[solved] Mqtt over internet? aka: "How to set up cloudMQTT bridge with Hassio mosquitto broker"

Hey guys,

Need your help on a configuration issue.

Got a hassio running mosquito mqtt at my house and just installed a tasmota sonoff with a water meter in another location with internet connection.

How do I get the readings to my hassio with mqtt?
Do I need to open the mqtt port of my house router and have the sonoff connect to my hassio directly?
Is this safe enough?
Or is there some other middleman I can perhaps use to increase online security?

Thanks in advance,

You could setup a VPN connection between both locations.

No, you need to encrypt the traffic using ssl, or as sjee says, a vpn connection.

You can set up a bridge from the local broker to an external MQTT broker to exchange data. This would mean you did not have to open a port on your router. Unfortunately, I haven’t seen any instructions for doing that with hassio.

What about setting up a MQTT CLoud think tasmota can publish to it.

get the off site on to publish to there

then in HA Load Node red and get node red to read the MQTT cloud and put into HA as a local Mqtt

Thanks for the options guys!
I am no longer in the remote location, but i portforwarded the sonoff so i got access to it.
I guess my only option now is what @myle suggested?

So i have set up a free account on cloud MQTT,
Connected with the off-site tasmota using the username/password given by cloudMQTT
Everything works, tasmota publishes stuff on the cloudMQTT

Question1: I created an extra user on cloudmqtt and connected the tasmota under the new credentials. Although it connects id doesnt publish anything, what should i tweak?
Nevermind, had to give read and write access to the user on a topic using a the box under user management.

Question2: How do i bridge / read the published messages on the cloud server from my HA mosquito broker? I see the option to make a bridge on the cloudmqtt website but it requires an uri in the form of mqtt://user:pass@host:port. That would require me to expose my local mosuitto on the internet right? Am i not supposed to want to avoid this?

What about getting Node Red to Read the CloudMQTT

something like


hope this Help

I have not worked with NodeRed at all, but i figured it out without it.
Here is how i did it, by compiling info from all around the community forums:

  • Register CloudMQTT free account.
  • Ignore the initial un/pw and create two (in my case) new users with their own passwords.
  • In the users page of cloudMQTT, scroll down after creating the users and click topic, select the user, add # (in case you want them in on everything) in the pattern box, then tick read/write access accordingly and add them twice (for muy two users).
  • Then set up the sonoff with the new user/password and ip/port settings to connect to the cloud mqtt.
  • Go check the logs on the mqtt website, to see that the user connected and open the websocket UI to see if its publishing the messages (having teleperiod 10 on the sonoff helps a lot)

Now we need to set up the Hassio mosquitto broker to connect to the cloudmqtt as a bridge:

  • Assuming you already have set up samba share, go to your hassio/share folder and create a new folder called mosquitto.
  • In there, add a new text file and save it as cloudmqtt.conf (any filename should work i think, the important part is the .conf extention)
  • In there, i pasted the following text:
connection cloudmqtt
address cloudmqttIPaddress:PORT #you get these from the details page on cloudMQTT
remote_username HA-USER
remote_password HA-PASS #whatever un/pass you set up for HA above on the cloudmqtt users 
clientid HomeAssistant
try_private false
start_type automatic
topic # in
  • Go to Hass.io addons page on your HA (this usually does not load for me for some reason, i found that selecting the address bar and forcing it by hitting enter speeds up things)
  • Open your Mosquitto Broker addon and change this part from false to true:
  "customize": {
    "active": true,
    "folder": "mosquitto"
  • No fire up your favorite mqtt client app and connect to your HA broker to subscribing to # topic.
  • You should see the messages there.
  • From there, go create your mqtt sensors in the mqtt conf files.

Hope this helps someone looking for the same thing.
It’s just a compilation of information i found on the community forums that worked for me.
Kudos to all the users of the forums who i cant cite for obvious reasons :slight_smile:


10 out 10 didn’t know you could just create a Folder and Add a .conf file to it

here a :beer:

1 Like

Me neither, found the info spread in the forums :slight_smile:


Thanks for the tutorial! I set it up tonight and my Own Tracks says connected but I am not seeing location info for either device_tracker entity. They both show as router only for location tracking.

On the part where it says “topic # in”… should we leave that as is or just do “topic #”?

Full as it is:
“topic # in”


Where exactly do you mean? Because I tried this and got the following error log:

starting version 3.2.2
Error: Unable to open include_dir '/share/mosquitto'.
Error found at /etc/mosquitto.conf:19.
Error: Unable to open configuration file.

Can you paste the settings in your mosquito addon configuration? From within hassio

Here it is

  "plain": true,
  "ssl": false,
  "anonymous": false,
  "logins": [
      "username": "xxxx",
      "password": "xxxx"
  "customize": {
    "active": true,
    "folder": "mosquitto"
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"

and here is where I put the config file


Seems identical to mine.
Your error message sounds like there’s an error to the code and does not let it go further.
Wanna recheck all the code and .conf files in case you are missing some typo?

Btw in no means am i an expert, just consolidated all the info and the steps i followed hoping to help someone out :slight_smile: So any input from other friends here would be very welcome :slight_smile:

1 Like

I created the above example when i was in need to just receive information from clients connected to the mqttcloud.
This filter topic # in enables all published topics from every client to cross the bridge to your mqtt broker but only in that direction

Later when i connected new sonoff devices on the cloud that i needed to control i needed to let the bridge know to let some messages cross the bridge in the oposite direction broker -> bridge -> remote client

If you want all your topics to be published both to the local broker and the cloud mqtt you should change that line to topic # both meaning that it enables all messages (# wildcard) on both directions.

In my case, i didnt want all my home topics and devices to be published online. So i formated the selected topics in this way cmnd/remote_location_name/device_name/rest_of_command (where cmnd is the syntax that tasmota sonoffs use) and i wanted all the topics that contain ***/remote_location_name/*** to be published to the cloudmqtt server.

*The mqtt topics on the remote devices were changed too to reflect this syntax

So i added a new filter to the end of the file and my new mosquitto.conf file is something like this:

connection cloudmqtt
address cloudmqttIPaddress:PORT #you get these from the details page on cloudMQTT
remote_username HA-USER
remote_password HA-PASS #whatever un/pass you set up for HA above on the cloudmqtt users 
clientid HomeAssistant
try_private false
start_type automatic
topic # in
topic +/remote_location_name/# out

The + symbol is a wild card for only one part of the topic (that would be cmnd usually) and the # symbol is a wildcard for multiple topic parts so, a topic cmnd/remote_location_name/device_name/power/on would fit the profile, pass through the filter and get published to the cloudmqtt server for the remote devices to read.

More documentation about configuring your mosquitto.conf file here

Hope this helps.

edit: At some point i had the need to connect more than 5 remote devices which is the maximum allowed per mqtt instance. In that case i just created a second instance and i split my devices between the two:

Had to change my mosquitto.conf to connect to two bridges:

connection cloudmqtt
address cloudmqttIPaddress_1:PORT
remote_username HAUN
remote_password HAPASS
clientid HomeAssistant
try_private false
start_type automatic
topic # in 0
topic +/topic_of_instance_1/# out 0

connection cloudmqtt2
address cloudmqttIPaddress_2:PORT
remote_username HAUN
remote_password HAPASS
clientid HomeAssistant2
try_private false
start_type automatic
topic # in 0
topic +/topic_of_instance_2/# out 0

I found that i need to use different topics between the two bridges, or else it gets messy :slight_smile:


@krash i get this error on the log will you help me please ?

Connecting bridge cloudmqtt (xxx.cloudmqtt.com:xxx)
1537255477: Connection Refused: not authorised

If you are getting this message, double check your CloudMQTT Username and password.

i have checked it it matches

in my cloudmqtt bridges page i see this

this might be the issue ?