Thanks, I will look it over. Here is my use case. 1. I have Starlink as tsp which uses CGNAT==>no public ip at house 2. Set up an openvpn server at Digital ocean 3. Set up Cloudflare to point lots of subdomains to that. 4. Vpn has 1 client. My Synology server 5. VPN routes all incoming traffic from 80 443 8081 to my NAS 6. NAS has Nginx running which reverse proxies to pi which is running weewx 7. The appropriate certs are all in place
That all works fine . When you go to https://weather.sangrephotography.com <https://weather.sangrephotography.com/> you will see my weewx implementation running on pi in my house. So I think most of what you have done with Cloudlare is just a different way of doing the same thing. I cannot do it with CF alone because I don’t have a public ip. I also have an mqtt server on another droplet at Digital ocean Since that has a public ip it does not have to go to the vpn. If I run on 1183 weewx runs fine but fails if I use 8883 to run securely. I have tested sending from a desktop mqtt client on pi successfully so it isn’t a firewall issue just something in weewx config I think I think I am close. Could you send me the portion of your weewx.conf file? Here is what I have [[MQTT]] server_url = "mqtts://donvawter:[email protected]:8883" topic = weather unit_system = US binding = archive,loop aggregation=aggregate log_failure =true log_success = true [[[tls]]] # CA certificates file (mandatory) ca_certs = /etc/ssl/certs/ca-certificates.crt # PEM encoded client certificate file (optional) certfile = /etc/ssl/certs/cert2.pem # private key file (optional) keyfile = /etc/ssl/certs/privkey2.pem # Certificate requirements imposed on the broker (optional). # Options are 'none', 'optional' or 'required'. # Default is 'required'. cert_reqs = required # SSL/TLS protocol (optional). # Options include sslv1, sslv2, sslv23, tls, tlsv1, tlsv12 # Default is 'tlsv1' # Not all options are supported by all systems. tls_version = tlsv1 # Allowable encryption ciphers (optional). # To specify multiple cyphers, delimit with commas and enclose # in quotes. #ciphers = Currently I have [[[tls]]] and below commented about and the server_url is using mqtt and 1883 Another set of eyes is probably all I need. Thanks for your help. BTW my next task is to create time lapse clips with my Synology and embed those in belchertown theme. > On Aug 26, 2021, at 6:45 AM, Doug Jenkins <[email protected]> wrote: > > Good Morning Don: > > I can help with your mqtt setup. I had the same problem with my setup, > largoweather.com <http://largoweather.com/>. The way I solved it was that I > setup a Cloudflare account to manage my domain. Cloudflare redirects the > traffic to my home public IP address and converts all my traffic to SSL. > > For MQTT, I setup a subdomain called wxsocket.largoweather.com > <http://wxsocket.largoweather.com/> and forwarded all port 9001 traffic to my > network. > > Attached is my Cloudflare and NGINX Proxy Manager setup that I use for > largoweather.com <http://largoweather.com/>. Essentially if you check my SSL > Cert, it is provided by Cloudflare. Cloudflare pushes all http traffic as > https to my internal server. I have firewall rules to route all incoming > 80/443 traffic to my internal server in which that is properly routed to my > NGINX Proxy Manager instance. > > NGINX Proxy manager proxies that traffic to the correct webserver (in my case > container) that hosts my weewx website. I did issue a LetsEncrypt SSL within > NGINX Proxy manager to get that to work. > > The trick with LetsEncrypt is that you need to expose (just for a second) > your public IP Address in Cloudflare (assuming that is your name server of > the domain) for the SSL Certificate to be created correctly. Once you do > that, you can set up Proxy again to protect your public IP. > > Once this is setup, you will see the live updates working in a few minutes. > > Please let me know if this helps. > > Doug Jenkins > > On Wed, Aug 25, 2021 at 9:13 PM Don Vawter <[email protected] > <mailto:[email protected]>> wrote: > I don't want to hijack the thread but any delails on getting mqtt to work > with ssl would be appreciated. I gave up and am just using insecure. I have a > broke on a digital ocean droplet. All the certs are in place but I always get > "failed to upload" errors > > On Tuesday, April 13, 2021 at 6:03:43 AM UTC-6 Mitchell Tuckness wrote: > Thanks, I am going to check this out. I just got MQTT over SSL working, wow, > that was tough. > > > > From: [email protected] <> <[email protected] <>> On Behalf > Of DaveStLou > Sent: Friday, April 2, 2021 5:57 AM > To: weewx-user <[email protected] <>> > Subject: Re: [weewx-user] Skin with webcam? > > > > I 'm no expert by any means. I usually just try things I find here: > w3school's HTML Tutorial <https://www.w3schools.com/html/>. I'm sure there's > room for improvement. > > > > With that intro, I've attached the index_hook_after_station_info.inc I > created which includes the link to YouTube livestream and the embeded > EarthCam content. > > > > On Friday, April 2, 2021 at 5:54:58 AM UTC-5 [email protected] <> wrote: > > I am also interested in how you did this. Thanks. > > Op donderdag 1 april 2021 om 14:02:24 UTC+2 schreef Mitchell Tuckness: > > I don't suppose you would be interested in sharing the code you used to > modify the Belchertown to look so nice. I am horrible on HTML, but I am > pretty good at modifying, or write a guide on how you modified it. Looks > great, would like to get mine like that! > > On Thursday, March 25, 2021 at 7:47:31 AM UTC-6 DaveStLou wrote: > > Like In77, I use Belchertown skin. I added my webcam in > "index_hook_after_station_info" section so it appears below the station > information: OakvilleWx.com <https://oakvillewx.com/> > On Thursday, March 25, 2021 at 1:39:44 AM UTC-5 ln77 wrote: > > Belchertown isn’t exactly pre-loaded, but it is well integrated and the > install is straightforward. It has a radar feed. It doesn’t have the webcam > built in, but It has several places to insert user-defined content and it > would be easy to put a webcam in one of them. I hacked it a little to put > the webcam in place of the current-conditions icon: http://www.2pi.org/wx/ > <http://www.2pi.org/wx/> > > -Les > > > > > > > On 24 Mar 2021, at 20:53, 'super zee' via weewx-user > <[email protected] <>> wrote: > > > > Brand new here and still learning. Got Weewx loaded and it's uploading to > CWOP and my web page. Is there a skin preloaded with WeeWX that can > accommodate a web cam and live radar feed? > > > > Thanks for the help! > > Chris > > KAZTEMPE47 > > > > -- > You received this message because you are subscribed to the Google Groups > "weewx-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/weewx-user/58b570f6-ba28-4b46-bbdf-dcc9447d36a5n%40googlegroups.com > > <https://groups.google.com/d/msgid/weewx-user/58b570f6-ba28-4b46-bbdf-dcc9447d36a5n%40googlegroups.com?utm_medium=email&utm_source=footer>. > > > > -- > You received this message because you are subscribed to a topic in the Google > Groups "weewx-user" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/weewx-user/y-RQmnoqcqQ/unsubscribe > <https://groups.google.com/d/topic/weewx-user/y-RQmnoqcqQ/unsubscribe>. > To unsubscribe from this group and all its topics, send an email to > [email protected] <>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/weewx-user/f3d8e269-1b62-4274-9fce-677aedcdfbf2n%40googlegroups.com > > <https://groups.google.com/d/msgid/weewx-user/f3d8e269-1b62-4274-9fce-677aedcdfbf2n%40googlegroups.com?utm_medium=email&utm_source=footer>. > > > -- > You received this message because you are subscribed to the Google Groups > "weewx-user" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/weewx-user/bfc692b5-90b7-41ef-95bd-7137f9ccbc47n%40googlegroups.com > > <https://groups.google.com/d/msgid/weewx-user/bfc692b5-90b7-41ef-95bd-7137f9ccbc47n%40googlegroups.com?utm_medium=email&utm_source=footer>. > > > -- > Thanks, > > Doug Jenkins > Phone: 813.391.5686 | [email protected] <mailto:[email protected]> | > www.dougjenkins.com <http://www.dougjenkins.com/> > > -- > You received this message because you are subscribed to a topic in the Google > Groups "weewx-user" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/weewx-user/y-RQmnoqcqQ/unsubscribe > <https://groups.google.com/d/topic/weewx-user/y-RQmnoqcqQ/unsubscribe>. > To unsubscribe from this group and all its topics, send an email to > [email protected] > <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/d/msgid/weewx-user/CACC0i0w_e3fCLSmA0Qeza5nAr2wce8iwkxRyN032rgyRsgp%3Dag%40mail.gmail.com > > <https://groups.google.com/d/msgid/weewx-user/CACC0i0w_e3fCLSmA0Qeza5nAr2wce8iwkxRyN032rgyRsgp%3Dag%40mail.gmail.com?utm_medium=email&utm_source=footer>. > <Largoweather.com MQTT Live Weather Setup.docx> -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/weewx-user/3A65F8F3-03C5-489D-8655-E42B7DAA7667%40gmail.com.
