Ah I prematurely made some comments in Failed to connect to MTQQ after 50+ hours of smooth turbidostat running - #4 by CamDavidsonPilon, but I can expand on them here.
I’d like to know more about the piogate, and how it works (maybe you share with me an contact at the IT department?). It sounds like it allows http connections (i.e. you can visit the UI). Can it also be expanded to include the MQTT websocket port (1883)?
Regarding your solutions:
-
There is a potential world where MQTT doesn’t exist on the client. It would involve some rework to our API, but considering how often MQTT is a the source of connection problems, we will consider it.
-
There exist a plugin that puts the UI under a username and password: GitHub - Pioreactor/pioreactor-basic-auth-for-ui Note that this is basic-auth over HTTP, so anyone snooping on the traffic can read username and passwords, but it would keep out the majority of visitors. This plugin works fine with MQTT.
Long term, we’d like to implement a built-in user authentication system, but that does require https support, which isn’t easily done in local networks.