Your setup is very complicated - Traefik, Cloudflare, Portainer, etc. etc. etc. plus trying to get weewx/mosquitto working to begin with.
FWIW, my working LAN only setup is at https://github.com/vinceskahan/weewx-odds-and-ends/blob/master/weewx-belchertown-websockets.txt if you want to take a look at settings that used to work here. I'm LAN-only, no proxies, ssl disabled, user/pass disabled so it's the simplest setup that should work LAN-only. My hazy recollection is that you also need to be consistent between http/https, and ssl enabled/disabled, but with all the complicated things you're trying to align, wow..... I would suggest you start over, step by step, doing one thing at a time as you build up the complexity.... - get everything working LAN-only 'without' SSL - then get it working LAN-only with SSL - then get it working proxied without SSL - then lastly get it working proxied with SSL or.... - LAN-only without SSL - proxied without SSL - proxied with SSL Or the like. Tiny steps. Minimize moving parts. Build up to the (to me) messy setup you're trying to build. On Tuesday, August 5, 2025 at 9:01:30 AM UTC-7 Peter Schmelitschek wrote: > Ok thanks anyway. > I'll try some combinations later - now 02:00 here > > On Wednesday, 6 August 2025 at 01:59:00 UTC+10 Jacques Terrettaz wrote: > >> Sorry, I don't know anything about Traefik and its configuration. >> >> Le 5 août 2025 à 17:45, Peter Schmelitschek <[email protected]> a >> écrit : >> >> Having a look at my Traefik fileConfig.yaml (dynamic), what I've ended up >> with from ChatGPT looks dodgy: >> >> In http Routers, there are these 2 entries: >> mqtt-router: >> entryPoints: >> - mqtt-ws >> rule: "Host(`mqtt.dreamwoodestate.net`)" >> service: mqtt-ws-svc >> tls: true >> >> mqtt_ws: >> rule: "Host(`mqtt.dreamwoodestate.net`)" >> entryPoints: >> - mqtt-ws >> tls: >> certResolver: cloudflare >> service: mqtt_ws_service >> >> Then in Services: >> mqtt-broker: >> loadBalancer: >> servers: >> - url: "http://192.168.88.67:9011"; >> >> mqtt-ws-svc: >> loadBalancer: >> servers: >> - url: "http://192.168.88.67:9011"; >> >> Which do you suggest should be removed as there is clearly duplication >> wrt port 9011 for websockets. >> >> On Wednesday, 6 August 2025 at 01:37:38 UTC+10 Peter Schmelitschek wrote: >> >>> After a refresh, the error becomes: >>> paho-mqtt.min.js:37 WebSocket connection to 'wss:// >>> mqtt.dreamwoodestate.net:9011/mqtt' failed: >>> d._doConnect @ paho-mqtt.min.js:37 >>> d.connect @ paho-mqtt.min.js:31 >>> Client.connect @ paho-mqtt.min.js:70 >>> connect @ belchertown.js?1754408117:1543 >>> (anonymous) @ belchertown/:171 >>> l @ jquery.min.js:2 >>> c @ jquery.min.js:2 >>> >>> On Wednesday, 6 August 2025 at 01:35:27 UTC+10 Peter Schmelitschek wrote: >>> >>>> With mqtt_websockets_ssl = 1 in the [[[Extras]]] of [[Belchertown]] in >>>> weewx.conf, I get 'Failed connecting to the weather station' from the >>>> browser using https. >>>> I can see the belchertown.js has updated as you pointed out, so now >>>> it's: >>>> belchertown_debug("MQTT: Connecting to MQTT Websockets: >>>> mqtt.dreamwoodestate.net 9011 (SSL Enabled)"); >>>> var useSSL = true; >>>> >>>> client = new Paho.Client("mqtt.dreamwoodestate.net", 9011, >>>> mqttclient); >>>> >>>> BTW, ChatGPT told me last week that I should add a "/" in between the >>>> 9011 and mqttclient in the client = line. >>>> I removed that "/" earlier tonight thinking the advice was wrong - but >>>> it dowsn't seem to improve the situation either way. >>>> >>>> Right now the browser shows this error from F12: >>>> paho-mqtt.min.js:37 WebSocket connection to 'wss:// >>>> mqtt.dreamwoodestate.net:9011/mqtt' failed: >>>> d._doConnect @ paho-mqtt.min.js:37 >>>> On Wednesday, 6 August 2025 at 00:41:41 UTC+10 Jacques Terrettaz wrote: >>>> >>>>> Your belchertown.js file ( >>>>> https://dreamwoodinternational.com/weewx/belchertown/js/belchertown.js) >>>>> is explicitly trying to connect to the MQTT broker with SSL disabled. >>>>> See it in line 1523 of belchertown.js : >>>>> belchertown_debug("MQTT: Connecting to MQTT Websockets: >>>>> mqtt.dreamwoodestate.net 9011 (SSL Disabled)"); >>>>> *var useSSL = false;* >>>>> client = new Paho.Client("mqtt.dreamwoodestate.net", 9011, >>>>> mqttclient); >>>>> >>>>> So double check that you have not conflicting configuration in the >>>>> Belchertown configuration about the use of SSL with MQTT, and verify that >>>>> the >>>>> https://dreamwoodinternational.com/weewx/belchertown/js/belchertown.js >>>>> file >>>>> is synchronized with the one generated by the skin in your weewx VM. The >>>>> belchertown skin is updating the js file every time a new data record has >>>>> been received by weewx. >>>>> >>>>> Le 5 août 2025 à 15:35, Peter Schmelitschek <[email protected]> a >>>>> écrit : >>>>> >>>>> >>>>> Any ideas on solving this issue (from the browser's explorer)? >>>>> >>>>> paho-mqtt.min.js:37 Mixed Content: The page at >>>>> 'https://dreamwoodinternational.com/weewx/belchertown/?debug=true' >>>>> was loaded over HTTPS, but attempted to connect to the insecure WebSocket >>>>> endpoint 'ws://mqtt.dreamwoodestate.net:9011/mqtt'. This request has >>>>> been blocked; this endpoint must be available over WSS. >>>>> (anonymous) @ paho-mqtt.min.js:37 >>>>> On Tuesday, 5 August 2025 at 22:22:35 UTC+10 Peter Schmelitschek wrote: >>>>> >>>>>> This seems to be the issue (from using ?debug=true in browser): >>>>>> >>>>>> MQTT: Connecting to MQTT Websockets: mqtt.dreamwoodestate.net 9011 >>>>>> (SSL Enabled) >>>>>> belchertown.js?1754396118:1579 MQTT: 2025-08-05T22:19:59+10:00: >>>>>> Cannot connect to MQTT broker >>>>>> >>>>>> On Tuesday, 5 August 2025 at 21:44:06 UTC+10 Peter Schmelitschek >>>>>> wrote: >>>>>> >>>>>>> Replies are getting out of order. >>>>>>> myconfig.conf - running without comments: >>>>>>> persistence false >>>>>>> >>>>>>> >>>>>>> allow_anonymous false >>>>>>> password_file /etc/mosquitto/passwd >>>>>>> acl_file /etc/mosquitto/acl >>>>>>> >>>>>>> listener 1883 >>>>>>> listener 8883 >>>>>>> cafile /etc/letsencrypt/live/mqtt.dreamwoodestate.net/chain.pem >>>>>>> certfile /etc/letsencrypt/live/mqtt.dreamwoodestate.net/cert.pem >>>>>>> keyfile /etc/letsencrypt/live/mqtt.dreamwoodestate.net/privkey.pem >>>>>>> protocol mqtt >>>>>>> >>>>>>> listener 9011 >>>>>>> protocol websockets >>>>>>> >>>>>>> On Tuesday, 5 August 2025 at 18:37:56 UTC+10 Jacques Terrettaz wrote: >>>>>>> >>>>>>>> You have possibly a comment line (starting with "#") in the first >>>>>>>> line of myconfig.conf. Try to remove it and any other comment line. >>>>>>>> >>>>>>>> Here is for exemple the content of my own myconfig.conf file : >>>>>>>> listener 1883 >>>>>>>> listener 8083 >>>>>>>> protocol websockets >>>>>>>> allow_anonymous false >>>>>>>> password_file /etc/mosquitto/passwd >>>>>>>> acl_file /etc/mosquitto/acl >>>>>>>> >>>>>>>> >>>>>>>> Le 5 août 2025 à 10:14, Peter Schmelitschek <[email protected]> >>>>>>>> a écrit : >>>>>>>> >>>>>>>> I have recreated both ACL and myconfig.conf files from scratch >>>>>>>> using NANO because Mosquitto complains of unexpected character at the >>>>>>>> start >>>>>>>> of files. >>>>>>>> However, with that done, I still get this at Mosquitto restart: >>>>>>>> Loading config file /etc/mosquitto/conf.d/myconfig.conf >>>>>>>> Error: Unknown configuration variable "#" >>>>>>>> Error found at /etc/mosquitto/conf.d/myconfig.conf:1 >>>>>>>> Error found at /etc/mosquitto/mosquitto.conf:18 >>>>>>>> >>>>>>>> This is possibly the root cause of my MQTT problems - I have been >>>>>>>> commenting out the ACL file previously to get WeeWx to appear at this >>>>>>>> stage. >>>>>>>> Right now I'm seeing "Failed connecting to the weather station" >>>>>>>> >>>>>>>> >>>>>>>> >>>>> -- >>>>> You received this message because you are subscribed to a topic in the >>>>> Google Groups "weewx-user" group. >>>>> To unsubscribe from this topic, visit >>>>> https://groups.google.com/d/topic/weewx-user/Gq6uNw_Cxss/unsubscribe. >>>>> To unsubscribe from this group and all its topics, send an email to >>>>> [email protected]. >>>>> >>>>> To view this discussion visit >>>>> https://groups.google.com/d/msgid/weewx-user/8e9656f2-23b7-47ec-8b1d-cbfe1083ae39n%40googlegroups.com >>>>> >>>>> <https://groups.google.com/d/msgid/weewx-user/8e9656f2-23b7-47ec-8b1d-cbfe1083ae39n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> >>>>> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "weewx-user" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/weewx-user/Gq6uNw_Cxss/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> >> To view this discussion visit >> https://groups.google.com/d/msgid/weewx-user/e14a0b63-8d35-41d4-a0f7-4ccda3b15074n%40googlegroups.com >> >> <https://groups.google.com/d/msgid/weewx-user/e14a0b63-8d35-41d4-a0f7-4ccda3b15074n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> >> -- You received this message because you are subscribed to the Google Groups "weewx-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/weewx-user/99da4b55-be0f-4a20-8a87-21528b6a058fn%40googlegroups.com.
