Dear community,
I have flashed a CC2531 usb stick so that I would be able to listen to my Xiaomi sensors without using the proprietary gateway.
From what I understand, I first need to install the Mosquitto add-on MQTT Broker. And this is where I am in trouble. I installed it, it runs but the logs are not looking good: 1583822718: New connection from 172.30.32.1 on port 8883. 1583822718: OpenSSL Error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number 1583822718: Socket error on client <unknown>, disconnecting. 1583822719: Client connection from 172.30.32.1 failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number.
I have hassio and it is open to external using DuckDNS.
While debugging, I have made the mistake of deleting the automatically generated MQTT user and even after uninstalling and installing back the add-on, it is not there anymore.
I have put the default configuration within the add-on settings and I don’t know what to do to make it work.
I have this setup and let’s see if I can help you get this working (im not at all a supertechie). in terms of user to use, I have created a new user specifically for this and it works. see below the user settings (administrator):
Great to hear! If you do not keep your ports exposed externally through your router, it should be safe in my opinion. If you want to use the other ports, likely the setup to use those has to be changed in Zigbee2MQTT and you need SSL active on it. Haven´t tried that myself.
How do I know which one are opened and which one are not?
Is it also possible to restrain some users to only local access? For example, I would like my MQTT user not to be accessible from internet.
Actually, I just removed the 1883 and 1884 ports in Mosquitto MQTT addon.
Here is a part of the log after restarting the addon. It stills open the ports…
1583928191: Opening ipv4 listen socket on port 1883.
1583928191: Opening ipv6 listen socket on port 1883.
1583928191: Opening websockets listen socket on port 1884.
Then, in zigbee2mqtt addon, I do not know what to type in the URL.
I tried mqtts://localhost:8883 and mqtts://homeassistant:8883 but it does not connect to it…
If you use mqtts I would expect you need some kind of certificate. I have not tried it, nor am I too worried about it as I did not open the port on my router to be NAT forwarded, so the port is only used within my LAN.
Anyway, you have a way that works now and can play around or search the forum to get mqtts working if you really want to!
I’m facing the exact same issue when using a completely different add-on (nothing to do with zigbee).
Setup description:
current (113.3) homeassistant
DuckDNS for LetsEncrypt cert management
Mosquitto MQTT broker add-on v.5.1
When using another add-on to connect to Mosquitto via mqtts on port 8883 I get the same error message. When using mqtt on port 1883 all’s well.
A detailed description how to enable secure mqtt communication would be really appreaciated