Sometimes it becomes necessary to configure data transfer between two mqtt brokers. Such functionality is, for example, in Mosquitto MQTT Broker called bridge. This functionality allows you to forward messages from one broker to another, thereby having a copy of the data in two brokers.
Here is an example of setting up a bridge to send data from local topics zigbee2mqtt/# to mqtt.flespi.io:

connection FlespiBroker
address mqtt.flespi.io:8883
topic zigbee2mqtt/# out 0
remote_username YOUR_FLESPI_TOKEN_HERE
bridge_insecure false
try_private false
bridge_protocol_version mqttv311
bridge_cafile /path/to/cert.pem
bridge_tls_version tlsv1.2

Files root.crt and certificate.crt you can get from Google Chrome browser:

  • dexif, cooli4enko85, namo, and 2 others like this.

  • We have released an article in the knowledge base about setting up Mosquitto MQTT Bridge to reduce the number of questions in the future. It covers how to obtain the certificate chain, provides an example of a working configuration, and includes a bit about tokens.

5 months later

I suspect this is no longer up-to-date; the mosquitto bridge states
Error: Protocol tlsv1.3 not supported
And then
Warning: Unable to connect to bridge FlespiBroker.
Also, is it possible that the certificates are no longer the same? I'm also getting errors regarding the validity of the certificate files...

    CaspervanHeck
    Hi hmm, I have the latest version(1.6.12) of the mosquitto configured. And there are no connection problems with it.

    Your version may be compiled without tls1.3 support? How did you install mosqitto? What OS are you using?

    In my case is docker image https://hub.docker.com/_/eclipse-mosquitto and Debian 10.

      I've got the same docker image, and have the same issue on my server (debian), two raspberries (hyperiot and raspbian), and on my windows pc (using wsl, ofc). All give the exact same behaviour. Mosquitto is also version 1.6.12. The config is a copy-paste of yours, where I replace the remote username with my token.
      Could it be that these settings are different for different users? As in; TLS works differently for non-paying users?

      EDIT: it may be a different issue, but exporting certificates from Chrome only allows me to export .cer and .c7b files. I got the certificates using another browser, but this may cause other issues. Are these certificates available as files somewhere?

        I may have found the issue in question; turns out I set ACL to MQTT, but didn't explicitly set pub and sub. It works now, apologies for the confusion on my part.

        I did need to set the tls version to 1.2, which is odd.

        3 months later

        UPD: for bridge_cafile parameter you should use chain pem certificate.
        You can get it in firefox:

        a year later

        Hi there, I'm having an issue where my local mosquitto broker will always subscribe to all topics from the remote Flespi broker, regardless of what I put in the "topic" line in the config.

        I’ve then tried setting up a second local broker bridged to the first one (mosquitto to mosquitto) and interestingly that seems to behave as expected where it only subscribes to the topic specified in the config. It appears that the problem lies in bridging mosquitto to Flespi.

        Has anyone else experienced this or have any suggestions for a fix?

          adamwhats
          Hello, could you please provide sample configs?

              dexif
              Here's my config. For testing I've set it to sub to FAKETOPIC, which nothing is publishing to, meaning that the broker shouldn't receive any messages. However it always behaves as if the config has "topic # both 0" in the config

              allow_anonymous true
              listener 1883

              connection REMOTE
              address mqtt.flespi.io:8883
              remote_username <Flespi Token>
              bridge_cafile <Path to cert>.pem
              bridge_tls_version tlsv1.3
              bridge_insecure false
              try_private false
              topic FAKETOPIC/# both 0

                  Hmm... I've configured my mosqitto bridge like this and I'm not getting messages from other topics. Give an example of the topic that you receive.
                  Are you sure you are getting it from the flespi server and not from your mosquitto?
                  What is your version of mosquitto?

                    dexif

                    Aha I've found a fix - it turns out that changing the connection name solved the issue. My hunch is that mosquitto is saving the topic config from the first time I created a bridge with that connection name - as I originally used "topic # both 0" this then persisted even after I updated the conf. Simply changing the config to include "connection REMOTE_TEST" and "topic FAKETOPIC/# both 0" fixed it.

                    I'm using mosquitto 2.0.14, I wonder if this is a bug in that release.

                    Thanks for looking into it!

                      adamwhats
                      Ah, I figured out the reason. You just had to delete the mqtt session on flespi after changing the configuration. The fact is that mosquitto creates a stored session and every time you change a topic, mosquitto simply adds it to existing subscriptions.

                      It's not a bug, it's a feature ;)

                        2 years later

                        We have released an article in the knowledge base about setting up Mosquitto MQTT Bridge to reduce the number of questions in the future. It covers how to obtain the certificate chain, provides an example of a working configuration, and includes a bit about tokens.

                        Write a Reply...