diff --git a/README.md b/README.md
index 931962b..3208293 100644
--- a/README.md
+++ b/README.md
@@ -47,13 +47,10 @@ A collection of delicious docker recipes.
 
 ## IoT
 
-- [x] docker-compose-arm
-- [x] hass
-- [x] hass-arm
-- [x] hbdg
-- [x] hbdg-arm
+- [x] hass :+1:
+- [x] hbdg :+1:
 - [x] node-red :+1:
-- [x] node-red-arm :+1:
+- [x] mosquitto :+1:
 
 ## Daemon
 
diff --git a/mosquitto/README.md b/mosquitto/README.md
index b70af29..63899a5 100644
--- a/mosquitto/README.md
+++ b/mosquitto/README.md
@@ -15,7 +15,8 @@ mosquitto:
     - "1883:1883"
     - "8883:8883"
   volumes:
-    - ./mosquitto.conf:/etc/mosquitto/mosquitto.conf
+    - ./data/mosquitto.conf:/etc/mosquitto/mosquitto.conf
+    - ./data/pwfile:/etc/mosquitto/pwfile
     - ./data:/var/lib/mosquitto
   restart: always
 ```
@@ -25,7 +26,7 @@ mosquitto:
 ```
 port 8883
 log_dest stdout
-password_file /var/lib/mosquitto/passwd
+password_file /etc/mosquitto/pwfile
 persistence true
 persistence_location /var/lib/mosquitto
 cafile /var/lib/mosquitto/ca.crt
@@ -34,7 +35,7 @@ keyfile /var/lib/mosquitto/server.key
 require_certificate false
 ```
 
-- `passwd` is managed by [mosquitto_passwd][3].
+- `pwfile` is managed by [mosquitto_passwd][3].
 - TLS keys are generated by [openssl][2].
 
 > It is important to use different certificate subject parameters for your CA,
@@ -43,7 +44,15 @@ require_certificate false
 ## server
 
 ```
+$ mkdir -p data
+$ touch data/mosquitto.conf data/pwfile
 $ docker-compose up -d
+$ docker-compose exec mosquitto sh
+>>> cd /etc/mosquitto
+>>> echo username:password >> data/pwfile
+>>> mosquitto_passwd -U passwd
+>>> exit
+$ docker-compose restart
 $ docker-compose logs -f
 Attaching to mosquitto_mosquitto_1
 mosquitto_1  | 1478107412: mosquitto version 1.4.8 (build date 2016-05-16 14:17:19+0000) starting
@@ -59,7 +68,7 @@ mosquitto_1  | 1478107585: Client mosqpub/38324-Kevins-Ma disconnected.
 ## client
 
 ```bash
-$ mosquitto_sub -d -h 192.168.31.231 -p 8883 --cafile ca.crt --insecure -t hello
+$ mosquitto_sub -d -h 192.168.31.231 -p 8883 --cafile ca.crt --insecure -u username -P password -t hello
 Client mosqsub/38158-Kevins-Ma sending CONNECT
 Client mosqsub/38158-Kevins-Ma received CONNACK
 Client mosqsub/38158-Kevins-Ma sending SUBSCRIBE (Mid: 1, Topic: hello, QoS: 0)
@@ -74,7 +83,7 @@ Client mosqsub/38158-Kevins-Ma received PINGRESP
 ```
 
 ```bash
-$ mosquitto_pub -d -h 192.168.31.231 -p 8883 --cafile ca.crt --insecure -t hello -m world
+$ mosquitto_pub -d -h 192.168.31.231 -p 8883 --cafile ca.crt --insecure -u username -P password -t hello -m world
 Client mosqpub/38324-Kevins-Ma sending CONNECT
 Client mosqpub/38324-Kevins-Ma received CONNACK
 Client mosqpub/38324-Kevins-Ma sending PUBLISH (d0, q0, r0, m1, 'hello', ... (5 bytes))
diff --git a/mosquitto/mosquitto.conf b/mosquitto/data/mosquitto.conf
similarity index 79%
rename from mosquitto/mosquitto.conf
rename to mosquitto/data/mosquitto.conf
index c6ce2fd..0b37f83 100644
--- a/mosquitto/mosquitto.conf
+++ b/mosquitto/data/mosquitto.conf
@@ -1,6 +1,7 @@
 port 8883
 log_dest stdout
-password_file /var/lib/mosquitto/passwd
+allow_anonymous false
+password_file /etc/mosquitto/pwfile
 persistence true
 persistence_location /var/lib/mosquitto
 cafile /var/lib/mosquitto/ca.crt
diff --git a/mosquitto/docker-compose.yml b/mosquitto/docker-compose.yml
index 979ddec..e8bba0e 100644
--- a/mosquitto/docker-compose.yml
+++ b/mosquitto/docker-compose.yml
@@ -4,6 +4,6 @@ mosquitto:
     - "1883:1883"
     - "8883:8883"
   volumes:
-    - ./mosquitto.conf:/etc/mosquitto/mosquitto.conf
+    - ./data/mosquitto.conf:/etc/mosquitto/mosquitto.conf
     - ./data:/var/lib/mosquitto
   restart: always