Secured MQTT server connection question

[lkovacs74]

Hi Mike,

First of all I would like to thank you your and the other contributors work. This is an amazing stuff!

I have some problems with MQTT in secure environment. I think this is my fault, but I can't find the solution.

So, I have an Mosquitto mqtt server, which runs on Ubuntu 19.10. I secured (TLS 1.2, usarname and password are mandatory) my mosquitto server.

I generated the required certificates, modified the mosquitto configuration as described. All of my crt files are PEM encoded.

It works from shell fine:

$ sudo mosquitto_pub -h localhost -t shp/nappali --capath /home/haadmin/cert2 --key /home/haadmin/cert2/client.key --cert /home/haadmin/cert2/client.crt -m "test" -u My_User-P My_Pass -p 8883 -d
m7SxElpODb0q3H sending CONNECT
Client mosq/dBQOm7SxElpODb0q3H received CONNACK (0)
Client mosq/dBQOm7SxElpODb0q3H sending PUBLISH (d0, q0, r0, m1, 'shp/nappali', ... (4 bytes))
Client mosq/dBQOm7SxElpODb0q3H sending DISCONNECT

The mqtt topic is updated immediately.

Now I tried to set up Shairport to use MQTT. I modified the conf:

mqtt =
{
        enabled = "yes"; // set this to yes to enable the mqtt-metadata-service
        hostname = "HaServer"; // Hostname of the MQTT Broker
        port = 8883; // Port on the MQTT Broker to connect to
        username = "My_User"; //set this to a string to your username in order to enable username authentication
        password = "My_Pass"; //set this to a string you your password in order to enable username & password authentication
        capath = "/home/haadmin/cert2/"; //set this to the folder with the CA-Certificates to be accepted for the server certificate. If not set, TLS is not used
//      cafile = "/home/haadmin/cert2/HaServer.crt"; //this may be used as an (exclusive) alternative to capath with a single file for all ca-certificates
        certfile = "/home/haadmin/cert2/client.crt"; //set this to a string to a user certificate to enable MQTT Client certificates. keyfile must also be set!
        keyfile = "/home/haadmin/cert2/client.key"; //private key for MQTT Client authentication
        topic = "shp/nappali"; //MQTT topic where this instance of shairport-sync should publish. If not set, the general.name value is used.
//      publish_raw = "no"; //whether to publish all available metadata under the codes given in the 'metadata' docs.
        publish_parsed = "yes"; //whether to publish a small (but useful) subset of metadata under human-understandable topics
//      Currently published topics:artist,album,title,genre,format,songalbum,volume,client_ip,
//      Additionally, empty messages at the topics play_start,play_end,play_flush,play_resume are published
        publish_cover = "yes"; //whether to publish the cover over mqtt in binary form. This may lead to a bit of load on the broker
        enable_remote = "yes"; //whether to remote control via MQTT. RC is available under `topic`/remote.
//      Available commands are "command", "beginff", "beginrew", "mutetoggle", "nextitem", "previtem", "pause", "playpause", "play", "stop", "playresume", "shuffle_songs", "volumedown", "volumeup"
};

When I start Shairport with -vvv option I got this:

0.006194242|**Client Nappali sending CONNECT**
         0.004267506|*warning: Could not acquire a Shairport Sync native D-Bus interface "org.gnome.ShairportSync.i7843" on the system bus.
         0.000306468|*warning: Could not acquire an MPRIS interface named "org.mpris.MediaPlayer2.ShairportSync.i7843" on the system bus.
         0.005277950|avahi: service '092723BF7E1F@Nappali' group is not yet committed.
         0.001471315|avahi: request to add "_raop._tcp" service with metadata
         0.001117421|avahi: service '092723BF7E1F@Nappali' group is registering.
         0.004233943|Avahi DACP monitor successfully started
         0.865368684|avahi: service '092723BF7E1F@Nappali' successfully added.
         0.610146983|soxr_delay_index: 4.
         0.000053526|"soxr" interpolation has been chosen.
****

So I think Shairport trying to connect, but I never got the Connected message.

When I start to stream I got this messages:

0.000029576|MH Metadata stream processing start.
         0.000008462|  Type: "Server", content: "AirTunes/105.1"
         0.000081439|[MQTT]: Client not connected, skipping metadata handling
         0.000138552|MH Item ID set to: "995441355"
         0.000045351|[MQTT]: Client not connected, skipping metadata handling
         0.000085264|MH Album name set to: "Analog Worms Attack"
         0.000044401|[MQTT]: Client not connected, skipping metadata handling
         0.000067851|MH Artist name set to: "Mr Oizo"
         0.000046438|[MQTT]: Client not connected, skipping metadata handling
         0.000079014|MH Composer set to: ""
         0.000043701|[MQTT]: Client not connected, skipping metadata handling
         0.000070976|MH Genre set to: ""
         0.000050501|[MQTT]: Client not connected, skipping metadata handling
         0.000075601|MH Track name set to: "Flat Beat (Radio Edit)"
         0.000045101|[MQTT]: Client not connected, skipping metadata handling
         0.000073463|[MQTT]: Client not connected, skipping metadata handling
         0.000080677|[MQTT]: Client not connected, skipping metadata handling
         0.000075651|[MQTT]: Client not connected, skipping metadata handling
         0.000085664|MH Metadata stream processing end.

So, in the reality Shairport not able to connect to my mqtt server. The Shairport and Mosquitto runs on the same box.

May I ask your help to find out what is wrong in my mqtt config?

Thanks, Laszlo

[mikebrady]

Thanks for the post, which I edited slightly for layout. I wonder if Till Zimmerman might have a comment. @tillz?

[github-actions[bot]]

This issue has been inactive for 60 days so will be closed 7 days from now. To prevent this, please remove the "stale" label or post a comment.