If there's a comprehensive HOWTO for how to 'securely' set up a cloudflare tunnel back to a LAN-hosted weewx+belchertown that would permit realtime updates to work from both LAN and WAN, I sure have never seen one. That would be a great thing to get written, validated, and into the wiki. This has been coming up for 5+ years.
FWIW - I don't let 'anything' talk to my LAN, even through a tunnel. I don't want that risk. Too many bots. Anyway - the websockets connection is between your browser and the remote MQTT broker, so whatever ip address you use has to be reachable from the web browser computer. If you use a FQDN rather than an ip address, that has to be resolvable 'and' reachable from the web browser computer. LAN-only is not hard. Lots of people have done so. Many posts here and in Pat's Belchertown github page. WAN-only is not much harder. Set up a small VM on AWS Lightsail or the like. Set up the webserver https-only and install the MQTT broker there. Have your LAN weewx rsync data to it and also publish MQTT to the MQTT broker. Use 'its' FQDN in all your settings for Belchertown. Basically connect to your Internet site for realtime updates from both LAN and WAN. Of course that means $$$ for the VM and the time/effort to keeping 'that' up securely as it will be under bot attack instantly after it boots up. The AWS consoles are pretty good about letting you lock that down so only https and the secure websockets ports are open. That'll reduce your attack services. Damn bots. Ugh. A minimal nginx + mosquitto VM takes almost zero maintenance if that's all it does and if you lock it down correctly. I think I ssh into my nginx-only site about monthly to see if the auto-updates for the os require a reboot, but it's not zero sustaining labor. On Friday, February 6, 2026 at 9:05:43 AM UTC-8 O S wrote: > Hello all, > > I have resisted installing and configuring MQTT for live data in case I > totally mess things up, but, in a fit of positivity, I decided to have a go > today, and it doesn't work. > > I've used a mix of search engine (AI) advice, this post > <https://www.wxforum.net/index.php?topic=43377.0;wap> and the > instructions on the Belchertown skin page > <https://github.com/poblabs/weewx-belchertown?tab=readme-ov-file#mqtt-and-mqtt-websockets-optional> > . > > I have documented what I did > <https://docmost.thecobwebs.uk/share/moessylnhf/p/enable-live-data-8Zo6w86w7W>, > > and my settings, can someone take a look and see if anything is glaringly > wrong? > > For information, I am running this locally at http://192.168... and > publicly through https://mydomain.co/weewx/belchertown using a > cloudflared tunnel. > > Live updates don't appear to be happening in either scenario though (local > or via https), ultimately, I'd like them working ion the public site (if it > needs to be one or the other). > > Thank you, > Nick. > -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/weewx-user/ff6a88af-4e76-49eb-b5d8-0bc10d974059n%40googlegroups.com.
