HiveMQ

Bridge Mosquitto to HiveMQ Cloud

Guys - hope someone can help point me in the right direction.

I have been a long term user of Mosquitto onprem, and want to bridge to HiveMQ Cloud (free).

I have googled and spend several hours playing with mosquitto.conf settings but cannot get HiveMQ messages to bridge down to the onprem Mosquitto.

Mosquitto shows ““Bridge Mosquitto sending CONNECT”… closely followed by " Client local. Mosquitto closed its connection”.

All 56 local mqtt devices work perfectly with Mosquitto and I have three test devices in HiveMQ cloud working fine. I can brown with MQTT Explorer to both brokers and all is working as expected.

I can only assume its something to do with TLS and lack of cert on the local Mosquitto that si wrong but cannot find any means to get capfile for the connection.

Any ideas?

Many thanks for your time.

Hi @BestGear,

A typical pitfall, when trying to bridge mosquitto to HiveMQ is that you have to have the following setting in your mosquitto.conf

try_private false

HiveMQ does not support mosquitto’s proprietary bridging protocol and therefore you need to make sure that the mosquitto acts as a regular MQTT client.

In regards to the CA file:
You should not need a CA file, as the certificates for HiveMQ cloud are signed by a trusted CA.
It’s of course entirely possible that an older system might not have the CA included that we are using.
In this case you can simply created a CA file for yourself, using the openssl s_client

openssl s_client -connect <YOUR-URL>:8883 -showcerts < /dev/null 2> /dev/null | sed -n '/BEGIN/,/END/p' > server.pem

This will create a file called server.pem, which can be used as the CAfile for mosquitto.

Regards,
Florian from the HiveMQ Team.

Thank you Florian for the quick reply.

I have checked, and already had try_private false set.

Can I view logs somewhere on HiveMQ to see what errors it is seeing?

I have not ventured near certs based on what you said previously.

I have attached the only (recurring) mosquitto error that I am seeing…

Could this mean that the connection is actually ok, but the topic is set wrongly? (currently topic # in 0 in mosquitto.conf).

David

Hi

Still no joy here.

Can I just confirm that the free HiveMQ does support a bridge?

I have installed mosquitto now on RPi… (was on Windows) and still no joy.

I can connect to HiveMQ from the same device using MQTT explorer for example without error using the same credentials.

See attached error.

My gut feel is that either bridge_capath or bridge_cafile is required.

David

Hi

Added a cert using your openssl approach above… still no joy…

DOH!

Hi BestGear,
where di you install your mosquitto ? on a synology ? i may need the same …

Hi

Installed Mosquitto on Windows 10 as well as RPi… same error from both platforms.

I have been playing with certs and stuck with a “certificate verify fail” error.

See attached image below.

My only remaining try is to rehash the cert - which I have read may be an issue - which is weird as the cert does verify correctly when using one of the many online cert validators.

Note that I have insecure mode set - which I understood told Mosquitto to ignore an invalid cert (ie the host name does not match the cert … and HiveMQ is a wildcard cert from what I see).

I have not been able to even verify if the free HiveMQ product supports bridges!

Next idea… install HiveMQ locally… see if that works.

David

Hello, David.
Are you done with your problem yet?
I’ve just found the solution and wanna share it with you.
Here’s is my config:

mosquitto.conf

connection hivemq
address broker.hivemq.com:1883
topic # both 1
bridge_protocol_version mqttv311
try_private false
notifications false
bridge_attempt_unsubscribe false

end

I hope it’ll be useful.
BR, Vladimir

1 Like

Hello,

I faced the same problem as described in this thread.
I finally managed to get it working with non secure connection to hive. I works for me with the following configuration:

persistence true
persistence_location /var/lib/mosquitto/

log_dest file /var/log/mosquitto/mosquitto.log

include_dir /etc/mosquitto/conf.d
allow_anonymous true

bind_address 0.0.0.0

connection hivemq
address broker.hivemq.com:1883

topic mytopic both 0
bridge_protocol_version mqttv311
try_private false
notifications false
bridge_attempt_unsubscribe false
bridge_insecure true

Messages published to my mosquitto local boker are published also to hivemq broker. When I publish to hivemq broker the client subscribing to my local broker gets the message. So, it works in both ways. Great!

However, my aim is to configure broker supporting ssl/tls.

I tried the following configuration (and some variations) but it does not work (showing only bridge section, everything before is not changed):

connection hivemq
address some_my_id_from_hive.s1.eu.hivemq.cloud:8883
remote_username myusername
remote_password mypassword
topic mytopic both 0
bridge_protocol_version mqttv311
try_private false
notifications false
bridge_attempt_unsubscribe false
bridge_insecure true

It does not connect at all. In log I have the following:
1636580374: Connecting bridge (step 1) hivemq (some_my_id_from_hive.s1.eu.hivemq.cloud:8883)
1636580374: Connecting bridge (step 2) hivemq (some_my_id_from_hive.s1.eu.hivemq.cloud:8883)
1636580374: Client local.bilbo.hivemq closed its connection.

‘bilbo’ is my local hostname.

It seems even not to try to open a connection to remote port 8883. Not binding to any socket locally?

My mosquitto is behind NAT and has non-routable IP.

Note that I can subscribe with mosquitto_sub without any issues. This works:
mosquitto_sub -h some_my_id_from_hive.s1.eu.hivemq.cloud -p 8883 -u myusername -P mypassword -t 'mytopic'

Does anybody has an idea of what I’m doing wrong?

Thanks in advance!

Rafal