Access with MQTT client from remote site (tcp:1883)

On v3 i could connect with my mqtt-client “MQTT-Explorer” from remote. Now on v4 that won’t work.
Does it need TLS or other encryption? Even if i don’t wont it for now??

I don’t know of any required changes to MQTT servers with regards to ChirpStack v3 vs. v4. None of the configurations/deployments that I use required any updating.

Mosquitto, specifically, did have a notable change not too long ago with their jump to v2 and disallowing anonymous connections, but I believe that was before ChirpStack v4 was released.

Hmm,

after activating TLS as described here:
https://www.chirpstack.io/docs/guides/mosquitto-tls-configuration.html
mosquitto does not start because of error. Only when i remove the listeners.conf from /etc/mosquitto/conf.d/ it will start.

Unfortunately, mosqitto doesn’t want to reveal exactly what his problem is…

EDIT:

After some changes on the file, it works without TLS… :wink: Ok for the tests…

per_listener_settings true

listener 1883 127.0.0.1
allow_anonymous true

listener 8883 0.0.0.0
#cafile /etc/mosquitto/certs/ca.pem
#certfile /etc/mosquitto/certs/mqtt-server.pem
#keyfile /etc/mosquitto/certs/mqtt-server-key.pem
allow_anonymous true
#was false
require_certificate false
#was true
#use_identity_as_username true
#acl_file /etc/mosquitto/acl

Nevertheless, there is still the error that you cannot create a cert in the integration

The files are owned by root…? Could that be the problem??

Yes, after changed the cert files to 666 (yes, not secure…) the webgui shows the keys…

Please note that this is completely independent from the MQTT broker configuration. Please see this config section:

    # Configuration for MQTT clients.
    [integration.mqtt.client]

      # CA certificate and key file (optional).
      #
      # If setting the CA certificate and key file options, ChirpStack 
      # will generate client certificates which can be used by the MQTT clients for
      # authentication and authorization. The Common Name of the certificate will
      # be set to the ID of the application.
      ca_key=""
      ca_cert=""

      # Certificate lifetime.
      #
      # This defines how long (after generating) the certificate remains valid.
      client_cert_lifetime="12months"

Yes, thanks.

Honestly i have to say, that I have not yet fully understood the function of MQTT in CS. At first I thought it was only used internally. Also because you cannot set individual integrations for the applications, as is the case with Influx. Seems i have to learn more about that.