Hey everyone, so I am encountering a problem with the MQTT broker which actually really slows down my work on the Pioreactors. So the thing is, I am working in an Institution with the Pios andit is important that my data is kind of safe and secure so noone else can access the reactos. Out of this reason, we created something called “piogate” where i need to enter my name and a password to connect to the reactors. So i can do this from a laptop that is not connected to the lan switch, i see the reactors but it cannot connect to the MQTT - which then means it doesnt make sense at all. Without that connection, i cannot look at my data in real time, i don’t know if changing the stirring actually then works (because it doesnt tell me) and i feel like there should be a better way to get around this. So, i asked out IT-department on how to fix this, and they said there cannot be a fix from our side but maybe the developers could do something, this was our IT-departments answer to my question:
This is because the website from your browser is trying to establish a connection to the pioreactors via MQTT. This is not enabled on the firewall, as it would otherwise bypass the entire construction with the piogate.
The problem is that no authentication is implemented in the Pioreactor web interface or in MQTT. If this were enabled, anyone in our network could therefore control the Pioreactors. That’s why we built the construction with the piogate, so that you first have to log in before you can access the Pioreactor websites. We can’t build something like this with the MQTT commands, so we won’t enable it.
Possible solution 1 would be for the Pioreactor developers to modify the MQTT commands so that they are not sent by the browser, but by the Pioreactors themselves. There are no firewall restrictions within their network.
Possible solution 2 would be for the Pioreactor developers to implement authentication in their software (and all the things that the software does, such as MQTT) so that not everyone can do everything.
I’d like to know more about the piogate, and how it works (maybe you share with me an contact at the IT department?). It sounds like it allows http connections (i.e. you can visit the UI). Can it also be expanded to include the MQTT websocket port (1883)?
Regarding your solutions:
There is a potential world where MQTT doesn’t exist on the client. It would involve some rework to our API, but considering how often MQTT is a the source of connection problems, we will consider it.
There exist a plugin that puts the UI under a username and password: GitHub - Pioreactor/pioreactor-basic-auth-for-ui Note that this is basic-auth over HTTP, so anyone snooping on the traffic can read username and passwords, but it would keep out the majority of visitors. This plugin works fine with MQTT.
Long term, we’d like to implement a built-in user authentication system, but that does require https support, which isn’t easily done in local networks.
Hi Leo,
I solved my wifi-MQTT issue by connecting a laptop to the leader device through a cable. Also I used a free remote control app like Sunlogin to access the laptop at home. This way I can check and operate Pioreactor remotely at any time while keeping the run going smoothly.