MQTT: Working Mosquitto / CloudMQTT Bridge

HASS can work only with one broker. You have to use bridges. Config bridge on your local broker with cloudmqtt.

Thanks, but no luck. I make a file in /etc/mosquitto/conf.d

I have a cloudmqtt.conf file like picture below.

1580×841 174 KB

MQTT (masquitto server) in configuration.yaml

Here is my working config https://github.com/bastshoes/hass_config

Step 5.

Unfortunately, config in step 5 does not seem to work for me.

Can anyone suggest on how to validate the bridge between Mosquitto and CloudMQTT? Is there any log file for Mosquitto, any way to check that the connection has been established or at least that Moquitto is loading config file properly?

All I was able to grasp from systemctl is:
:Jun 07 20:59:51 hassbian systemd[1]: Started Mosquitto MQTT Broker.

I’m trying to set this up for over couple hours now. Frustration hits the roof.

README in /etc/mosquitto/conf.d clearly states

Any files placed in this directory that have a .conf ending will be loaded as
config files by the broker. Use this to make your local config.

I have setup below conifg as cloudmqtt.conf:

connection couldmqtt
  address <cloudmqtt_address.com>:<port>
  topic # in 1
  try_private true
  notifications false
  start_type automatic
  remote_clientid <user_with_read_access>
  remote_username <username>
  remote_password <password>
  keepalive_interval 300
  cleansession true
  bridge_protocol_version mqttv311
  local_clientid hass
  bridge_cafile /etc/ssl/certs/ca-certificates.crt
  bridge_insecure false

File has read and execute permissions for everybody. No luck. Owntracks component in HA see no devices.

Subscribing to the topic with below command returns no results when messages are published in CloudMQTT:
mosquitto_sub -h 127.0.0.1 -u <username> -P <password> -t <owntracks_topic_in_cloudmqtt>

Ok, I figured it out.

This is the key information:

  #Add line in your main Mosquitto config in "External config files" section

  sudo nano /etc/mosquitton/mosquitto.conf

  include_dir /etc/mosquitto/conf.d

However there is a typo in the path. It is actually /etc/mosquitto/mosquitto.conf
Even though README file states that local config files are loaded, they are not until main Mosquitto config file contains argument include_dir. Just as described above.

Thanks, @Lapatoc!

You can also check Mosquitto logs by running tail -f /var/log/mosquitto/mosquitto.log before service is restarted. If the bridge is configured properly it show the line:
Connecting bridge couldmqtt (<address>:<port>)

Hi everyone,

After reading this post it seems that there is a question not answered.

Is it possible to set up mosquitto to listen to cloudmqtt without the ability to publish to cloudmqtt? From my research, a bridge allows them to talk to each other, whereas I am only interested in mosquitto/HA to listen for updates to cloudmqtt topics.

I am not interested in creating SSL or TLS as I have a different secure way to remotely access my HA. So my HA can listen to things on the internet (aka Owntracks and CloudMQTT) and can push information out (aka PushBullet) but nothing can be pushed to HA or pulled from HA from the internet. (Sorry IFTTT but I don’t trust ya).

Yes you can. Just specify derection in Bridge config

 topic # in 1

This will post all messages from cloudmqtt to your local mqtt

Thanks Lapatoc,

I saw that in the mosquitto guidelines. Do I need to do anything to establish this type of bridge within CloudMQTT or can it be configured locally for this type of read only access? I tried the OP method and it came up connection refused. I ended up uninstalling mosquitto from my PI so I could start over. Below is the section from your github regarding this bridge. What should I change for the unsecure bridge since I have not forwarded my HA ports to the internet?

sudo systemctl stop mosquitto.service
cd /etc/mosquitto/conf.d
sudo nano bridge.conf

  connection couldmqtt
  address <your cloudmqtt account>
  topic # in 1
  try_private true
  notifications false
  start_type automatic
  remote_clientid <your client id>
  remote_username <your user name>
  remote_password <your password>
  keepalive_interval 300
  cleansession true
  bridge_protocol_version mqttv311
  local_clientid hass
  bridge_cafile /etc/ssl/certs/ca-certificates.crt
  bridge_insecure false

  #Add line in your main Mosquitto config in "External config files" section

  sudo nano /etc/mosquitton/mosquitto.conf

  include_dir /etc/mosquitto/conf.d

Thanks Lapatoc for you help!

Set try_private to false and bridge_in secure to true.
Rest should be the same. Use your non ssl cloudmqtt address and port

I struggled with this for several days and wanted to add to the chorus of comments (and thanks to Mukund and others who suggested this solution)

For me, the sticking point was not having

include_dir /etc/mosquitto/conf.d

in my mosquitto.conf file. After I added this, owntracks immediately started working.

If you don’t have this line in your mosquitto,conf file, OP’s very helpful advice to include

connection cloudmqtt
address <Instance Server>:<Instance Port>
remote_username <Instance User>
remote_password <Instance Password>
clientid <A cloudmqtt user with read access>
try_private false
start_type automatic
topic # in

will not be read by mosquitto,

Cheers everyone!

Thanks ! step 5 worked.

Welcome.
Keep in mind that current config only reads data from ColudMQTT. If you need also publish data change direction to both:

topic # both 1

hi , i the above mosquitto configuration

connection cloudmqtt
address xxxxx:TLS PORT
topic # in
try_private true
notifications false
start_type automatic

remote_clientid HomeAssistant
remote_username xxxxx
remote_password xxxx

keepalive_interval 300
cleansession true
bridge_protocol_version mqttv311
local_clientid hass

bridge_cafile /etc/ssl/certs/ca-certificates.crt
bridge_insecure false

and get an error in mosquitto log :
“Connecting bridge cloudmqtt
Socket error on client hass, disconnecting”

any ideas ??

Is there any reason or major downside to setting up Mosquitto to use a second listener with LetsEncrypt and port forwarding to it vs using CloudMQTT at all? For example,

listener 8883
cafile /etc/ssl/certs/DST_Root_CA_X3.pem
certfile /etc/letsencrypt/live/xxxx.duckdns.org/fullchain.pem
keyfile /etc/letsencrypt/live/xxxx.duckdns.org/privkey.pem

I guess the biggest downside I can see is that every device uses the same username/password, but this wouldnt be a big deal for me.

Maybe it is a dumb question or maybe it is because I’m new to HA and haven’t figured everything out yet

But what is the advantage to have a local MQTT Server and an CloudMQTT instance as well. My Owntracks is talking to my local / internal MQTT Server.

Thanks for bringing light into the dark (MY personal dark)

Bye,
Daniel

Did you use the owntracks device tracker with the cloudmqtt bridge?

I’ve managed to get everything working but nothing passes to the owntracks device tracker. If i use the mqtt version I get updates fine, but a long string of information and not the normal home or not_home.

Okay I am missing something and I cannot figure out what it is… hope you guys can spot the problem:
/etc/mosquitto/mosquitto.conf:

pid_file /var/run/mosquitto.pid
user mosquitto
port 1883
listener 9001
protocol websockets
persistence true
persistence_file mosquitto.db
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
log_type all
allow_anonymous false
password_file /etc/mosquitto/pwfile

include_dir /etc/mosquitto/conf.d

/etc/mosquitto/conf.d/cloudmqtt.conf:

connection cloudmqtt
address : m12.cloudmqtt.com:20***
topic #
try_private false
start_type automatic
remote_clientid cloudmqtt-1
remote_username ha
remote_password f**********
local_clientid ha
keepalive_interval 60
bridge_protocol_version mqttv311
bridge_cafile /etc/ssl/certs/ca-certificates.crt
bridge_insecure false
notifications false
try_private true
keepalive_interval 60
cleansession true

configuration.yaml (relevant part):

mqtt:
broker: 192.168.2.50
port: 1883
client_id: home-assistant-1
username: !secret mosquitto_user
password: !secret mosquitto_password
discovery: true
discovery_prefix: homeassistant

device_tracker:

• platform: netgear
  host: 192.168.2.1
  username: !secret router_user
  password: !secret router_password
• platform: owntracks
  max_gps_accuracy: 75

CloudMQTT Setup:

694×636 20.8 KB

this is what the mosquitto.log show after a restart:

1499802396: mosquitto version 1.4.12 (build date Thu, 25 May 2017 22:38:16 +0100) starting
1499802396: Config loaded from /etc/mosquitto/mosquitto.conf.
1499802396: Opening websockets listen socket on port 9001.
1499802396: Opening ipv4 listen socket on port 1883.
1499802396: Opening ipv6 listen socket on port 1883.
1499802396: Bridge ha doing local SUBSCRIBE on topic #
1499802396: Connecting bridge cloudmqtt (´}:0)
1499802397: New connection from 192.168.2.106 on port 1883.

(followed by a bunch of my local devices communicating)
Why does it say Connecting bridge cloudmqtt (´}:0)
shouldn’t that have the address in it?
If I update my location with owntracks I see it in the CloudMQTT websockets tab, but I NEVER see anything on local end (in the log or inside the mosquitto client (subscribed to #) much less inside of HA)
What am I missing… please help, this is driving me crazy.

Daniel
PS: I have both ports 1883 and 8883 open on my router to the rpi.

Hi,
try that configuration

remote_clientid ha
remote_username k
remote_password X

is not necessary to open port if you don’t write to cloudmqtt

Thanks - this worked for me first time.

I have a question about how to ‘partition’ users. At the moment I’ve setup my wife, myself and my daughter’s tablet on owntracks. We’re not keen on our daughter being able to see where we are - is the topic line how we stop her being able to see our location in her owntrack app, or do I do this in CloudMQTT somehow?

Thanks

Thanks for this @Lapatoc