I have both port 1883 & 8883 forwarded to my internal pi IP, have tried setting it up in SSL.
Here’s the output of the MQTT log:
starting version 3.2.2
1515768578: mosquitto version 1.4.12 (build date 2017-06-01 13:03:48+0000) starting
1515768578: Config loaded from /etc/mosquitto.conf.
1515768578: Opening ipv4 listen socket on port 1883.
1515768578: Opening ipv6 listen socket on port 1883.
1515768578: Warning: Mosquitto should not be run as root/administrator.
Before you do this, what reason do you have for configuring Home Assistant to look at your DUCKDNS hostname for the MQTT server? For what purpose does it need to go OUT of your network, to resolve a device INSIDE your network?
Completely new to this, though the reason I think (probably completely wrong here) I need it to point to my duckdns hostname is because even when I am connected to my network via wifi, I am only able to access HA through the https address.
Ever since i setup HA with Duckdns and lets encrypt, my internal IP for HA stopped working.
But your MQTT broker is not running behind SSL or via domain name. You should be able to connect to it locally just fine. Test with a Chrome Extension/App called MQTT Lens
I really hate the way hassio sets up the cert and domain. This should all be done from a reverse proxy so that it can still be used internally.
I would recommend you DO NOT open your MQTT broker up to the outside world. Unless you absolutely need to access your broker from outside your network, you don’t need to forward any ports for it.
Thanks for your reply cwhits, I’m a complete noob when it comes to this so a lot of what you just said doesn’t make too much sense to me. Though looks like I got it working alright within my network
Home Assistant communicates on the backend with whatever devices you have set up for it. If you are hitting a button on the front end, and it is sending an MQTT message, all of that happens on the backend. You do NOT need to be able to access the MQTT broker from outside the network to send commands through the HA GUI.
Thanks… this helped me get to the built in mqtt of HA from outside world. However what I have done is only for test setup and I most definitely cant take it to the wild as I have no SSL setup for MQTT. Although I do have hassio based lets encrypt SSL setup for hassio front end. Would you be kind enough to please provide some guidance on how I can go about doing this…
Configurator, ssh, duckdns and nginx home assistant SSL proxy enabled
Port 443 on router forwards to hassio.local port 8123
Port 8889 on router forwards to port 1884
On phone the Owntracks preference set to private mqtt
Host set to myname.duckdns.org and port to 8889 with websockets toggle switch is set to on. Also to make this work I had to switch off the TLS toggle under security.
In configuration.yaml I have just typed mqtt: and then under device_tracker i added - platform: owntracks
On configuration.xml under http I have also included the url https://mydomain.duckdns.org:8123 and location for SSL key and SSL cert contrary to the advice on the activation of nginx home assistant SSL proxy because without this the HA was inaccessible both from inside and outside of LAN. I was hoping that enabling this nginx proxy add on will help me avoid being able to access the lP with another url pointing to my home router but that did not happen…but I guess I can keep that for later issue resolution.
I have with above setup a working owntracks mqtt setup reporting my phone correctly so it felt great. What I need help with is to make this work with SSL I.e not needing to switch off the TLS on step 6. When I switch it on, it shows two fields on owntracks app and I am clueless as to what goes there.
If I have messed it up real bad I am to be blamed of course as I must have managed to confuse myself and if not I feel I am quite close to final setup. Either way your help will be hugely appreciated.
Alas I spoke too soon…I was happy that this setup was making the phone report to mqtt but when i switched off wi-fi and tried checking using 4g owntracks gave connection error…so I need more help than stipulated.i can make this setup to make phone location reported while on my local network but not from outside… so help please.
Someone did ask why from outside and I just want to be able to report device location to mqtt so I can know for instance what location a particular device is looking at HA dashboard and not just the status of Home or Away and my understanding is for this to work owntracks must be able to communicate device location even from outside of my network.
I think not. Documentation only says 1883 and 8883. I just assumed your config might apply and for some time it felt as if it did but clearly it was a false positive…:*(
Actually just checked. It says websockets 8080. I will try it now.
