Anonymous mqtt broker

fkzle · December 23, 2021, 7:39pm

Hi Folks,

i am desperate.

I need an anonymous mqtt broker, which does not in any way require username and password. I am aware of the security implications whatsoever, but i have dozens of (self-built) temperature sensors, that have no username and password configured. Updating them would force me to open up my walls and disassemble all light switches in my house, so this is not an option.

However: First I tried to use home-assistant addon mosquitto. It was not possible to disable authentication with custom mosquitto.conf (at least i found no way).
I also tried the (dirty hack) with ACL and “topic readwrite #”. This worked partially, but using some username/password for mqtt renders this useless as well.

Then i tried to build my own mosquitto-Addon for homeassistant.
I started by cloning the git-repository and modifying all possible files therein.
Copying the result into “/addons”-Folder, i was able to install my own version. Strangely, changes in config.yaml did show some effect (e.g. changing the name of the addon), but changing the files in “rootfs” did not, in any way.
What i tried was:

changing mosquitto.gtpl by commenting out all lines with “auth” in it
changing “Dockerfile” to not build mosquitto-auth-plugin.so
changing rootfs/etc/services.d/run so that only /share/mosquitto/mosquitto.conf is loaded
changing rootfs/etc/cont-init.d/mosquitto.sh so that no mosquitto.conf is generated by bashio, but my own is used
** This file is apparently not invoked in any way, because additional log output was not shown in the log
adding rootfs/etc/mosquitto/mosquitto.conf to be used by this container

I found out that changing the version-number in config.yaml has an effect on the docker-image which is pulled and executed, which was against my expectations, but anyway.

I am totally out of ideas.

Has anybody had this specific problem? How did you solve it?

BebeMischa · December 23, 2021, 7:51pm

If this still is relevant, it has to be easy as cake:

koying · December 24, 2021, 9:00am

Isn’t installing mosquitto (or any other MQTT broker) on another device not an option?
If tou are really not concerned about security issues, there are cloud-based MQTT as well.

fkzle · December 24, 2021, 9:06am

I wish it would be as easy as that…

Thanks for the link, it is a short summary of all the information pieces that i found in different places.

allow_anonymous true
was one of the first things i tried. This did not work.

The biggest problem i have is that there are no error messages whatsoever.
Using mosquitto_sub -h <ha-ip> - t "#" -v -d on one console and mosquitto_pub -h <ha-ip> -t "/test" -m 123 on the other just does not produce any output on the first one. It should on a correctly configured broker.

@koying I prefer having the broker inside my own network (reliability, privacy).
Using another device for running the broker is the last option, and i don’t really want to take this one.
I refuse to accept that it is impossible to run an anonymous broker on a home assistant os device.

meanwhile i am beyond the point where i just want to have an anonymos mqtt broker - i really want to understand why none of the changes i did to the mqtt-addon have had any effect.

koying · December 24, 2021, 9:30am

Maybe use/look at the old addon:

That one allowed anonymous.

fkzle · December 25, 2021, 3:55am

@koying Sadly, this does not work either:

The command '/bin/bash -o pipefail -c apk add --no-cache --virtual .build-dependencies git=2.24.1-r0 cmake=3.15.5-r0 build-base=0.5-r1 zlib-dev=1.2.11-r3 openssl-dev=1.1.1d-r3 && apk add --no-cache nginx=1.16.1-r6 lua-resty-http=0.15-r0 nginx-mod-http-lua=1.16.1-r6 && git clone --depth=1 https://github.com/hivemq/hivemq-mqtt-web-client.git /app && git checkout "${HIVEMQ}" && git clone --branch "v${LIBWEBSOCKETS}" --depth=1 https://github.com/warmcat/libwebsockets.git /tmp/libwebsockets && mkdir -p /tmp/libwebsockets/build && cd /tmp/libwebsockets/build && cmake .. -DCMAKE_BUILD_TYPE=MinSizeRel -DCMAKE_INSTALL_PREFIX=/usr -DLWS_IPV6=OFF -DLWS_WITHOUT_BUILTIN_GETIFADDRS=ON -DLWS_WITHOUT_CLIENT=ON -DLWS_WITHOUT_EXTENSIONS=ON -DLWS_WITHOUT_TESTAPPS=ON -DLWS_WITH_SHARED=OFF -DLWS_WITH_ZIP_FOPS=OFF -DLWS_WITH_ZLIB=OFF && make && make install && git clone --branch "v${MOSQUITTO}" --depth=1 https://github.com/eclipse/mosquitto.git /tmp/mosquitto && cd /tmp/mosquitto && make WITH_ADNS=no WITH_DOCS=no WITH_MEMORY_TRACKING=no WITH_TLS_PSK=no WITH_WEBSOCKETS=yes prefix=/usr binary && make WITH_DOCS=no install binary && addgroup -S mosquitto && adduser -S -D -H -h /var/empty -s /sbin/nologin -G mosquitto -g mosquitto mosquitto && apk del --no-cache --purge .build-dependencies && rm -fr /etc/nginx /opt/mosquitto.conf /opt/acl /tmp/*' returned a non-zero code: 54

I also tested to modify the /etc/mosquitto/mosquitto.conf file in the running docker image (of the official mosquitto addon). But after that the addon just won’t start and fail with an error “the docker image addon_local_mqtt” already exists" or something like that (cant recall it exactly atm).

The more i see i wonder why docker is so d*** complicated…