Submitted by glyn.hudson on Fri, 16/10/2015 - 14:44
Great work everyone involved in getting emonHub to interface with MQTT, this a significant step forward in interoperability between OpenEnergyMonitor units and other IoT and home automation systems.
Am I correct that emonHub does not currently support MQTT authentication? How difficult would it be to add this function? I think it would be a useful addition. If not possible, maybe mosquitto could be configured to allow unauthenticated connections only from local host and requite authentication from remote connections?
I am looking to open up the MQTT broken on my emonPi to remote subscriptions / publishers. Obviously before opening up the MQTT port to the web I will need to add authentication. Adding authentication to the mosquito is pretty straightforward following the mosquitto instructions. The trickiest part I found wsa upgrading MQTT to the latest version from the mosquitto PPA. I notice the version of MQTT we currently have running on all emonPi's (shipping on pre-build SD card) is an older version of mosquito direct from the Raspbian sources.
emonHub MQTT broker authentication security
Submitted by glyn.hudson on Fri, 16/10/2015 - 14:44Great work everyone involved in getting emonHub to interface with MQTT, this a significant step forward in interoperability between OpenEnergyMonitor units and other IoT and home automation systems.
Am I correct that emonHub does not currently support MQTT authentication? How difficult would it be to add this function? I think it would be a useful addition. If not possible, maybe mosquitto could be configured to allow unauthenticated connections only from local host and requite authentication from remote connections?
I am looking to open up the MQTT broken on my emonPi to remote subscriptions / publishers. Obviously before opening up the MQTT port to the web I will need to add authentication. Adding authentication to the mosquito is pretty straightforward following the mosquitto instructions. The trickiest part I found wsa upgrading MQTT to the latest version from the mosquitto PPA. I notice the version of MQTT we currently have running on all emonPi's (shipping on pre-build SD card) is an older version of mosquito direct from the Raspbian sources.
Add mosquito PPA and update mosquito
$ wget http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key
$ sudo apt-key add mosquitto-repo.gpg.key
$ cd /etc/apt/sources.list.d/
$ sudo wget http://repo.mosquitto.org/debian/mosquitto-wheezy.list
$ apt-get update
$ sudo apt-get install mosquitto -y
Open MQTT port port:
$ sudo iptables -A INPUT -p tcp -m tcp --dport 1883 -j ACCEPT
Save the port rules to be persistent at boot:
$ apt-get install iptables-persistent
Then answer yes to save rules. If you need to edit the rules:
$ sudo nano /etc/iptables/rules.v4
Create MQTT password file with username pi (can be anyusername)
$ sudo mosquitto_passwd -c /etc/mosquitto/passwd pi
...then enter password twice when prompted
Create mosquitto config file to turn on authentication and point to location of password file
Add the following lines to config file in /etc/mosquitto/conf.d
allow_anonymous false
password_file /etc/mosquitto/passwd
Or automate with:
$ sudo su
printf "allow_anonymous false\npassword_file /etc/mosquitto/passwd" >> /etc/mosquitto/conf.d/mosquitto.conf
$ exit