I wanted a smart thermostat for my village home, so that we can turn off the heating when we leave and turn it on a few hours before we’re due to arrive. Unfortunately this came with a lot of restrictions, which basically excluded almost all choices in the market currently:<\/p>\n\n\n\n
admin<\/code>\/admin<\/code> vulnerabillities<\/li>- Something that respects the GDPR<\/li>
- Something ideally open source, or at least that respects the GPL<\/li>
- Open protocol, so I don’t need to pollute my phone with yet another fishy app<\/li>
- Something that doesn’t depend on third party servers, otherwise I risk ending up with an expensive paperweight at a random company’s whim<\/li><\/ol>\n\n\n\n
The excellent folks at https:\/\/hestiapi.com\/ have a product that look like it’s checking all my boxes. Plus, it’s apparently a company from Athens! However, I eventually decided on a DIY solution based on one of my pre-existing servers. I’d install OpenHAB and MQTT on my server, and have an ESP32 on-site as the controller. The advantage of using OpenHAB and MQTT on a pre-existing server, as opposed to a RaspberryPi on-site, is that I don’t need to try to speak with a real person on my ISP’s tech support in order to convince them to give me a real IP address.<\/p>\n\n\n\n
This blog post will cover the installation of openHAB and MQTT on an existing Apache web server using letsencrypt.<\/p>\n\n\n\n
For the following instructions, assume a root shell on the server.<\/p>\n\n\n\n
First of all, I installed mosquitto on my Debian server:<\/p>\n\n\n\n
apt install mosquitto mosquitto-clients<\/pre>\n\n\n\nThen I edited \/etc\/mosquitto\/mosquitto.conf<\/code> to make it work with a username\/password and also my existing letsencrypt certificates, by adding these lines at the bottom:<\/p>\n\n\n\ntls_version tlsv1.2
listener 8883
allow_anonymous false
password_file \/etc\/mosquitto\/users
certfile \/etc\/mosquitto\/certs\/fullchain.pem
keyfile \/etc\/mosquitto\/certs\/privkey.pem
cafile \/etc\/ssl\/certs\/DST_Root_CA_X3.pem<\/code><\/pre>\n\n\n\nNow it’s referencing some files that don’t exist yet. First of all, we need to remove the existing \/etc\/mosquitto\/certs <\/code>directory and symlink it to our \/etc\/letsencrypt\/live\/example.com<\/code> directory. We also need to give the mosquitto<\/code> user access to the certificates by adding it to the ssl-cert<\/code> group. Feel free to ignore the README that says that the directory must be readable only by the mosquitto<\/code> user – having it part of the ssl-cert<\/code> group works just fine.<\/p>\n\n\n\nWe also need to create the \/etc\/mosquitto\/users<\/code> file. We initially edit it by adding a list of usernames and passwords, one username per line, with a colon between usernames and passwords. Example:<\/p>\n\n\n\njimmy:password
admin:letmein<\/pre>\n\n\n\nWe then encrypt the file using this command:<\/p>\n\n\n\n
mosquitto_passwd -U \/etc\/mosquitto\/users<\/pre>\n\n\n\nRestart the mosquitto service:<\/p>\n\n\n\n
\/etc\/init.d\/mosquitto restart<\/pre>\n\n\n\nAnd this part is ready. Next, we install openHAB. I installed the testing distribution:<\/p>\n\n\n\n
wget -qO - 'https:\/\/openhab.jfrog.io\/artifactory\/api\/gpg\/key\/public' | apt-key add -
echo 'deb https:\/\/openhab.jfrog.io\/artifactory\/openhab-linuxpkg testing main' | tee \/etc\/apt\/sources.list.d\/openhab.list
apt update
apt install openhab openhab-addons openjdk-11-jre<\/pre>\n\n\n\n