I am running hassio and mqtt in different docker containers. The ip address assigned to mqtt is 172.17.0.2. My hassio configuration.yaml file is as follows.
Hassio can connect to the mqtt broaker just fine. However the switch which is a sonoff with tasmota can’t connect to the mqtt broker because the ip address for the NUC where Hassio and Mqtt is 192.168.1.131. When I configured Mqtt I told it to listen on port 1883. However for some reason 1883 was not exposed to the outside world. If I use the docker command “docker run --publish=1883:1883 eclipse-mosquitto:latest” to expose 1883 to the outside world all works if I change the mqtt address inside hassio to 192.168.1.131.
I use portainer to manage all my docker containers. Is there a way to expose 1883 to the outside so tasmota switches etc. can get to the broker?
I am very new to docker so please excuse my ignorance in explaining the problem.
Thanks for the help
That docker command looks correct to me (if not a bit sparse compared to mine).
I’m not sure why you are needing to use the docker network IP address to connect to the broker from HA. You should be able to access it at the ip address of the docker host machine at the port setup in your docker command.
Maybe it has something to do with permissions accessing the container.
As I said my docker command has a bunch more environment variables in it as was recommended by the eclipse mosquitto docker hub instructions that I followed at the time.
Thanks for the response. I have solved the problem. I don’t understand why 1883 was not exposed to the outside world but it was not when the container was started. You need 1883 to be exposed to the outside so that tasmota devices can get and send mqtt messages. I fixed the problem using portainer and adding a new container using the same mqtt image but specifying that 1883 is exposed. That worked and I am now up and running.
I have no idea why the original docker run didn’t work. What I did is using Portainer I added a container using the mqtt IMAGE. In the Add function you can force open ports which is what I did then built the new container. Only thing you have to do is change the name.
@budlyte Its likely one of two things. First, by default docker containers are issued their own network by the docker daemon, so think of a container being its own separate machine if you will. By opening the port, you are effectively letting your host machine running the docker daemon listen on whatever port. Ive run into issues with HA in the past with service discovery when these two networks are separate. Instead of opening the port to the container, you may instead want the container to share the same network as the host. You can do this using the --network host flag or in docker compose, network_mode: host.
Second and probably more likely the problem, some ports have special permissions. Typically, by default anything under 3000 is treated as special and requires root permissions to open. This also applies to users created in the container. My guess is the eclipse-mosquitto image be default uses a non-root user, meaning even if you open port 3000, that user isn’t allowed to send over that port. You can specify the user with: --user="root" or in docker-compose, user: root.
Old post but wanted to say that I set host name and use that for connections on docker network. Eliminates danger of IP changing and connection lost. In this case instead of 172.17.0.2:1883 I just use mosquitto:1883
Don’t need to open ports for connection within docker network