Announcement

Collapse
No announcement yet.

Onprem Mosquitto bridge to cloud HiveMQ

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Michael McSharry
    replied
    In mcsMQTT do you have 2 Brokers enabled?

    This is a good find. I will put it in mcsMQTT.pdf for a more permanent reference.

    Leave a comment:


  • Bestgear
    replied
    Hi

    Just closing this thread... still not working with HiveMQ, but have successfully bridged with BeeBotte's free cloud service... so succcess... and no idea why the HiveMQ service would not work for me.

    BeeBotte's service appears better in a lot of respects, not least the dashboards and considerable greater visibility as to what is going on.


    Have fun...and hope this helps someone.


    David

    Leave a comment:


  • Bestgear
    replied
    Originally posted by dmurphy View Post

    Even if you get bridging to work , you will have to expose, trust some external port/host.


    Hi

    Given that the onprem Mosquitto will be making the connection outbound to HiveMQ (if I ever get it working!), then no NAT and no open inbound ports will be require.

    I just cant see/understand why any Mosquitto broker cert is required gven that it connects to HiveMQ as a client - I dont have to faff around with certs when connecting (one the same PC as Mosquitto) to HiveMQ using MQTT Explorer... it just connects and works.

    With all examples online, it weird that no one has bridged HiveMQ with Mosquitto (which must be the most common of all brokers...).

    David

    Leave a comment:


  • Bestgear
    replied
    Thanks Michael

    I was just using "onprem" as a description of its location, ie on my premises as opposed to cloud based.

    HiveMQ support stated that a local cert should not be needed (for bridging mosquitto with their service) - as mosquitto acts as a client when connecting to their cloud service.

    I can connect to the HiveMQ service using MQTT Explorer firectly to the HiveMQ broker and it connects without issue... and can see all my publlshed entities.

    I will persevere as HiveMQ, certainly for home use, is an excellent service... and free....within the bounds of what I certainly would require.


    Thanks, as ever.


    David

    Leave a comment:


  • Michael McSharry
    replied
    Question - in the default mosquitto.conf, there is text that states:

    "For bridge_capath to work correctly, the certificate # files must have ".crt" as the file ending and you must run "openssl rehash # <path to capath>" each time you add/remove a certificate."
    I did a web search for "Onprem Mosquitto" and the only hits that I get are your posts here and HiveMQ. Do you have a specific link to this broker?

    With respect to SSL in mcsMQTT I cannot provide any more guidance than was provided in mcsMQTT.pdf.

    Leave a comment:


  • dmurphy
    replied
    So Michaels configuration and mine are very similar. I don’t have any experience of mqtt bridging.

    That been said here is my use case. I only use one mqtt broker at home ( mosquitto on rpi).

    i have several sensors in an Rv which is always remote (outside my Lan). These sensors are mqtt clients that connect to a broker in my case the local one that has port exposed on firewall. Same as Michael pfsense, port forwarding, to specific ip/port on rpi. The rpi has it’s own firewall and only accepts mqtt traffic from firewall and is not really trusted on the lan. I also use username/password for client/broker. You could use TLS to prevent sniffing…in my case you want to see temp in rv, have at it. Nothing else runs on this rpi.

    Even if you get bridging to work , you will have to expose, trust some external port/host.





    Leave a comment:


  • Bestgear
    replied
    Originally posted by dmurphy View Post
    is that what you are trying to acheive?
    Hi


    I have onprem Mosquitto (predominantly on Windows but have used RPi for testing in this instance), and want to bridge to a cloud MQTT service - ideally HiveMQ due to their "free" plan.

    Use case is that I want to support MQTT from mobile devices to cloud, then bridged back to onprem Mosquitto. At this time I dont want to publish onprem devices to cloud, just consume the data that is published by the mobile devices..

    DMurphy - Which cloud service do you use? I assume by public, you mean all your traffic is visible to all that subscribe to it?

    Google has led me to "Steve's stuff" many times - as you say, an excellent resource.

    Michael - opening up my onprem MQTT to the web was what I was trying to avoid - even using Untangle to protect me, I still prefer to keep inbound traffic to a minimum, however, if I cant get this to bridge, then your setup is plan b!

    Question - in the default mosquitto.conf, there is text that states:

    "For bridge_capath to work correctly, the certificate # files must have ".crt" as the file ending and you must run "openssl rehash # <path to capath>" each time you add/remove a certificate."

    I was not using bridge_capath as the cert was in the mosquitto folder.... could this be an issue and the cert MUST be in a folder elsewhere? I cant see that as an issue - and I have set the bridge_capath to be the mosquitto folder.


    Thanks as ever guys for your time.


    David

    Leave a comment:


  • Michael McSharry
    replied
    I use NAT to route port 1883 to the IP of my LAN MQTT to allow WAN use of MQTT. My client is setup to use xxxx.com as the broker IP where xxxx is my DNS name to get to the pfSense router where my primary LAN is located. mosquitto runs on a RPi on this LAN. My remote location is used only as a sensor source reporting via MQTT, but it should be able to serve as an actuator as well. I am not familiar with the MQTT brokers you are using.

    Leave a comment:


  • dmurphy
    replied
    Btw for mqtt stuff, I like this guy.

    http://www.steves-internet-guide.com...configuration/

    Leave a comment:


  • dmurphy
    replied
    I use mosquitto on rpi at home…….I can connect and publish from public mqtt server for testing purposes and receive messages on home mqtt server. is that what you are trying to acheive?

    Leave a comment:


  • Bestgear
    replied
    Hi

    Surprised no comments....

    I have added a cert, but gets an error which suggests the cert not matching the broker, which is weird as it appears to be a wildcard cert.

    So - different question - anyone using a free cloud mqtt broker bridged back to onprem mosquitto that works!??!


    David

    Leave a comment:


  • Bestgear
    started a topic Onprem Mosquitto bridge to cloud HiveMQ

    Onprem Mosquitto bridge to cloud HiveMQ

    Hi Guys

    I use Mosquitto onprem... and have been doing so for years without issue (both Windows and RPi).

    Been using HiveMQ free MQTT cloud broker too - which works fine in isolation.

    I *cannot* get the onprem Mosquitto to bridge to the HiveMQ cloud (free) service.

    Anyone got this working?

    Error is "Socket error on client" as can be seen in the attachment.

    I can connect to HiveMQ using the same credentials from the same device as Mosquitto and it connects fine without error.

    I have no certificate setup in mosquitto.conf for the bridge as I was advised that it was not required as Mosquitto connects effectivly as a client. Also HIveMQ support suggested try_private false, which is indeed set.

    My feeling is that bridge_capath or bridge_cafile are required.

    Any ideas most welcome.


    David
    Attached Files
Working...
X