MQTT Mosquitto both in unencrypted and ssl mode

[mackowiakp]

Is it possible to run MQTT Mosquitto both in unencrypted and SSL mode? I need it for using in local network for ESP based DiY units in unencrypted mode (only user/pass auth) and to expose broker to Internet for geofencing needs, of course over SSL. If so, how I need to modify default config file or startup command in Linux?

This is my mosquitto config file:

Code: Select all

pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
log_dest none
#log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
max_queued_messages 200
message_size_limit 0
allow_anonymous true 
autosave_interval 900
autosave_on_changes false
allow_zero_length_clientid true
allow_duplicate_messages false
persistence_file mosquitto.db
password_file /etc/mosquitto/passwd

[TD-er]

SSL support is still not really used.
So if possible, please try to connect via some VPN connection when you need to send it over the internet.
SSL was unstable until recently. Now it is partly a matter of memory usage and didn't have time yet to implement it.

[mackowiakp]

Yes, You are right. It is not EasyESP related problem, but I try to run Mosquitto in SSL mode both on nanoPi (512 MB RAM) and X86_64 QNAP NAS (8 MB RAM), together with Domoticz. In case of nanoPi RAM was full after 15 min and it caused watchdog reboot. In case of QNAP it takes several hours and than NAS hangs. As i googled, there is bug in SSL implementation in Mosquitto. In unencrypted mode it works properly.