MQTT Integration not working

Dear all,

I am using Chirpstack Gateway OS full and everything is working well except the MQTT integration for the Application server that is why I am asking your help in this category.

I want to use the MQTT integration backend of the Chirpstack Application Server but I have some issues when I want to receive frames.
Indeed I can see with mosquitto_sub the data in the topic gateway/# but nothing in application/#
When I look at the log, the connection to the broker seems OK but nothing happens in related MQTT topics application/#.

Below my configuration:

• Raspberrypi3 b+ with IMST IC880A
• Chirpstack Gateway OS full, version 3.3.2 (so chirpstack application
  server v3.12.1)
• chirpstack-application-server.toml

[general]
log_level=4
password_hash_iterations=1000
log_to_syslog=true

[postgresql]
dsn="postgres://chirpstack_as:chirpstack_as@localhost/chirpstack_as?sslmode=disable"


[application_server]
id="3861fa79-148d-4652-ba25-e5b09e72815a"

  # Integration configures the data integration.
  #
  # This is the data integration which is available for all applications,
  # besides the extra integrations that can be added on a per-application
  # basis.
  [application_server.integration]
  # Payload marshaler.
  #
  # This defines how the MQTT payloads are encoded. Valid options are:
  # * protobuf:  Protobuf encoding
  # * json:      JSON encoding (easier for debugging, but less compact than 'protobuf')
  # * json_v3:   v3 JSON (will be removed in the next major release)
  marshaler="json_v3"

  # Enabled integrations.
  #
  # Enabled integrations are enabled for all applications. Multiple
  # integrations can be configured.
  # Do not forget to configure the related configuration section below for
  # the enabled integrations. Integrations that can be enabled are:
  # * mqtt              - MQTT broker
  # * amqp              - AMQP / RabbitMQ
  # * aws_sns           - AWS Simple Notification Service (SNS)
  # * azure_service_bus - Azure Service-Bus
  # * gcp_pub_sub       - Google Cloud Pub/Sub
  # * kafka             - Kafka distributed streaming platform
  # * postgresql        - PostgreSQL database
  enabled=["mqtt"]

  # MQTT integration backend.
  [application_server.integration.mqtt]
  # Event topic template.
  event_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/event/{{ .EventType }}"

  # Command topic template.
  command_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/command/{{ .CommandType }}"

  # Retain events.
  #
  # The MQTT broker will store the last publised message, when retain events is set
  # to true. When a MQTT client connects and subscribes, it will always receive the
  # last published message.
  retain_events=false

  # MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws)
  #server="tcp://localhost:1883"
  server="tcp://127.0.0.1:1883"
  #server="tcp://192.168.0.1:1883"
  #server="tcp://0.0.0.0:1883"

  # Connect with the given username (optional)
  username=""

  # Connect with the given password (optional)
  password=""

  # Maximum interval that will be waited between reconnection attempts when connection is lost.                                                                                                                                                                                                                                
  # Valid units are 'ms', 's', 'm', 'h'. Note that these values can be combined, e.g. '24h30m15s'.                                                                                                                                                                                                                             
  max_reconnect_interval="1m0s"                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                               
  # Quality of service level                                                                                                                                                                                                                                                                                                   
  #                                                                                                                                                                                                                                                                                                                            
  # 0: at most once                                                                                                                                                                                                                                                                                                            
  # 1: at least once                                                                                                                                                                                                                                                                                                           
  # 2: exactly once                                                                                                                                                                                                                                                                                                            
  #                                                                                                                                                                                                                                                                                                                            
  # Note: an increase of this value will decrease the performance.                                                                                                                                                                                                                                                             
  # For more information: https://www.hivemq.com/blog/mqtt-essentials-part-6-mqtt-quality-of-service-levels                                                                                                                                                                                                                    
  qos=0                                                                                                                                                                                                                                                                                                                        
                                                                                                                                                                                                                                                                                                                               
  # Clean session                                                                                                                                                                                                                                                                                                              
  #                                                                                                                                                                                                                                                                                                                            
  # Set the "clean session" flag in the connect message when this client                                                                                                                                                                                                                                                       
  # connects to an MQTT broker. By setting this flag you are indicating                                                                                                                                                                                                                                                        
  # that no messages saved by the broker for this client should be delivered.                                                                                                                                                                                                                                                  
  clean_session=true                                                                                                                                                                                                                                                                                                          
                                                                                                                                                                                                                                                                                                                               
  # Client ID                                                                                                                                                                                                                                                                                                                  
  #                                                                                                                                                                                                                                                                                                                            
  # Set the client id to be used by this client when connecting to the MQTT                                                                                                                                                                                                                                                    
  # broker. A client id must be no longer than 23 characters. When left blank,                                                                                                                                                                                                                                                 
  # a random id will be generated. This requires clean_session=true.                                                                                                                                                                                                                                                           
  client_id=""                                                                                                                                                                                                                                                                                                                
                                                                                                                                                                                                                                                                                                                               
  # CA certificate file (optional)                                                                                                                                                                                                                                                                                             
  #                                                                                                                                                                                                                                                                                                                            
  # Use this when setting up a secure connection (when server uses ssl://...)                                                                                                                                                                                                                                                  
  # but the certificate used by the server is not trusted by any CA certificate                                                                                                                                                                                                                                                
  # on the server (e.g. when self generated).                                                                                                                                                                                                                                                                                  
  ca_cert=""                                                                                                                                                                                                                                                                                                                  
                                                                                                                                                                                                                                                                                                                               
  # TLS certificate file (optional)                                                                                                                                                                                                                                                                                            
  tls_cert=""                                                                                                                                                                                                                                                                                                                 
                                                                                                                                                                                                                                                                                                                               
  # TLS key file (optional)                                                                                                                                                                                                                                                                                                    
  tls_key=""                                                                                                                                                                                                                                                                                                                  
                                                                                                                                                                                                                                                                                                                               
  [application_server.external_api]                                                                                                                                                                                                                                                                                            
  jwt_secret="verysecret"         

To debug I look at my log with

raspberrypi3:~$ sudo monit restart chirpstack-application-server
raspberrypi3:~$ tail -f /var/log/messages
Sep 10 16:38:11 raspberrypi3 user.info chirpstack-application-server[928]: time="2020-09-10T16:38:11Z" level=info msg="integration: configuring global integrations"
Sep 10 16:38:11 raspberrypi3 user.info chirpstack-application-server[928]: time="2020-09-10T16:38:11Z" level=info msg="integration/mqtt: TLS config is empty"
Sep 10 16:38:11 raspberrypi3 user.info chirpstack-application-server[928]: time="2020-09-10T16:38:11Z" level=info msg="integration/mqtt: connecting to mqtt broker" server="tcp://127.0.0.1:1883"
Sep 10 16:38:11 raspberrypi3 user.info chirpstack-application-server[928]: time="2020-09-10T16:38:11Z" level=info msg="api/as: starting application-server api" bind="0.0.0.0:8001" ca_cert= tls_cert= tls_key=
Sep 10 16:38:11 raspberrypi3 user.info chirpstack-application-server[928]: time="2020-09-10T16:38:11Z" level=info msg="integration/mqtt: connected to mqtt broker"
Sep 10 16:38:11 raspberrypi3 user.info chirpstack-application-server[928]: time="2020-09-10T16:38:11Z" level=info msg="integration/mqtt: subscribing to tx topic" qos=0 topic=application/+/device/+/command/down
Sep 10 16:38:11 raspberrypi3 user.info chirpstack-application-server[928]: time="2020-09-10T16:38:11Z" level=info msg="api/external: starting api server" bind="0.0.0.0:8080" tls-cert= tls-key=
Sep 10 16:38:11 raspberrypi3 user.info chirpstack-application-server[928]: time="2020-09-10T16:38:11Z" level=info msg="api/external: registering rest api handler and documentation endpoint" path=/api
Sep 10 16:38:11 raspberrypi3 user.info chirpstack-application-server[928]: time="2020-09-10T16:38:11Z" level=info msg="api/js: starting join-server api" bind="0.0.0.0:8003" ca_cert= tls_cert= tls_key=
Sep 10 16:38:11 raspberrypi3 authpriv.notice sudo:    admin : TTY=pts/0 ; PWD=/home/admin ; USER=root ; COMMAND=/usr/bin/tail -f /var/log/messages
Sep 10 16:38:11 raspberrypi3 user.err chirpstack-network-server[365]: time="2020-09-10T16:38:11Z" level=error msg="gateway: handle gateway stats error" ctx_id=efaf74e6-f7ca-45c7-b60d-a26ec8cd03ab error="get application-server client error: get application-server client err
Sep 10 16:38:16 raspberrypi3 user.info chirpstack-concentratord-sx1301[505]: Frame received, uplink_id: d7762e5c-5252-4fdd-b711-8e8343128e17, count_us: 2292467156, freq: 868100000, bw: 125000, mod: LoRa, dr: SF12
Sep 10 16:38:16 raspberrypi3 user.info chirpstack-gateway-bridge[613]: time="2020-09-10T16:38:16Z" level=info msg="backend/concentratord: uplink event received" uplink_id=d7762e5c-5252-4fdd-b711-8e8343128e17
Sep 10 16:38:16 raspberrypi3 user.info chirpstack-gateway-bridge[613]: time="2020-09-10T16:38:16Z" level=info msg="integration/mqtt: publishing event" event=up qos=0 topic=gateway/b827ebfffed5b60e/event/up uplink_id=d7762e5c-5252-4fdd-b711-8e8343128e17
Sep 10 16:38:16 raspberrypi3 user.info chirpstack-network-server[365]: time="2020-09-10T16:38:16Z" level=info msg="gateway/mqtt: uplink frame received" gateway_id=b827ebfffed5b60e uplink_id=d7762e5c-5252-4fdd-b711-8e8343128e17
Sep 10 16:38:16 raspberrypi3 user.info chirpstack-network-server[365]: time="2020-09-10T16:38:16Z" level=info msg="uplink: frame(s) collected" ctx_id=bb6210f3-bec6-4b02-af79-970f4956a9ff mtype=UnconfirmedDataUp uplink_ids="[d7762e5c-5252-4fdd-b711-8e8343128e17]"
Sep 10 16:38:16 raspberrypi3 user.warn chirpstack-network-server[365]: time="2020-09-10T16:38:16Z" level=warning msg="creating insecure application-server client" server="localhost:8001"

If you have some ideas or had the same problems I would appreciate some hints.

BR,

PiLiP

You can run chirpstack-application-server configfile to generate a default config file. You should be able to see some MQTT settings in there. It doesn’t look like it’s configured on your side.

Hi,
I regenerate the configfile as suggest but it doesn’t change anything.
Two month ago I had the same issue and I solved it but today with my new install impossible to remember what I have done exactly.

If you have some more ideas I would appreciate some hints.

BR,

PiLiP

It would be good to paste your current config, because the output you provided before is very different from my default config…

example default config:

# Log level
#
# debug=5, info=4, warning=3, error=2, fatal=1, panic=0
log_level=4

# Log to syslog.
#
# When set to true, log messages are being written to syslog.
log_to_syslog=true

# The number of times passwords must be hashed. A higher number is safer as
# an attack takes more time to perform.
password_hash_iterations=100000


# PostgreSQL settings.
#
# Please note that PostgreSQL 9.5+ is required.
[postgresql]
# PostgreSQL dsn (e.g.: postgres://user:password@hostname/database?sslmode=disable).
#
# Besides using an URL (e.g. 'postgres://user:password@hostname/database?sslmode=disable')
# it is also possible to use the following format:
# 'user=chirpstack_as dbname=chirpstack_as sslmode=disable'.
#
# The following connection parameters are supported:
#
# * dbname - The name of the database to connect to
# * user - The user to sign in as
# * password - The user's password
# * host - The host to connect to. Values that start with / are for unix domain sockets. (default is localhost)
# * port - The port to bind to. (default is 5432)
# * sslmode - Whether or not to use SSL (default is require, this is not the default for libpq)
# * fallback_application_name - An application_name to fall back to if one isn't provided.
# * connect_timeout - Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely.
# * sslcert - Cert file location. The file must contain PEM encoded data.
# * sslkey - Key file location. The file must contain PEM encoded data.
# * sslrootcert - The location of the root certificate file. The file must contain PEM encoded data.
#
# Valid values for sslmode are:
#
# * disable - No SSL
# * require - Always SSL (skip verification)
# * verify-ca - Always SSL (verify that the certificate presented by the server was signed by a trusted CA)
# * verify-full - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server host name matches the one in the certificate)
dsn="postgres://chirpstack_as:chirpstack_as_password@localhost/chirpstack_as?sslmode=disable"

# Automatically apply database migrations.
#
# It is possible to apply the database-migrations by hand
# (see https://github.com/brocaar/chirpstack-application-server/tree/master/migrations)
# or let ChirpStack Application Server migrate to the latest state automatically, by using
# this setting. Make sure that you always make a backup when upgrading Lora
# App Server and / or applying migrations.
automigrate=true

# Max open connections.
#
# This sets the max. number of open connections that are allowed in the
# PostgreSQL connection pool (0 = unlimited).
max_open_connections=0

# Max idle connections.
#
# This sets the max. number of idle connections in the PostgreSQL connection
# pool (0 = no idle connections are retained).
max_idle_connections=2


# Redis settings
#
# Please note that Redis 2.6.0+ is required.
[redis]

# Server address or addresses.
#
# Set multiple addresses when connecting to a cluster.
servers=[
  "localhost:6379",
]

# Password.
#
# Set the password when connecting to Redis requires password authentication.
password=""

# Database index.
#
# By default, this can be a number between 0-15.
database=0


# Redis Cluster.
#
# Set this to true when the provided URLs are pointing to a Redis Cluster
# instance.
cluster=false

# Master name.
#
# Set the master name when the provided URLs are pointing to a Redis Sentinel
# instance.
master_name=""

# Connection pool size.
#
# Default (when set to 0) is 10 connections per every CPU.
pool_size=0


# Application-server settings.
[application_server]
# Application-server identifier.
#
# Random UUID defining the id of the application-server installation (used by
# ChirpStack Network Server as routing-profile id).
# For now it is recommended to not change this id.
id="6d5db27e-4ce2-4b2b-b5d7-91f069297178"


  # User authentication
  [application_server.user_authentication]

    # OpenID Connect.
    [application_server.user_authentication.openid_connect]

    # Enable OpenID Connect authentication.
    #
    # Enabling this option replaces password authentication.
    enabled=false

    # Registration enabled.
    #
    # Enabling this will automatically register the user when it is not yet present
    # in the ChirpStack Application Server database. There is no
    # registration form as the user information is automatically received using the
    # OpenID Connect provided information.
    # The user will not be associated with any organization, but in order to
    # facilitate the automatic onboarding of users, it is possible to configure a
    # registration callback URL (next config option).
    registration_enabled=false

    # Registration callback URL.
    #
    # This (optional) endpoint will be called on the registration of the user and
    # can implement the association of the user with an organization, create a new
    # organization, ...
    # ChirpStack Application Server will make a HTTP POST call to this endpoint,
    # with the URL parameter user_id.
    registration_callback_url=""

    # Provider URL.
    # This is the URL of the OpenID Connect provider.
    provider_url=""

    # Client ID.
    client_id=""

    # Client secret.
    client_secret=""

    # Redirect URL.
    #
    # This must contain the ChirpStack Application Server web-interface hostname
    # with '/auth/oidc/callback' path, e.g. https://example.com/auth/oidc/callback.
    redirect_url=""

    # Logout URL.
    #
    # When set, ChirpStack Application Server will redirect to this URL instead
    # of redirecting to the login page.
    logout_url=""

    # Login label.
    #
    # The login label is used in the web-interface login form.
    login_label=""


  # JavaScript codec settings.
  [application_server.codec.js]
  # Maximum execution time.
  max_execution_time="100ms"


  # Integration configures the data integration.
  #
  # This is the data integration which is available for all applications,
  # besides the extra integrations that can be added on a per-application
  # basis.
  [application_server.integration]
  # Payload marshaler.
  #
  # This defines how the MQTT payloads are encoded. Valid options are:
  # * protobuf:  Protobuf encoding
  # * json:      JSON encoding (easier for debugging, but less compact than 'protobuf')
  # * json_v3:   v3 JSON (will be removed in the next major release)
  marshaler="json_v3"


  # Enabled integrations.
  #
  # Enabled integrations are enabled for all applications. Multiple
  # integrations can be configured.
  # Do not forget to configure the related configuration section below for
  # the enabled integrations. Integrations that can be enabled are:
  # * mqtt              - MQTT broker
  # * amqp              - AMQP / RabbitMQ
  # * aws_sns           - AWS Simple Notification Service (SNS)
  # * azure_service_bus - Azure Service-Bus
  # * gcp_pub_sub       - Google Cloud Pub/Sub
  # * kafka             - Kafka distributed streaming platform
  # * postgresql        - PostgreSQL database
  enabled=["mqtt"]


  # MQTT integration backend.
  [application_server.integration.mqtt]
  # Event topic template.
  event_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/event/{{ .EventType }}"

  # Command topic template.
  command_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/command/{{ .CommandType }}"

  # Retain events.
  #
  # The MQTT broker will store the last publised message, when retain events is set
  # to true. When a MQTT client connects and subscribes, it will always receive the
  # last published message.
  retain_events=false

  # MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws)
  server="tcp://localhost:1883"

  # Connect with the given username (optional)
  username=""

  # Connect with the given password (optional)
  password=""

  # Maximum interval that will be waited between reconnection attempts when connection is lost.
  # Valid units are 'ms', 's', 'm', 'h'. Note that these values can be combined, e.g. '24h30m15s'.
  max_reconnect_interval="1m0s"

  # Quality of service level
  #
  # 0: at most once
  # 1: at least once
  # 2: exactly once
  #
  # Note: an increase of this value will decrease the performance.
  # For more information: https://www.hivemq.com/blog/mqtt-essentials-part-6-mqtt-quality-of-service-levels
  qos=0

  # Clean session
  #
  # Set the "clean session" flag in the connect message when this client
  # connects to an MQTT broker. By setting this flag you are indicating
  # that no messages saved by the broker for this client should be delivered.
  clean_session=true

  # Client ID
  #
  # Set the client id to be used by this client when connecting to the MQTT
  # broker. A client id must be no longer than 23 characters. When left blank,
  # a random id will be generated. This requires clean_session=true.
  client_id=""

  # CA certificate file (optional)
  #
  # Use this when setting up a secure connection (when server uses ssl://...)
  # but the certificate used by the server is not trusted by any CA certificate
  # on the server (e.g. when self generated).
  ca_cert=""

  # TLS certificate file (optional)
  tls_cert=""

  # TLS key file (optional)
  tls_key=""


  # AMQP / RabbitMQ.
  [application_server.integration.amqp]
  # Server URL.
  #
  # See for a specification of all the possible options:
  # https://www.rabbitmq.com/uri-spec.html
  url="amqp://guest:guest@localhost:5672"

  # Event routing key template.
  #
  # This is the event routing-key template used when publishing device
  # events.
  event_routing_key_template="application.{{ .ApplicationID }}.device.{{ .DevEUI }}.event.{{ .EventType }}"


  # AWS Simple Notification Service (SNS)
  [application_server.integration.aws_sns]
  # AWS region.
  #
  # Example: "eu-west-1".
  # See also: https://docs.aws.amazon.com/general/latest/gr/rande.html.
  aws_region=""

  # AWS Access Key ID.
  aws_access_key_id=""

  # AWS Secret Access Key.
  aws_secret_access_key=""

  # Topic ARN (SNS).
  topic_arn=""


  # Azure Service-Bus integration.
  [application_server.integration.azure_service_bus]
  # Connection string.
  #
  # The connection string can be found / created in the Azure console under
  # Settings -> Shared access policies. The policy must contain Manage & Send.
  connection_string=""

  # Publish mode.
  #
  # Select either "topic", or "queue".
  publish_mode=""

  # Publish name.
  #
  # The name of the topic or queue.
  publish_name=""


  # Google Cloud Pub/Sub integration.
  [application_server.integration.gcp_pub_sub]
  # Path to the IAM service-account credentials file.
  #
  # Note: this service-account must have the following Pub/Sub roles:
  #  * Pub/Sub Editor
  credentials_file=""

  # Google Cloud project id.
  project_id=""

  # Pub/Sub topic name.
  topic_name=""


  # Kafka integration.
  [application_server.integration.kafka]
  # Brokers, e.g.: localhost:9092.
  brokers=["localhost:9092"]

  # TLS.
  #
  # Set this to true when the Kafka client must connect using TLS to the Broker.
  tls=false

  # Topic for events.
  topic="chirpstack_as"

  # Template for keys included in Kafka messages. If empty, no key is included.
  # Kafka uses the key for distributing messages over partitions. You can use
  # this to ensure some subset of messages end up in the same partition, so
  # they can be consumed in-order. And Kafka can use the key for data retention
  # decisions.  A header "event" with the event type is included in each
  # message. There is no need to parse it from the key.
  event_key_template="application.{{ .ApplicationID }}.device.{{ .DevEUI }}.event.{{ .EventType }}"

  # Username (optional).
  username=""

  # Password (optional).
  password=""


  # PostgreSQL database integration.
  [application_server.integration.postgresql]
  # PostgreSQL dsn (e.g.: postgres://user:password@hostname/database?sslmode=disable).
  dsn=""

  # This sets the max. number of open connections that are allowed in the
  # PostgreSQL connection pool (0 = unlimited).
  max_open_connections=0

  # Max idle connections.
  #
  # This sets the max. number of idle connections in the PostgreSQL connection
  # pool (0 = no idle connections are retained).
  max_idle_connections=2


  # Settings for the "internal api"
  #
  # This is the API used by ChirpStack Network Server to communicate with ChirpStack Application Server
  # and should not be exposed to the end-user.
  [application_server.api]
  # ip:port to bind the api server
  bind="0.0.0.0:8001"

  # ca certificate used by the api server (optional)
  ca_cert=""

  # tls certificate used by the api server (optional)
  tls_cert=""

  # tls key used by the api server (optional)
  tls_key=""

  # Public ip:port of the application-server API.
  #
  # This is used by ChirpStack Network Server to connect to ChirpStack Application Server. When running
  # ChirpStack Application Server on a different host than ChirpStack Network Server, make sure to set
  # this to the host:ip on which ChirpStack Network Server can reach ChirpStack Application Server.
  # The port must be equal to the port configured by the 'bind' flag
  # above.
  public_host="localhost:8001"


  # Settings for the "external api"
  #
  # This is the API and web-interface exposed to the end-user.
  [application_server.external_api]
  # ip:port to bind the (user facing) http server to (web-interface and REST / gRPC api)
  bind="0.0.0.0:8080"

  # http server TLS certificate (optional)
  tls_cert=""

  # http server TLS key (optional)
  tls_key=""

  # JWT secret used for api authentication / authorization
  # You could generate this by executing 'openssl rand -base64 32' for example
  jwt_secret="ESePd/aeVGvSIlmpg+KF+2DEi5wRlUazpIEYePP1yQI="

  # Allow origin header (CORS).
  #
  # Set this to allows cross-domain communication from the browser (CORS).
  # Example value: https://example.com.
  # When left blank (default), CORS will not be used.
  cors_allow_origin=""


  # Settings for the remote multicast setup.
  [application_server.remote_multicast_setup]
  # Synchronization interval.
  sync_interval="1s"

  # Synchronization retries.
  sync_retries=3

  # Synchronization batch-size.
  sync_batch_size=100


  # Settings for the fragmentation-session setup.
  [application_server.fragmentation_session]
  # Synchronization interval.
  sync_interval="1s"

  # Synchronization retries.
  sync_retries=3

  # Synchronization batch-size.
  sync_batch_size=100



# Join-server configuration.
#
# ChirpStack Application Server implements a (subset) of the join-api specified by the
# LoRaWAN Backend Interfaces specification. This API is used by ChirpStack Network Server
# to handle join-requests.
[join_server]
# ip:port to bind the join-server api interface to
bind="0.0.0.0:8003"

# CA certificate (optional).
#
# When set, the server requires a client-certificate and will validate this
# certificate on incoming requests.
ca_cert=""

# TLS server-certificate (optional).
#
# Set this to enable TLS.
tls_cert=""

# TLS server-certificate key (optional).
#
# Set this to enable TLS.
tls_key=""


# Key Encryption Key (KEK) configuration.
#
# The KEK mechanism is used to encrypt the session-keys sent from the
# join-server to the network-server.
#
# The ChirpStack Application Server join-server will use the NetID of the requesting
# network-server as the KEK label. When no such label exists in the set,
# the session-keys will be sent unencrypted (which can be fine for
# private networks).
#
# Please refer to the LoRaWAN Backend Interface specification
# 'Key Transport Security' section for more information.
[join_server.kek]

  # Application-server KEK label.
  #
  # This defines the KEK label used to encrypt the AppSKey (note that the
  # AppSKey is signaled to the NS and on the first received uplink from the
  # NS to the AS).
  #
  # When left blank, the AppSKey will be sent unencrypted (which can be fine
  # for private networks).
  as_kek_label=""

  # KEK set.
  #
  # Example (the [[join_server.kek.set]] can be repeated):
  # [[join_server.kek.set]]
  # # KEK label.
  # label="000000"

  # # Key Encryption Key.
  # kek="01020304050607080102030405060708"


# Metrics collection settings.
[metrics]
# Timezone
#
# The timezone is used for correctly aggregating the metrics (e.g. per hour,
# day or month).
# Example: "Europe/Amsterdam" or "Local" for the the system's local time zone.
timezone="Local"

  # Metrics stored in Redis.
  #
  # The following metrics are stored in Redis:
  # * gateway statistics
  [metrics.redis]
  # Aggregation intervals
  #
  # The intervals on which to aggregate. Available options are:
  # 'MINUTE', 'HOUR', 'DAY', 'MONTH'.
  aggregation_intervals=["MINUTE", "HOUR", "DAY", "MONTH"]

  # Aggregated statistics storage duration.
  minute_aggregation_ttl="2h0m0s"
  hour_aggregation_ttl="48h0m0s"
  day_aggregation_ttl="2160h0m0s"
  month_aggregation_ttl="17520h0m0s"


  # Metrics stored in Prometheus.
  #
  # These metrics expose information about the state of the ChirpStack Network Server
  # instance.
  [metrics.prometheus]
  # Enable Prometheus metrics endpoint.
  endpoint_enabled=false

  # The ip:port to bind the Prometheus metrics server to for serving the
  # metrics endpoint.
  bind=""

  # API timing histogram.
  #
  # By setting this to true, the API request timing histogram will be enabled.
  # See also: https://github.com/grpc-ecosystem/go-grpc-prometheus#histograms
  api_timing_histogram=false


  # Monitoring settings.
  #
  # Note that this replaces the metrics.prometheus configuration. If a
  # metrics.prometheus if found in the configuration then it will fall back
  # to that and the monitoring section is ignored.
  [monitoring]

  # IP:port to bind the monitoring endpoint to.
  #
  # When left blank, the monitoring endpoint will be disabled.
  bind=""

  # Prometheus metrics endpoint.
  #
  # When set to true, Prometheus metrics will be served at '/metrics'.
  prometheus_endpoint=false

  # Prometheus API timing histogram.
  #
  # By setting this to true, the API request timing histogram will be enabled.
  # See also: https://github.com/grpc-ecosystem/go-grpc-prometheus#histograms
  prometheus_api_timing_histogram=false

  # Health check endpoint.
  #
  # When set to true, the healthcheck endpoint will be served at '/health'.
  # When requesting, this endpoint will perform the following actions to
  # determine the health of this service:
  #   * Ping PostgreSQL database
  #   * Ping Redis database
  healthcheck_endpoint=false

I haven’t tried MQTT integration myself, but will give it a shot a bit later today.

Hi,

Here is my current config:

[general]
# Log level
#
# debug=5, info=4, warning=3, error=2, fatal=1, panic=0
log_level=4

# Log to syslog.
#
# When set to true, log messages are being written to syslog.
log_to_syslog=false

# The number of times passwords must be hashed. A higher number is safer as
# an attack takes more time to perform.
password_hash_iterations=100000


# PostgreSQL settings.
#
# Please note that PostgreSQL 9.5+ is required.
[postgresql]
# PostgreSQL dsn (e.g.: postgres://user:password@hostname/database?sslmode=disable).
#
# Besides using an URL (e.g. 'postgres://user:password@hostname/database?sslmode=disable')
# it is also possible to use the following format:
# 'user=chirpstack_as dbname=chirpstack_as sslmode=disable'.
#
# The following connection parameters are supported:
#
# * dbname - The name of the database to connect to
# * user - The user to sign in as
# * password - The user's password
# * host - The host to connect to. Values that start with / are for unix domain sockets. (default is localhost)
# * port - The port to bind to. (default is 5432)
# * sslmode - Whether or not to use SSL (default is require, this is not the default for libpq)
# * fallback_application_name - An application_name to fall back to if one isn't provided.
# * connect_timeout - Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely.
# * sslcert - Cert file location. The file must contain PEM encoded data.
# * sslkey - Key file location. The file must contain PEM encoded data.
# * sslrootcert - The location of the root certificate file. The file must contain PEM encoded data.
#
# Valid values for sslmode are:
#
# * disable - No SSL
# * require - Always SSL (skip verification)
# * verify-ca - Always SSL (verify that the certificate presented by the server was signed by a trusted CA)
# * verify-full - Always SSL (verify that the certification presented by the server was signed by a trusted CA and the server host name matches the one in the certificate)
dsn="postgres://chirpstack_as:chirpstack_as@localhost/chirpstack_as?sslmode=disable"

# Automatically apply database migrations.
#
# It is possible to apply the database-migrations by hand
# (see https://github.com/brocaar/chirpstack-application-server/tree/master/migrations)
# or let ChirpStack Application Server migrate to the latest state automatically, by using
# this setting. Make sure that you always make a backup when upgrading Lora
# App Server and / or applying migrations.
automigrate=true

# Max open connections.
#
# This sets the max. number of open connections that are allowed in the
# PostgreSQL connection pool (0 = unlimited).
max_open_connections=0

# Max idle connections.
#
# This sets the max. number of idle connections in the PostgreSQL connection
# pool (0 = no idle connections are retained).
max_idle_connections=2


# Redis settings
#
# Please note that Redis 2.6.0+ is required.
[redis]

# Server address or addresses.
#
# Set multiple addresses when connecting to a cluster.
servers=[
  "localhost:6379",
]

# Password.
#
# Set the password when connecting to Redis requires password authentication.
password=""

# Database index.
#
# By default, this can be a number between 0-15.
database=0


# Redis Cluster.
#
# Set this to true when the provided URLs are pointing to a Redis Cluster
# instance.
cluster=false

# Master name.
#
# Set the master name when the provided URLs are pointing to a Redis Sentinel
# instance.
master_name=""

# Connection pool size.
#
# Default (when set to 0) is 10 connections per every CPU.
pool_size=0


# Application-server settings.
[application_server]
# Application-server identifier.
#
# Random UUID defining the id of the application-server installation (used by
# ChirpStack Network Server as routing-profile id).
# For now it is recommended to not change this id.
id="6d5db27e-4ce2-4b2b-b5d7-91f069397978"


  # User authentication
  [application_server.user_authentication]

    # OpenID Connect.
    [application_server.user_authentication.openid_connect]

    # Enable OpenID Connect authentication.
    #
    # Enabling this option replaces password authentication.
    enabled=false

    # Registration enabled.
    #
    # Enabling this will automatically register the user when it is not yet present
    # in the ChirpStack Application Server database. There is no
    # registration form as the user information is automatically received using the
    # OpenID Connect provided information.
    # The user will not be associated with any organization, but in order to
    # facilitate the automatic onboarding of users, it is possible to configure a
    # registration callback URL (next config option).
    registration_enabled=false

    # Registration callback URL.
    #
    # This (optional) endpoint will be called on the registration of the user and
    # can implement the association of the user with an organization, create a new
    # organization, ...
    # ChirpStack Application Server will make a HTTP POST call to this endpoint,
    # with the URL parameter user_id.
    registration_callback_url=""

    # Provider URL.
    # This is the URL of the OpenID Connect provider.
    provider_url=""

    # Client ID.
    client_id=""

    # Client secret.
    client_secret=""

    # Redirect URL.
    #
    # This must contain the ChirpStack Application Server web-interface hostname
    # with '/auth/oidc/callback' path, e.g. https://example.com/auth/oidc/callback.
    redirect_url=""

	# Logout URL.
	#
	# When set, ChirpStack Application Server will redirect to this URL instead
	# of redirecting to the login page.
	logout_url=""

    # Login label.
    #
    # The login label is used in the web-interface login form.
    login_label=""


  # JavaScript codec settings.
  [application_server.codec.js]
  # Maximum execution time.
  max_execution_time="100ms"


  # Integration configures the data integration.
  #
  # This is the data integration which is available for all applications,
  # besides the extra integrations that can be added on a per-application
  # basis.
  [application_server.integration]
  # Payload marshaler.
  #
  # This defines how the MQTT payloads are encoded. Valid options are:
  # * protobuf:  Protobuf encoding
  # * json:      JSON encoding (easier for debugging, but less compact than 'protobuf')
  # * json_v3:   v3 JSON (will be removed in the next major release)
  marshaler="json_v3"


  # Enabled integrations.
  #
  # Enabled integrations are enabled for all applications. Multiple
  # integrations can be configured.
  # Do not forget to configure the related configuration section below for
  # the enabled integrations. Integrations that can be enabled are:
  # * mqtt              - MQTT broker
  # * amqp              - AMQP / RabbitMQ
  # * aws_sns           - AWS Simple Notification Service (SNS)
  # * azure_service_bus - Azure Service-Bus
  # * gcp_pub_sub       - Google Cloud Pub/Sub
  # * kafka             - Kafka distributed streaming platform
  # * postgresql        - PostgreSQL database
  enabled=["mqtt"]


  # MQTT integration backend.
  [application_server.integration.mqtt]
  # Event topic template.
  event_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/event/{{ .EventType }}"

  # Command topic template.
  command_topic_template="application/{{ .ApplicationID }}/device/{{ .DevEUI }}/command/{{ .CommandType }}"

  # Retain events.
  #
  # The MQTT broker will store the last publised message, when retain events is set
  # to true. When a MQTT client connects and subscribes, it will always receive the
  # last published message.
  retain_events=false

  # MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws)
  #server="tcp://localhost:1883"
  server="tcp://127.0.0.1:1883"

  # Connect with the given username (optional)
  username=""

  # Connect with the given password (optional)
  password=""

  # Maximum interval that will be waited between reconnection attempts when connection is lost.
  # Valid units are 'ms', 's', 'm', 'h'. Note that these values can be combined, e.g. '24h30m15s'.
  max_reconnect_interval="1m0s"

  # Quality of service level
  #
  # 0: at most once
  # 1: at least once
  # 2: exactly once
  #
  # Note: an increase of this value will decrease the performance.
  # For more information: https://www.hivemq.com/blog/mqtt-essentials-part-6-mqtt-quality-of-service-levels
  qos=0

  # Clean session
  #
  # Set the "clean session" flag in the connect message when this client
  # connects to an MQTT broker. By setting this flag you are indicating
  # that no messages saved by the broker for this client should be delivered.
  clean_session=true

  # Client ID
  #
  # Set the client id to be used by this client when connecting to the MQTT
  # broker. A client id must be no longer than 23 characters. When left blank,
  # a random id will be generated. This requires clean_session=true.
  client_id=""

  # CA certificate file (optional)
  #
  # Use this when setting up a secure connection (when server uses ssl://...)
  # but the certificate used by the server is not trusted by any CA certificate
  # on the server (e.g. when self generated).
  ca_cert=""

  # TLS certificate file (optional)
  tls_cert=""

  # TLS key file (optional)
  tls_key=""


  # AMQP / RabbitMQ.
  [application_server.integration.amqp]
  # Server URL.
  #
  # See for a specification of all the possible options:
  # https://www.rabbitmq.com/uri-spec.html
  url="amqp://guest:guest@localhost:5672"

  # Event routing key template.
  #
  # This is the event routing-key template used when publishing device
  # events.
  event_routing_key_template="application.{{ .ApplicationID }}.device.{{ .DevEUI }}.event.{{ .EventType }}"


  # AWS Simple Notification Service (SNS)
  [application_server.integration.aws_sns]
  # AWS region.
  #
  # Example: "eu-west-1".
  # See also: https://docs.aws.amazon.com/general/latest/gr/rande.html.
  aws_region=""

  # AWS Access Key ID.
  aws_access_key_id=""

  # AWS Secret Access Key.
  aws_secret_access_key=""

  # Topic ARN (SNS).
  topic_arn=""


  # Azure Service-Bus integration.
  [application_server.integration.azure_service_bus]
  # Connection string.
  #
  # The connection string can be found / created in the Azure console under
  # Settings -> Shared access policies. The policy must contain Manage & Send.
  connection_string=""

  # Publish mode.
  #
  # Select either "topic", or "queue".
  publish_mode=""

  # Publish name.
  #
  # The name of the topic or queue.
  publish_name=""


  # Google Cloud Pub/Sub integration.
  [application_server.integration.gcp_pub_sub]
  # Path to the IAM service-account credentials file.
  #
  # Note: this service-account must have the following Pub/Sub roles:
  #  * Pub/Sub Editor
  credentials_file=""

  # Google Cloud project id.
  project_id=""

  # Pub/Sub topic name.
  topic_name=""


  # Kafka integration.
  [application_server.integration.kafka]
  # Brokers, e.g.: localhost:9092.
  brokers=["localhost:9092"]

  # TLS.
  #
  # Set this to true when the Kafka client must connect using TLS to the Broker.
  tls=false

  # Topic for events.
  topic="chirpstack_as"

  # Template for keys included in Kafka messages. If empty, no key is included.
  # Kafka uses the key for distributing messages over partitions. You can use
  # this to ensure some subset of messages end up in the same partition, so
  # they can be consumed in-order. And Kafka can use the key for data retention
  # decisions.  A header "event" with the event type is included in each
  # message. There is no need to parse it from the key.
  event_key_template="application.{{ .ApplicationID }}.device.{{ .DevEUI }}.event.{{ .EventType }}"

  # Username (optional).
  username=""

  # Password (optional).
  password=""


  # PostgreSQL database integration.
  [application_server.integration.postgresql]
  # PostgreSQL dsn (e.g.: postgres://user:password@hostname/database?sslmode=disable).
  dsn=""

  # This sets the max. number of open connections that are allowed in the
  # PostgreSQL connection pool (0 = unlimited).
  max_open_connections=0

  # Max idle connections.
  #
  # This sets the max. number of idle connections in the PostgreSQL connection
  # pool (0 = no idle connections are retained).
  max_idle_connections=2


  # Settings for the "internal api"
  #
  # This is the API used by ChirpStack Network Server to communicate with ChirpStack Application Server
  # and should not be exposed to the end-user.
  [application_server.api]
  # ip:port to bind the api server
  bind="0.0.0.0:8001"

  # ca certificate used by the api server (optional)
  ca_cert=""

  # tls certificate used by the api server (optional)
  tls_cert=""

  # tls key used by the api server (optional)
  tls_key=""

  # Public ip:port of the application-server API.
  #
  # This is used by ChirpStack Network Server to connect to ChirpStack Application Server. When running
  # ChirpStack Application Server on a different host than ChirpStack Network Server, make sure to set
  # this to the host:ip on which ChirpStack Network Server can reach ChirpStack Application Server.
  # The port must be equal to the port configured by the 'bind' flag
  # above.
  public_host="localhost:8001"


  # Settings for the "external api"
  #
  # This is the API and web-interface exposed to the end-user.
  [application_server.external_api]
  # ip:port to bind the (user facing) http server to (web-interface and REST / gRPC api)
  bind="0.0.0.0:8080"

  # http server TLS certificate (optional)
  tls_cert=""

  # http server TLS key (optional)
  tls_key=""

  # JWT secret used for api authentication / authorization
  # You could generate this by executing 'openssl rand -base64 32' for example
  jwt_secret="verysecret"

  # Allow origin header (CORS).
  #
  # Set this to allows cross-domain communication from the browser (CORS).
  # Example value: https://example.com.
  # When left blank (default), CORS will not be used.
  cors_allow_origin=""


  # Settings for the remote multicast setup.
  [application_server.remote_multicast_setup]
  # Synchronization interval.
  sync_interval="1s"

  # Synchronization retries.
  sync_retries=3

  # Synchronization batch-size.
  sync_batch_size=100


  # Settings for the fragmentation-session setup.
  [application_server.fragmentation_session]
  # Synchronization interval.
  sync_interval="1s"

  # Synchronization retries.
  sync_retries=3

  # Synchronization batch-size.
  sync_batch_size=100



# Join-server configuration.
#
# ChirpStack Application Server implements a (subset) of the join-api specified by the
# LoRaWAN Backend Interfaces specification. This API is used by ChirpStack Network Server
# to handle join-requests.
[join_server]
# ip:port to bind the join-server api interface to
bind="0.0.0.0:8003"

# CA certificate (optional).
#
# When set, the server requires a client-certificate and will validate this
# certificate on incoming requests.
ca_cert=""

# TLS server-certificate (optional).
#
# Set this to enable TLS.
tls_cert=""

# TLS server-certificate key (optional).
#
# Set this to enable TLS.
tls_key=""


# Key Encryption Key (KEK) configuration.
#
# The KEK mechanism is used to encrypt the session-keys sent from the
# join-server to the network-server.
#
# The ChirpStack Application Server join-server will use the NetID of the requesting
# network-server as the KEK label. When no such label exists in the set,
# the session-keys will be sent unencrypted (which can be fine for
# private networks).
#
# Please refer to the LoRaWAN Backend Interface specification
# 'Key Transport Security' section for more information.
[join_server.kek]

  # Application-server KEK label.
  #
  # This defines the KEK label used to encrypt the AppSKey (note that the
  # AppSKey is signaled to the NS and on the first received uplink from the
  # NS to the AS).
  #
  # When left blank, the AppSKey will be sent unencrypted (which can be fine
  # for private networks).
  as_kek_label=""

  # KEK set.
  #
  # Example (the [[join_server.kek.set]] can be repeated):
  # [[join_server.kek.set]]
  # # KEK label.
  # label="000000"

  # # Key Encryption Key.
  # kek="01020304050607080102030405060708"


# Metrics collection settings.
[metrics]
# Timezone
#
# The timezone is used for correctly aggregating the metrics (e.g. per hour,
# day or month).
# Example: "Europe/Amsterdam" or "Local" for the the system's local time zone.
timezone="Local"

  # Metrics stored in Redis.
  #
  # The following metrics are stored in Redis:
  # * gateway statistics
  [metrics.redis]
  # Aggregation intervals
  #
  # The intervals on which to aggregate. Available options are:
  # 'MINUTE', 'HOUR', 'DAY', 'MONTH'.
  aggregation_intervals=["MINUTE", "HOUR", "DAY", "MONTH"]

  # Aggregated statistics storage duration.
  minute_aggregation_ttl="2h0m0s"
  hour_aggregation_ttl="48h0m0s"
  day_aggregation_ttl="2160h0m0s"
  month_aggregation_ttl="17520h0m0s"


  # Metrics stored in Prometheus.
  #
  # These metrics expose information about the state of the ChirpStack Network Server
  # instance.
  [metrics.prometheus]
  # Enable Prometheus metrics endpoint.
  endpoint_enabled=false

  # The ip:port to bind the Prometheus metrics server to for serving the
  # metrics endpoint.
  bind=""

  # API timing histogram.
  #
  # By setting this to true, the API request timing histogram will be enabled.
  # See also: https://github.com/grpc-ecosystem/go-grpc-prometheus#histograms
  api_timing_histogram=false


  # Monitoring settings.
  #
  # Note that this replaces the metrics.prometheus configuration. If a
  # metrics.prometheus if found in the configuration then it will fall back
  # to that and the monitoring section is ignored.
  [monitoring]

  # IP:port to bind the monitoring endpoint to.
  #
  # When left blank, the monitoring endpoint will be disabled.
  bind=""

  # Prometheus metrics endpoint.
  #
  # When set to true, Prometheus metrics will be served at '/metrics'.
  prometheus_endpoint=false

  # Prometheus API timing histogram.
  #
  # By setting this to true, the API request timing histogram will be enabled.
  # See also: https://github.com/grpc-ecosystem/go-grpc-prometheus#histograms
  prometheus_api_timing_histogram=false

  # Health check endpoint.
  #
  # When set to true, the healthcheck endpoint will be served at '/health'.
  # When requesting, this endpoint will perform the following actions to
  # determine the health of this service:
  #   * Ping PostgreSQL database
  #   * Ping Redis database
  healthcheck_endpoint=false

That is the default configuration with mqtt enabled.

Thank you,

PiLiP.

Dear all,

Ok I found the solution by reading this post: Getting a UnconfirmedDataUp message in Live LoRaWAN frame logs but no message in Live Event Log

So to resume:

• in chirpstack-application-server I change the public_host variable to 127.0.0.1

# Public ip:port of the application-server API.                                                                                                                                                                                                                                                                              
  #                                                                                                                                                                                                                                                                                                                            
  # This is used by ChirpStack Network Server to connect to ChirpStack Application Server. When running                                                                                                                                                                                                                        
  # ChirpStack Application Server on a different host than ChirpStack Network Server, make sure to set                                                                                                                                                                                                                         
  # this to the host:ip on which ChirpStack Network Server can reach ChirpStack Application Server.                                                                                                                                                                                                                            
  # The port must be equal to the port configured by the 'bind' flag                                                                                                                                                                                                                                                           
  # above.                                                                                                                                                                                                                                                                                                                     
  public_host="127.0.0.1:8001" 

• sudo monit restart chirpstack-application-server
• save the network-server again in the web-interface

And now I can see data in the application topic with mosquitto_sub -h 192.168.0.1 -t “application/#”

BR,

PiLiP