Mosquitto listening on two ports (inside/outside LAN)

I have not found a way to initiate a command from my smartphone from outside my WLAN to Node-RED. I tried Telegram (chats arrive at the bot, but do not initiate anything in Node-RED, because they arrive from the wrong direction) and e-mail (polling interval too long). Other push solutions seem to cost some amount and maybe they only send push information TO the phone (?).

So I started playing with Tasker and the MQTT publisher plugin. It works flawlessly within my WLAN. I did not use any user login to mosquitto so far and don't want to change all devices inside the LAN.

Then I started a second mosquitto call with the configuration file:

[...]
port 1888
allow_anonymous false
password_file /etc/mosquitto/mosquitto.pw

and redirected a port xxxx from outside to the port 1888. Surely an extra ssl option would have been useful, but until now I do not see a requirement for that.
The user credentials in the mosquitto.pw file are created with the command mosquitto_passwd.

I could have transferred all desired topics manually from one broker to the other or I could have used the bridge option of Mosquitto.
But then I realised the concept "listener" within Mosquitto, which can define another instance of the first mosquitto listening to another port with different settings.

This is my current configuration: I created the following file

/etc/mosquitto/conf.d/mosquitto2.conf

per_listener_settings true

port 1883 # maybe not required here
allow_anonymous true

listener 1888
allow_anonymous false
password_file /etc/mosquitto/mosquitto2.pw
mount_point external/

With the mount_point option clients from outside only have access to topics starting with "external/", but do not see this extra topic. Mosquitto will add the prefix automatically for all communications via this port.

subcribe to Mosquitto port 1883 (without login): external/phone/start
publish something to Mosquitto port 1888 (with the user credentials from the password file): phone/start
and vice versa.
If you omit the mount_point option the clients from outside have access to all topics (which may be useful for other people). You could also play with ACL rights for certain topics.

Feedback welcome!

Not quite sure what you mean there. I have both command-based and conversation-based controls available on my bots. I can easily control lights for example and query the state of lighting and heating.

Lack of SSL/TLS means that you are sending everything - including your ID and Password in clear text over the Internet. Not really the smartest of approaches.

A reasonable approach - apart from the lack of TLS. Of course, there is always some risk when exposing anything to the Internet. Using a non-standard MQTT port helps with that somewhat as does using id/pw so the risk is quite low.

The advantage of Telegram is that all of the security complexities are dealt with for you and you have a ready-made interface with simple buttons (keyboards as Telegram call them) and conversational interfaces. You also get sound, video and location msg types too along with a common client across multiple platforms. But perhaps the main benefit is that you don't need to allow any inbound connections from the Internet.

I can send messages via Telegram/Android to the bot and let him reply or send messages from the bot from Node-RED to my user id.

I tried to use Telegram from Tasker (Android) via api.telegram.org. But I can send only a chat message as bot and not TO the bot.

https://api.telegram.org/botnumber/sendMessage?chat_id=mychatid@botname&text=Test

That means I cannot send automated (!) messages from my phone to Node-RED via Telegram for example with Tasker!

Can't tasker create a new Telegram msg in a channel? e.g. simulate a user?

Certainly, you cannot have two bots talking to each other because that is a recipe for disaster! That is a deliberate design choice by Telegram.

This topic was automatically closed after 60 days. New replies are no longer allowed.