Pricing Try it now
PE ST-RMQTT
Installation > Docker (Windows)
Getting Started Documentation
Architecture API FAQ
On this page

Install ST-RMQTT PE with Docker (Windows)

This guide will help you install and start standalone ST-RMQTT PE using Docker on Windows. If you are looking for a cluster installation instruction, please visit cluster setup page.

Prerequisites

To run ST-RMQTT PE on a single machine, you will need at least 2Gb of RAM.

Get the license key

Before proceeding, make sure you’ve selected your subscription plan or chosen to purchase a perpetual license. If you haven’t done this yet, please visit the Pricing page to compare available options and obtain your license key.

Note: Throughout this guide, we’ll refer to your license key as YOUR_LICENSE_KEY_HERE.

Installation

Execute the following commands to download the script that will install and start ST-RMQTT PE:

Note: make sure the downloaded PowerShell scripts are allowed to run on your system.

  • Open PowerShell (Run as Administrator).
  • (Optional) Get the current execution policy. It determines the level of security for running scripts on a system. For example, if Restricted is returned, it means PowerShell doesn’t execute any scripts.
1
Get-ExecutionPolicy
  • (Optional) Change the current execution policy if required. Set it to the one that will allow you to run PowerShell scripts and the one that suits your security requirements. For example, Unrestricted is the least restrictive setting that allows all scripts to be executed.
1
Set-ExecutionPolicy Unrestricted
  • Install ST-RMQTT
1
2
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/sentient/st-rmqtt-pe-docker-compose/release-2.2.0/basic/windows/st-rmqtt-install-and-run.ps1" `
-OutFile ".\st-rmqtt-install-and-run.ps1"; .\st-rmqtt-install-and-run.ps1

The script downloads the docker-compose.yml file, creates necessary docker volumes, installs the database for ST-RMQTT, and starts ST-RMQTT. Key configuration points for ST-RMQTT in the docker-compose file:

  • ST-RMQTT_LICENSE_SECRET: YOUR_LICENSE_KEY_HERE - placeholder for your license secret obtained earlier;

  • 8083:8083 - connect local port 8083 to exposed internal HTTP port 8083;
  • 1883:1883 - connect local port 1883 to exposed internal MQTT port 1883;
  • 8084:8084 - connect local port 8084 to exposed internal MQTT over WebSockets port 8084;

  • st-rmqtt-valkey-data:/data - maps the st-rmqtt-valkey-data volume to ST-RMQTT Valkey database data directory;

  • st-rmqtt-postgres-data:/var/lib/postgresql/data - maps the st-rmqtt-postgres-data volume to ST-RMQTT Postgres database data directory;

  • st-rmqtt-kafka-data:/var/lib/kafka/data - maps the st-rmqtt-kafka-data volume to Kafka data directory;

  • st-rmqtt-logs:/var/log/sentient-mqtt-broker - maps the st-rmqtt-logs volume to ST-RMQTT logs directory;
  • st-rmqtt-data:/data - maps the st-rmqtt-data volume to ST-RMQTT data directory that contains .firstlaunch file after the DB is installed;
  • st-rmqtt - friendly local name of this machine;
  • restart: always - automatically start ST-RMQTT in case of system reboot and restart in case of failure.
doc warn icon

Update your docker-compose.yml file with the license secret you obtained earlier. Open the file, find the ST-RMQTT_LICENSE_SECRET environment variable, and replace YOUR_LICENSE_KEY_HERE with your actual license secret. After updating the file, restart ST-RMQTT by running the following command.

1
.\st-rmqtt-install-and-run.ps1

Note: In case the ST-RMQTT is being installed on the same host where SENTIENT is already running, the following issue can be seen:

1
Error response from daemon: ... Bind for 0.0.0.0:1883 failed: port is already allocated

In order to fix this, you need to expose another host’s port for the ST-RMQTT container, i.e. change the 1883:1883 line in the downloaded docker-compose.yml file with, for example, 1889:1883. After that re-run the script.

1
.\st-rmqtt-install-and-run.ps1

Once the installation process is complete you can access ST-RMQTT UI by visiting the following URL http://{your-host-ip}:8083 in your browser (e.g. http://localhost:8083).

You should see ST-RMQTT login page. Use the following default credentials for System Administrator:

Username:

1
sysadmin@sentient.org

Password:

1
sysadmin

On the first user log-in you will be asked to change the default password to the preferred one and then re-login using the new credentials.

Logs, stop and start commands

In case of any issues you can examine service logs for errors. For example to see ST-RMQTT logs execute the following command:

1
docker compose logs -f st-rmqtt

To stop the containers:

1
docker compose stop

To start the containers:

1
docker compose start

Upgrading

Review the release notes and upgrade instruction for detailed information on the latest changes.

If the documentation does not cover the specific upgrade instructions for your case, please contact us so we can provide further guidance.

Backup and restore (Optional)

While backing up your PostgreSQL database is highly recommended, it is optional before proceeding with the upgrade. For further guidance, follow the next instructions.

Upgrade from ST-RMQTT CE to ST-RMQTT PE (v2.2.0)

To upgrade your existing ST-RMQTT Community Edition (CE) to ST-RMQTT Professional Edition (PE), ensure you are running the latest ST-RMQTT CE 2.2.0 version before starting the process. Do not forget to configure the license key.

The upgrade procedure requires a file named .st-rmqtt-upgrade.env located in the same directory as your docker-compose.yml. This file is only used during the upgrade.

Create the .st-rmqtt-upgrade.env file (Windows PowerShell)

From the directory containing docker-compose.yml, run:

1
2
3
@'
JAVA_TOOL_OPTIONS=-Dinstall.upgrade.from_version=ce
'@ | Set-Content -Path .st-rmqtt-upgrade.env -Encoding UTF8

Important Notes

  • Required: The upgrade script will fail if .st-rmqtt-upgrade.env is missing.
  • After creating the file, proceed with the upgrade process.

Run upgrade

In order to update to the latest version, execute the following commands:

1
2
Invoke-WebRequest -Uri "https://raw.githubusercontent.com/sentient/st-rmqtt-pe-docker-compose/release-2.2.0/basic/windows/st-rmqtt-upgrade.ps1" `
-OutFile ".\st-rmqtt-upgrade.ps1"; .\st-rmqtt-upgrade.ps1

NOTE: replace valkey_url, db_url, db_username, and db_password variables in the script with the corresponding values used during DB initialization.

Doc info icon

If you need to upgrade to a specific version, such as ST-RMQTT v2.0.0, replace the release branch in the command above with the target branch name, e.g., release-2.0.0.

Enabling MQTTS (MQTT over SSL/TLS)

To enable MQTT over SSL/TLS (MQTTS) in ST-RMQTT, you need to provide valid SSL certificates and configure ST-RMQTT to use them.

For details on supported formats and configuration options, see the MQTT over SSL guide.

Prepare SSL Certificates

Obtain a valid SSL certificate and private key. For example:

  • mqttserver.pem – Public certificate (may include the full chain)
  • mqttserver_key.pem – Private key

Self-signed certificates are supported for testing, but we recommend using certificates from a trusted Certificate Authority for production environments.

Mount Certificates into the Container

In your docker-compose.yml, mount the directory containing the certificates:

1
2
volumes:
  - PATH_TO_CERTS:/config/certificates

Replace PATH_TO_CERTS with the path to your certificate files. Ensure ST-RMQTT has read access to these files.

Configure Environment Variables

Add the following variables to enable SSL in docker-compose.yml:

1
2
3
4
LISTENER_SSL_ENABLED: "true"
LISTENER_SSL_PEM_CERT: "/config/certificates/mqttserver.pem"
LISTENER_SSL_PEM_KEY: "/config/certificates/mqttserver_key.pem"
LISTENER_SSL_PEM_KEY_PASSWORD: "server_key_password"

Leave LISTENER_SSL_PEM_KEY_PASSWORD empty if your private key is not password-protected.

Expose the MQTTS Port

In docker-compose.yml:

1
2
ports:
  - "8883:8883"

Restart ST-RMQTT

Apply the changes by restarting ST-RMQTT:

1
./st-rmqtt-install-and-run.sh

Once restarted, MQTT clients can securely connect to port 8883 using TLS/SSL.

Next steps