Mosquitto broker and owncloud

planet4 · August 9, 2017, 9:23am

Maybe someone can help to get started with this. I use hass.io and have installed the broker via the gui. I have used this config:

{
  "plain": true,
  "ssl": false,
  "anonymous": true,
  "logins": [
{
  "username": "user",
  "password": "password"
}
  ],
  "customize": {
"active": false,
"folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

I have forwared the port in my router. In the configuration.yaml i have

mqtt:
broker: 192.168.0.71

and

device_tracker:
- platform: owntracks

I have used the app on my Iphone and this works fine now. However I am concerned about the security of this setup. I suppose I could use TLS but not sure how to do with the certificate. Or are there any security concerns regarding having this port opened. I do use duck dns but this is to my router as I have other devices published on the outside.

thibmaek · August 9, 2017, 10:24am

OT but might want to recheck your title

forsquirel · August 10, 2017, 1:46am

When in doubt always use security. In fact, Always use security always. Unless you control the channel completely with zero chance of eavesdrop, always use security.

http://owntracks.org/booklet/features/tlscert/

gpbenton · August 10, 2017, 4:50am

This is what can happen if you expose unsecured MQTT to the internet.

planet4 · August 10, 2017, 7:16am

Ok, Point taken. Not really sure how to do this but I suppose I will need the certificate from within hass.io to install on my phone. Where is that located. I also suppose I will need to edit the config file of the broker as shown in the manual. Maybe someone can share the config? As I use a login now I also suppose potentually hackers only could read and not write. Another option would be to use a free public broker.

Another issue I have is that the icons of the phone shows up as a duplicate in HA. My phone is shown 5 times as both home and away. Maybe I missed something here.