5.1 KiB
Configuration
Broker Mosquitto
During installation, a MQTT broker, Mosquitto, is installed at the same time as Domoticz. The installed version is the one from the official project repo and not from Debian ones. This broker requires a dedicated domain or subdomain to work (ex : mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite
Adding in domoticz
To use mosquitto, you need to customize the communication between domoticz and the broker by following the domoticz documentation, part Add hardware "MQTT Client Gateway". User and password are automatically generated during installation, you may retrieve them with
sudo yunohost app setting domoticz mqtt_user
sudo yunohost app setting domoticz mqtt_pwd
Publish/Subscribe
By default, mosquitto will listen on 2 ports:
- 1883 on localhost using mqtt protocol
- 8883 using websocket protocol. Nginx redirect external port 443 to this internal port.
Hence, To publish/subscribe on a topic from the outside, you have to use a software supporting websocket protocol (ex : paho python library).
Mosquitto_pub et mosquitto_sub
These 2 tools do not support websocket protocol, only direct mqtt: base settings will not allow communication from an outside device. If you're using them directly from your server, this kind of syntax should work:
mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }'
In the same way:
mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out'
If you wish to open direct mqtt protocol from an outside device, you'll need to:
- open port 1883 on Yunohost firewall (Attention, security risk)
- Allows IP addresses in mosquitto configuration for this listener
- Set the tls setting in mosquitto configuration by giving access to crt.pem and key.pem from your mqtt domain by setting respective certfile et keyfile variables. This is mandatory to ensure a secure connection.
Upgrade from version without mosquitto
If you have package ynh3 or below or if you have chosen to not set a domain during initial installation, mosquitto is not installed by default. If you need to activate mosquitto in retrospect, do following actions:
- Create a domain or a subdomain (for example : 'mqtt.your.domain.tld')
- Connect to your server in command line
- Type following command :
yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld
- Upgrade domoticz to last package.
If you're already on the last package version, use the following command :
yunohost app upgrade domoticz --force
Configuration
Sensors, language and this kind of stuff
Main configuration of the app take place inside the app itself.
Zwave management
If you're using zwave devices, install mosquitto along domoticz and give a try to zwave-JS-UI package. Once installed, just follow instructions from the wiki
Access and API
By default, access for the JSON API is allowed on following path /yourdomain.tld/api_/domoticzpath
.
So if you access domoticz via https://mydomainname.tld/domoticz, use the following webpath for the api : /mydomainname.tld/api_/domoticz/json.htm?yourapicommand
By default, only sensor updates and switch toogle are authorized. To authorized a new command, you have to manually update the nginx config file :
sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf
Then edit the following block by adding the regex of the command you want to allow:
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}
For example, to add the json command to retrieve the status of a device (/json.htm?type=devices&rid=IDX),modify the line as this:
if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) {
set $api "1";
}
All IPv4 addresses within the local network (192.168.0.0/24) and all IPv6 addresses are authorized as API.
As far as I know, there is no way to filter for IPv6 address on local network : You may remove the authorization by removing or commenting this line in /etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf
:
allow ::/1;
This will authorized only IPv4 within local network to access your domoticz API. You may add individual IPv6 address in the same way.
Limitations
- Backup cannot be restored on a different machine type (arm, x86...) as compiled sources are different