execution count
- Examples: "turn on pump every day at 06:
