Hello,
I’ve installed the Mosquitto addon on Hassio as well as Nginx Proxy manager for external access.
For location purpose, i want to track my phone GPS via Owntrack… but the problem is that i’m struggling to get the MQTT component working from the outside.
MQTT isn’t transported over HTTP. You need to have nginx proxy a TCP connection for you.
I do this with with a hand-built configuration, I don’t know if the hass.io plugin has the ability to do that? Perhaps if you select something different that “http” in the “scheme” box, somehow?
In my case, I proxy MQTT-over-TLS from the “outside” to MQTT unencrypted on port 1883 to mosquitto. Just proxying a TCP connection should be even easier.
For the moment, i stopped the idea to get mqtt over nginx platform. I’ll try that maybe later. If you have a solution, don’t hesitate to share it here !
Have you seen tailscale? I installed tailscale on my linux server and also on my HA box using a custom integration. I have access to everything everywhere at all times. No portforwarding, reverse proxies needed at all. Guthub handles the oauth ( and i have 2fa on github) so it’s more secure than anything i could knock together.
Here was my walkthrough:
As long you have a limited number of devices needing remote access to your HA (typically, your phone), Tailscale is far easier and more secure than opening up to the world via a reverse proxy and managing SSL and certificates.
@lmamakos or anyone I know its been a while since you posted this. But would you mind sharing how you hand-built you configuration for MQTT in nginx Proxy Manager? I have redirecting to my home IP WITHOUT proxy. I can connect to Mosquitto just fine, but when I make it go through nginx. I get no response. I have tried almost every setting turned on and off. Going through web sockets. Nothing has worked. How do I use a TCP connection in nginx?
I’m no longer proxying MQTT into Home Assistant as I no longer need that capability. At the time, I had hand-built an nginx configuration to do this. I used the nginx documention on the stream proxy module to implement this.
These days, I’m just using the swag docker container which does the Let’s Encrypt certificate stuff and has configuration for a whole bunch of applications (including HTTP proxy for Home Assistant) available. It doesn’t have any pre-configured MQTT stream proxy available, but it should be relatively easy to add it based on the nginx docs.
I’m running the Home Assistant container distribution on Ubuntu, so I’m not familiar with the “supervised” version and what sort of hooks it has in the web proxy it can make available.
Oh, I managed to find an old backup of the nginx configuration. In /etc/nginx/stream.d/ I had configuration file that looks like this:
server {
listen *:1884 ssl;
listen [::]:1884 ssl;
# Ensure these lines point to your SSL certificate and key
ssl_certificate /etc/letsencrypt/live/ha.xxxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ha.xxxx.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/ha.xxxx.com/fullchain.pem;
include snippets/stream-ssl.conf;
proxy_bind 127.0.0.1;
proxy_connect_timeout 10s;
proxy_pass localhost:1883;
}
It ought to be pretty obvious what’s going on; most of the complexity is around getting the HTTPS/TLS certificate stuff configured. You’ll need to figure that out; but the TLS configuration is essentially the same as for an HTTP/HTTPS server and proxy vs. this stream proxy.
This will save me a lot of headaches and disappointment. Thanks again for your efforts . I am 6 months into this (day job has nothing to do with computers) and honestly cant stop tinkering enough with my setup lol.
. I am 6 months into this (day job has nothing to do with computers) and honestly cant stop tinkering enough with my setup lol.