I (surge919) successfully tied in OwnTracks to Home Assistant and SmartThings while using authentication for external access. The MQTT bridge doesn’t support authentication so I set up 2 MQTT instances.
Here are the steps I performed. Hopefully it saves someone else some time.
It seems to be working pretty well but if anyone sees something incorrect in my configuration, please let me know. This is my first real interaction with MQTT.
Here’s a summary of my setup:
Two Docker instances for MQTT
- 1 for internal use (the MQTT bridge for SmartThings - no authentication)
- 1 for external use (for OwnTracks - with authentication)
All Docker configuration files are on my NAS so the Docker containers can be destroyed without affecting my actual configuration files.
$ docker run -ti -p 1883:1883 \ -v /volume1/data/mosquitto-int/config:/mqtt/config:ro \ -v /volume1/data/mosquitto-int/log:/mqtt/log \ -v /volume1/data/mosquitto-int/data/:/mqtt/data/ \ --name mosquitto-int -d toke/mosquitto
$ docker run -ti -p 1884:1883 \ -v /volume1/data/mosquitto-ext/config:/mqtt/config:ro \ -v /volume1/data/mosquitto-ext/log:/mqtt/log \ -v /volume1/data/mosquitto-ext/data/:/mqtt/data/ \ -v /volume1/data/mosquitto-ext/etc:/etc/mosquitto \ --name mosquitto-ext -d toke/mosquitto
Here are the config files:
connection mosquitto-ext persistence_file mosquitto.db try_private true address 10.0.0.20:1884 start_type automatic username test password test notifications true topic owntracks/# in log_type all log_dest file /mqtt/log/mqtt.log log_facility 5
connection mosquitto-int persistence_file mosquitto.db try_private true address 10.0.0.20:1883 start_type automatic username test password test notifications true topic owntracks/# out log_type all log_dest file /mqtt/log/mqtt.log log_facility 5 allow_anonymous false password_file /etc/mosquitto/pwfile
Create a password for
docker exec -it mosquitto-ext /bin/bash cd /etc/mosquitto/ mosquitto_passwd -c /etc/mosquitto/pwfile <userID>
Preferences / Connection / Mode - Private MQTT Fill out Host Identification Security: TLS disabled