Hello Vince, OK - thanks for your comments there and I do get most of it! Well. let's help some clever soul produces a how-to for WAN.
The MQTT service appears to have broken weewx, I see: Feb 06 19:25:04 weewx-pi systemd[1]: weewx.service: Main process exited, code=exited, status=1/FAILURE Feb 06 19:25:04 weewx-pi systemd[1]: weewx.service: Failed with result 'exit-code'. .... in the service status, so i have stopped it for now with: sudo service mosquitto stop sudo systemctl stop mosquitto.service Thanks, Nick. On Friday, February 6, 2026 at 7:15:41 PM UTC Vince Skahan wrote: > If there's a comprehensive HOWTO for how to 'securely' set up a cloudflare > tunnel back to a LAN-hosted weewx+belchertown that would permit realtime > updates to work from both LAN and WAN, I sure have never seen one. That > would be a great thing to get written, validated, and into the wiki. This > has been coming up for 5+ years. > > FWIW - I don't let 'anything' talk to my LAN, even through a tunnel. I > don't want that risk. Too many bots. > > Anyway - the websockets connection is between your browser and the remote > MQTT broker, so whatever ip address you use has to be reachable from the > web browser computer. If you use a FQDN rather than an ip address, that > has to be resolvable 'and' reachable from the web browser computer. > > LAN-only is not hard. Lots of people have done so. Many posts here and > in Pat's Belchertown github page. > > WAN-only is not much harder. Set up a small VM on AWS Lightsail or the > like. Set up the webserver https-only and install the MQTT broker there. > Have your LAN weewx rsync data to it and also publish MQTT to the MQTT > broker. Use 'its' FQDN in all your settings for Belchertown. Basically > connect to your Internet site for realtime updates from both LAN and WAN. > > Of course that means $$$ for the VM and the time/effort to keeping 'that' > up securely as it will be under bot attack instantly after it boots up. > The AWS consoles are pretty good about letting you lock that down so only > https and the secure websockets ports are open. That'll reduce your attack > services. Damn bots. Ugh. A minimal nginx + mosquitto VM takes almost > zero maintenance if that's all it does and if you lock it down correctly. > I think I ssh into my nginx-only site about monthly to see if the > auto-updates for the os require a reboot, but it's not zero sustaining > labor. > > On Friday, February 6, 2026 at 9:05:43 AM UTC-8 O S wrote: > >> Hello all, >> >> I have resisted installing and configuring MQTT for live data in case I >> totally mess things up, but, in a fit of positivity, I decided to have a go >> today, and it doesn't work. >> >> I've used a mix of search engine (AI) advice, this post >> <https://www.wxforum.net/index.php?topic=43377.0;wap> and the >> instructions on the Belchertown skin page >> <https://github.com/poblabs/weewx-belchertown?tab=readme-ov-file#mqtt-and-mqtt-websockets-optional> >> . >> >> I have documented what I did >> <https://docmost.thecobwebs.uk/share/moessylnhf/p/enable-live-data-8Zo6w86w7W>, >> >> and my settings, can someone take a look and see if anything is glaringly >> wrong? >> >> For information, I am running this locally at http://192.168... and >> publicly through https://mydomain.co/weewx/belchertown using a >> cloudflared tunnel. >> >> Live updates don't appear to be happening in either scenario though >> (local or via https), ultimately, I'd like them working ion the public site >> (if it needs to be one or the other). >> >> Thank you, >> Nick. >> > -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/weewx-user/448dd2db-c15d-4d2a-8e40-0ad989531876n%40googlegroups.com.
