Re: Anyone successfully using encrypted mosquitto over websockets?
On 2/8/22 12:58 AM, Rémi Bougard wrote: Hi Jeff, On Mon, Feb 07, 2022 at 04:21:37PM -0700, Jeff Ross wrote I don't know the nuts and bolts of your configuration but I think a secure websocket connection must begin with "wss://", so maybe just change ws://ip_cam.openvistas.net:9001/mqtt into wss://ip_cam.openvistas.net:9001/mqtt and it will work ? I hope this helps. Rémi Good idea, Rémi but it doesn't make a change. I'm now looking into using a reverse proxy on my apache2 web server to redirect the mqtt traffic and take care of encryption. Thanks for replying! Jeff
Anyone successfully using encrypted mosquitto over websockets?
Hi all, I've been battling mosquitto and websockets for too long now. I have weewx weather software (https://weewx.com/) running on my firewall (running 386 current) capturing traffic from my weather station to upload to my https web server. mosquitto is supposed to be able to upload the weather changes in real time over websockets to my web server (still on 6.9) and it does so just fine over OpenVPN. mosquitto using the mqtt protocol on port 9001 with ssl disabled can capture and send data up to the webserver, but both Firefox and Chrome will not connect to the websockets port if the traffic is "insecure". Chrome at least has decent error messages: MQTT: Connecting to MQTT Websockets: ip_cam.openvistas.net 9001 (SSL Disabled) paho-mqtt.min.js:37 Mixed Content: The page at 'https://www.starhouse-observatory.org/weather/belchertown/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://ip_cam.openvistas.net:9001/mqtt'. This request has been blocked; this endpoint must be available over WSS. d._doConnect @ paho-mqtt.min.js:37 jquery.min.js:2 Uncaught DOMException: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS. at d._doConnect (https://cdnjs.cloudflare.com/ajax/libs/paho-mqtt/1.1.0/paho-mqtt.min.js:37:251) at d.connect (https://cdnjs.cloudflare.com/ajax/libs/paho-mqtt/1.1.0/paho-mqtt.min.js:31:233) at Client.connect (https://cdnjs.cloudflare.com/ajax/libs/paho-mqtt/1.1.0/paho-mqtt.min.js:70:506) at connect (https://www.starhouse-observatory.org/weather/belchertown/js/belchertown.js?1644249956:1304:12) at HTMLDocument. (https://www.starhouse-observatory.org/weather/belchertown/:148:13) at l (https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js:2:29375) at c (https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js:2:29677) So far, *any* attempt to put this over ssl has failed with a myriad different errors. mosquitto itself has pathetic logging, ktracing the process in an attempt to figure out why has proven fruitless. The real question for the moment is to find out if anyone has got mosquitto/websockets working to push updates out to a web server over an encrypted connection. I know--lots of details lacking here and please accept my apologies in advance--there have been too many iterations to track :-( Feel free to apply the clue-by-four here or in private e-mail. Jeff
