Tag Archives: mobile

Secure MQTT with bridge for owntracks

A little diagram explaining what i’m using to get a secure mqtt owntracks setup. (reinstall)

Mobile connects with certificates and password to my server in DMZ using port 8883 (no sockets activated at the moment)

Mqtt server in DMZ connects via a bridge to my internal mqtt server. (Both Mosquitto)

Node-red using a worldmap plugin displays the current position of my mobile. Coordinates are stored in a InfluxDB and geolocation is being used to activate/de-activate other node-red nodes.

Start with downloading :

https://github.com/owntracks/tools/blob/master/TLS/generate-CA.sh

Get some environment stuff into place

export IPLIST="83.161.x.x 192.168.1.1 10.12.1.1"
export HOSTLIST="internalhostname.my.lab henriaanstoot.nl mqtt.henriaanstoot.nl"

Generate Certificates and client certificates.

./generate-CA.sh # creates ca.crt and server.{key,crt}
./generate-CA.sh mqttserver # creates server certs
./generate-CA.sh client workstation # creates client certs
./generate-CA.sh client mobile # creates mobile cert

NOTE:
My workstation client is MQTT-explorer, no need to change anything
For owntracks on your mobile you need a P12 certicate, thats a combined cert+key certificate.

openssl pkcs12 -export -in mobile.crt -inkey mobile.key -out mobile.p12

Check certs with

openssl x509 -noout -text -in server.crt  | grep DNS:

Download p12 and ca.crt to you mobile.
MQTT-explorer, add a new connection and select workstation.crt ca.crt and workstation.key

Create a mqtt password file

mosquitto_passwd -c /etc/mosquitto/passwordfile firstuser
mosquitto_passwd -b /etc/mosquitto/passwordfile nextuser

TLS mosquitto example, change where needed. (this is a multi setup, portforward ONLY 8883 to this instance)
1883 is only for internal bridge communication.

# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
pid_file /var/run/mosquitto.pid
persistence true
persistence_location /var/lib/mosquitto/
# Plain MQTT protocol
listener 1883
# End of plain MQTT configuration
# MQTT over TLS/SSL
listener 8883
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
allow_anonymous false
password_file /etc/mosquitto/passwords
# End of MQTT over TLS/SLL configuration
listener 9001
protocol websockets
# End of plain Websockets configuration
# WebSockets over TLS/SSL
listener 9883
protocol websockets
cafile /etc/mosquitto/certs/ca.crt
certfile /etc/mosquitto/certs/server.crt
keyfile /etc/mosquitto/certs/server.key
log_dest file /var/log/mosquitto/mosquitto.log
#include_dir /etc/mosquitto/conf.d
connection bridge-01
address INTERNALIP:1883
topic owntracks/# both 0

Plain internal ‘open’ mosquitto setup only needs bridge config

connection bridge-01
address TLSMOSQUITTOINSTANCE-IP:1883
topic # in 2
Node-red Flow
Nov 2019 example of a track in nodered (A2 to our old home)

Old phones, organisers and gadgets

Old ones

  • Ericsson PF768?
  • One in between ?? with fancy wood cover
  • Nokia 7110 (Symbian)
  • Nokia 7650 (Symbian¬†6)
  • Nokia 6630 (Symbian¬† 8)
This is not the one .. but simular .. still looking if i can find this one

Playing around with these i made a :

  • MMS server
  • Wap server
  • SMS gateway
  • Netsaint ( pre check_mk/icinga/nagios ) web thingy

Androids

  • G1 – First android phone (2009)
  • HTC Desire Z (2011)
  • Nexus (2013)
  • OnePlusOne (2015)
  • Realme (2019)
G1, HTC, Nexus and OnePlusOne
Current phone

Work phones

  • ??
  • Iphone for work ( stopped using this crap )
    • (funny story, got more for cheap to embed in my flightsim dash)
  • Sony Xperia XZ for work

Organizers

  • Multiple sharps
  • Xircom Rex
  • Sharp Zaurus SL-5500 (Linux)
  • Nokia 770

Organizing programs

  • Hyper (dos) – hyplus.exe (1989)
  • Twiki/Foswiki
  • Google docs
  • Joplin (Current)