MQTT authentication

I’m trying to use an existing mqtt server with custom auth, basically username password auth. From tcpdump logs, it would appear that the service is attempting to open two mqtt connections, but only one uses a user/password. Is there any explanation of the second, and why it doesn’t use a user/pass even though the [integration.mqtt] config includes it?

Output of logs includes

Dec 07 00:21:20 iot chirpstack[544240]: 2023-12-07T00:21:20.487856Z  INFO chirpstack::integration::mqtt: Connected to MQTT broker
Dec 07 00:21:20 iot chirpstack[544240]: 2023-12-07T00:21:20.488249Z  INFO chirpstack::integration::mqtt: Starting MQTT consumer loop
Dec 07 00:21:20 iot chirpstack[544240]: 2023-12-07T00:21:20.488301Z  INFO chirpstack::gateway::backend: Setting up gateway backends for the different regions
Dec 07 00:21:20 iot chirpstack[544240]: 2023-12-07T00:21:20.488737Z  WARN chirpstack::gateway::backend: Config exists, but region is not enabled. To enable it, add 'au915_4' to 'network.enabled_regions'
Dec 07 00:21:20 iot chirpstack[544240]: 2023-12-07T00:21:20.488863Z  INFO chirpstack::gateway::backend: Setting up gateway backend for region region_id=us915_1 region_common_name=US915
Dec 07 00:21:20 iot chirpstack[544240]: 2023-12-07T00:21:20.488994Z  INFO chirpstack::integration::mqtt: Subscribing to command topic command_topic=application/+/device/+/command/+
Dec 07 00:21:20 iot chirpstack[544240]: 2023-12-07T00:21:20.489645Z  INFO chirpstack::gateway::backend::mqtt: Connecting to MQTT broker region_config_id=us915_1 server_uri=tcp://localhost:1883 clean_session=false client_id=9a0dfe3410fcf90c
Dec 07 00:21:22 iot chirpstack[544240]: Error: New MQTT gateway backend error
Dec 07 00:21:22 iot chirpstack[544240]: Caused by:
Dec 07 00:21:22 iot chirpstack[544240]:     0: Connect to MQTT broker
Dec 07 00:21:22 iot chirpstack[544240]:     1: [3] CONNACK return code
Dec 07 00:21:22 iot systemd[1]: chirpstack.service: Main process exited, code=exited, status=1/FAILURE
Dec 07 00:21:22 iot systemd[1]: chirpstack.service: Failed with result 'exit-code'.
Dec 07 00:21:22 iot systemd[1]: chirpstack.service: Scheduled restart job, restart counter is at 3.
Dec 07 00:21:22 iot systemd[1]: Stopped chirpstack.service - ChirpStack open-source LoRaWAN Network Server.
Dec 07 00:21:22 iot systemd[1]: Started chirpstack.service - ChirpStack open-source LoRaWAN Network Server.```

It’s there in the logs, though it may not be obvious. You need to configure MQTT authentication for both the MQTT integration (chirpstack::integration::mqtt:) and the gateway backend (chirpstack::gateway::backend:).

See Configuration - ChirpStack open-source LoRaWAN® Network Server documentation , you’ll find it under both the integration and the regions sections.

These are separate sections of the configuration, and could conceivably point to different servers or use different credentials/topics/ACLs on the same server.

2 Likes

Thanks, I missed that.

Hi, I’m attempting to enable simple authentication in Mosquitto using a username and password. However, I’m having trouble understanding how to make ChirpStack work when authentication is enabled. Could you help me by explaining which files I need to modify for authentication?

For instance, I’m uncertain if I need to add any lines for MQTT authentication in the chirpstack.toml file. Currently, I’ve only added the username and password in regional files like region_us915_0. Could you guide me on which configuration files I need to modify to enable authentication successfully? Thanks.

This covers (simple) authentication in Mosquitto:

If you’re using Docker and need to mount the Mosquitto config directory as a volume, there may be helpful:

I use the same approach as above for simple configurations:

  mqtt:
    image: eclipse-mosquitto:2.0
    ports:
      - "1883:1883"
    volumes:
      - ./volume/mosquitto/config:/mosquitto/config
$ ls volume/mosquitto/config/ 
mosquitto.conf passwd