TLS option

[der-peer]

Hey Tom,

great work! Simple and powerful. I like it, especially the easy docker deployment.

Could you maybe add the TLS option for your next release?
Corresponding flow value is "usetls", which is per default "false".
If the config-File option "MQTT_USETLS" could be set to "true", it should also work with replacements in prepare.sh.

Thanks!

P.S.: had a hard time with mosquitto and unencrypted connection. Maybe error was on me, or something between node-red and mosquitto. But as soon as I manually enabled TLS, it worked like a charm.

[pvtom]

Release v1.1 is available supporting the MQTT_USETLS option.
Best regards
Thomas

[der-peer]

hmpf... almost...
the value "tls" is undefined in dashboard_flow.json.
I don't get it, why this breaks something, but redeploy without changing anything sets tls="", then it works.

Thanks for your time & effort 💪

[pvtom]

Hi Peer,
I have only added the setting of the MQTT_USETLS attribute. That also seems to work. But I haven't tested TLS because I don't want to change my environment. What must be behind tls? Can you send me a correctly and completely filled flow.json?
Best regards
Thomas

[der-peer]

Since I'm only a stupid docker user (and have no real idea how you did the magic) I can't provide new files 😁.
After deploying, I went into the Flow Designer, opened the mqtt button and simply redeployed it.
Seems, the missing tls="" prevented successful start. But I only found out by comparing.
In the picture above, it works with the settings seen in "Lokale Änderungen".

I only used the TLS-Version, because without it, node-red did not connect... since all other eight clients in my network work with and without encryption, I guess there might be something with the node-red thingy.

Since I use Letsencrypt certificates, simply enabling TLS is sufficient. For self-signed certificates there would be more work to do. But keep it as simple as it is.

Adding "tls" : "", at around line 19 in file dashboard_flow.json will do the trick, I guess.

Thanks for your great tool
Peer

[pvtom]

Hi Peer,
sorry for my late answer. I had some other issues regarding the rscp2mqtt project.
My question is, is it really enough to include an empty tls - line? I think for a complete definition you need certificates, key files etc.
So it would be great if you can check the flow definition.
You can get the complete flow as a text file by:

using "Export" / "Download" or "Copy to clipboard".
Best regards
Thomas

[der-peer]

Hi Thomas,
you could make it more complicated by implementing a complete certificate chain. But should you? If one is so sophisticated with this stuff, s/he will be able to implement it on her/his own. But on the other hand, the additional work might be not that much: to convince the system of certificate validity, a CA certificate is sufficient in most cases, you won't need client certs for this use case.

Personally, I'm using a LetsEncrypt certificate. Checking the certificate chain of "official" CAs is implemented in the OS, therefore no additional infos are needed then.

I checked the flow. "tls": "", is indeed sufficient, like all the other keys that are there with empty values 🤷‍♂️