Cannot access Mosquitto over Internet through cloudflare

Hi

Possibly off topic but I struggling with a problem I have been unable to resolve.

My setup:-

Node-Red on a raspberry Pi.
My mosquitto mqtt is on the same Pi.
Emoncms self hosted on raspberry Pi.

The access to both is via cloudflare as suggested elsewhere on this forum for security.

I have setup port forwarding on the router and this works perfectly. I can access node-red and emoncms from either the local network or via the internet.

All the mqtt traffic on my local network works perfectly.

I now want to access the mqtt server over the internet so I set up port forwarding for the mqtt server. I am using one of the port numbers that cloudflare supports.

To test I altered a nodered mqtt flow to the internet server address but all I see is *connecting. Alter it back to localhost as it was and it connects straight away.

Is it cloudflare or the mqtt server causing the problem? Is there any way I can establish why I cannot reach the server through cloudflare?

Any thoughts? this has me baffled.

Regards

Ian

I hope you have required a user and password for these, with a good strong password, otherwise your pi and possibly other devices on your network may well already compromised. Switch the port forwarding off immediately and switch off the pi. Even if you are using user/pwd you should also be using https too, though you will probably not immediately be hacked in this case.

Hi

Yes all protected with complex passwords. And all unused ports covered by UFW. Apart from mqtt they have been running exposed for over 2 years without problem.

Ian

Cloudflare is likely to be only handling http traffic and won't know what to do with mqtt packets.

You would need to use mqtt over websockets. To do that, check the mosquitto configuration for enabling websockets, and use ws:// as the prefix to the broker name in the mqtt config node.

1 Like

Thanks

I thought is might be a cloudflare issue. I will try setting up websockets.

Ian