Now that my lock is available through HA, I really want to beef up security.
So I’ve removed the API password, I didn’t see that configured in any of my addons.
I’m now trying to figure out Mosquitto.
Looking in the docs for it, it says:
Install the Mosquitto add-on with the default configuration via ‘Hass.io > ADD-ON STORE’. (Don’t forget to start the add-on & verify that ‘Start on boot’ is enabled.)
Create a new user for MQTT via the Configuration > Users (manage users) . (Note: This name cannot be “homeassistant” or “addon”)
Once back on-line, return to Configuration > Integrations and select configure next to MQTT .
Note: .yaml modifications are not required. See testing your setup to verify the steps above.
It’s working at the moment, but I haven’t set any username and password in the mqtt config or in the HA config.
In the HA, it just reads:
mqtt:
broker: IP
discovery_prefix: homeassistant
So, item 3 in the list, it’s written as if is pointing to the Mosquitto config, but is it the HA config it’s supposed to go into?
What about the mosquitto config, do I need to enter something there as well?
Remove that completely. It is not needed. The mqtt broker is now an integration. Restart after removing it and then go to the Configuration MENU / Integrations page to set up mqtt (step 3).
You should also read the warning on the Mosquitto docs page about setting up an ACL. This is required.
If you want it to be secure you are going to need to set up SSL in the mqtt addon config as well. I’ve never done this so can’t offer any advice here.
1557911492: Socket error on client <unknown>, disconnecting.
1557911492: New connection from 172.30.32.1 on port 1883.
[INFO] found homeassistant on local database
1557911492: Socket error on client <unknown>, disconnecting.
1557911492: New connection from 172.30.32.1 on port 1883.
As I don’t have 172 network locally, I guess it’s the internal container network.
I’ve disabled port 1883 in the config, but that doesn’t seem to have any impact.