Guide to MQTT Broker Remote (outside home) Access with Ngnix Proxy Manager and Cloudflare DNS

Configuration
1

I wanted my laptop to be able to update sensors using Hass.agent via MQTT whenever I travel. I am sure there are other guides out there but I couldnt find them for 2 days and finally with brute force found my own way and writing this guide to help anyone else if someone stumbles upon the same problem.

Go to your cloudflare account and make a DNS record for your own domain. MAKE SURE YOU TURN OFF proxy. It should be DNS ONLY

Web capture_15-6-2023_111156_dash.cloudflare.com
Web capture_15-6-2023_111156_dash.cloudflare.com2472×1774 355 KB

Cloudflare allows the following ports ONLY. Please only choose a port out of them. I could only get 8080 to work for me.

Web capture_15-6-2023_115935_developers.cloudflare.com
Web capture_15-6-2023_115935_developers.cloudflare.com1346×1476 131 KB

I chose HTTP. You could choose HTTPS but it’s a few more hoops to jump through but is more secure. I leave that choice upto you.

Next goto your router and forward the port you chose, in my case, 8080, to where your Ngnix proxy manager lives. In my case 192.168.0.159. Make sure its TCP.

Web capture_15-6-2023_121614_192.168.0.1
Web capture_15-6-2023_121614_192.168.0.12472×1432 181 KB

Goto NGNIX Proxy manager and goto streams not proxy

Web capture_15-6-2023_12514_192.168.0.159
Web capture_15-6-2023_12514_192.168.0.1592472×1450 85.8 KB

Create a new one. Forward the port you chose, in my case, 8080, to your homeassistant server, in my case, 192.168.0.181:1883. 1883 is the port on my MQTT broker for HTTP
Web capture_15-6-2023_12225_192.168.0.159
Web capture_15-6-2023_12225_192.168.0.1592472×1432 105 KB

Web capture_15-6-2023_115725_192.168.0.159
Web capture_15-6-2023_115725_192.168.0.1592472×1450 113 KB

Thats It. You should be able to put your DNS, in my case, emqx.mine.com and port 8080 to reach your MQTT broker at home.

2

Hey, I’m having the same issue (want to be able to access MQTT through my domain name in cloudflare), and this isn’t working for me.

Do you have to specify 8080 somewhere in cloudflare?

I have port forwarding set up on my router to match what you did, and have an A record set up for mqtt.MYDOMAIN.com.

My stream is also set up in NPM like yours is. Not sure what link is broken.

3

Sorry been away from HA community for a while. No, you don’t have to specify the port. These are predefined by cloud flare as open ports that can be used. I don’t believe I did any other settings other than the ones I showed. I did have to tinker with EMQX settings. I have not tried this with mosquito thought.

Just remember, in cloudflare, your DNS ip will be the same as your local NPM ip NOT your home ip address. for me it was 192.168.0.159

In all honesty, I don’t use this setup anymore. The more I read about cyber security and how bad open ports are, the more I have clamped down. In my case a couple sensors data was not worth the risk.