Cannot connect to MQTT via TLS

Question

Cannot connect to MQTT via TLS

farrad opened this issue a year ago · comments

farrad commented a year ago

What type of installation are you running?

Desktop

Which Linux OS are you using?

Linux Mint 21.1

Which version of LNXLink has the issue?

2023.8.0

Describe the problem

My MQTT broker (mosquitto) is configured to accept mqtts connections via port 8883 with TLS encryption.

When server port in my Lnxlink Desktop installation is configured to 8883, no connection to mqtt broker is possible.

For testing purposes I also opened regular port 1883 (without TLS). When changing port in Lnxlink to 1883 everythin works as expected.

How can I configure TLS within Lnxlink?

Additional context

No response

Configuration

mqtt:
  prefix: homeassistant
  clientId: client1
  statsPrefix: monitor/stats
  server: 'server.name'
  port: 8883
  auth:
    user: 'usr'
    pass: 'pwd'
  discovery:
    enabled: true
  lwt:
    enabled: true
    qos: 1
    retain: true
    connectMsg: 'ON'
    disconnectMsg: 'OFF'
update_interval: 5
modules:

Logs

Aug 14 00:01:48 nuc3 systemd[374585]: Started LNXlink.
Aug 14 00:01:49 nuc3 lnxlink[2019599]: INFO:lnxlink:LNXlink 2023.8.0 started: 3.10.6
Aug 14 00:01:49 nuc3 lnxlink[2019599]: INFO:lnxlink:Loaded addons: screenshot, required_restart, update, notify, disk_usage, sys_updates, battery, camera_used, network, webcam, media, suspend, microphone_used, gpu, memory, xdg_open, keep_alive, cpu, fullscreen, bash, boot_select, screen_onoff, shutdown, brightness, idle, restart, send_keys

Phillip · Answer 1 · Mon Aug 14 2023 17:16:51 GMT+0800 (China Standard Time)

Looking at the MQTT client docs, there's a tls_set() method which must be called to enable TLS connections: https://pypi.org/project/paho-mqtt/#client

It currently doesn't seem to be called, so right now it doesn't seem to be possible without changing the code.

Vasilis Koulis · Answer 2 · Thu Aug 17 2023 05:32:34 GMT+0800 (China Standard Time)

I haven't used TLS on mqtt broker so I didn't notice that issue.
Thanks for letting me know.

Vasilis Koulis · Answer 3 · Fri Aug 18 2023 03:24:29 GMT+0800 (China Standard Time)

With the latest commit I've added an option on the configuration to enable TLS.
You should follow the instructions that installs LNXlink as a developer and add the tls option under mqtt/auth like this:

  auth:
    user: user
    pass: pass
    tls: true

I haven't tested it, so I would love your feedback.

farrad · Answer 4 · Sat Aug 19 2023 17:47:58 GMT+0800 (China Standard Time)

@bkbilly I just tested the latest dev version with TLS and it works for me now!

Thank you for quick reply and fix!

Vasilis Koulis · Answer 5 · Sat Aug 19 2023 20:51:25 GMT+0800 (China Standard Time)

I'm happy that it worked for you!
I'll leave this issue open until I publish the next release on September.

Vasilis Koulis · Answer 6 · Sat Sep 02 2023 02:37:32 GMT+0800 (China Standard Time)

Added this feature on LNXlink version 2023.9.0.
If you have a configuration from previous versions, you will have to add the tls option manually.