jakowenko · jakowenko · Oct 20, 2022 · Sep 16, 2022 · Sep 21, 2022 · Oct 18, 2022
diff --git a/README.md b/README.md
@@ -280,6 +280,16 @@ mqtt:
   password:
   client_id:
 
+  tls:
+    # cert chains in PEM format: /path/to/client.crt
+    cert:
+    # private keys in PEM format: /path/to/client.key
+    key:
+    # optionally override the trusted CA certificates: /path/to/ca.crt
+    ca:
+    # if true the server will reject any connection which is not authorized with the list of supplied CAs
+    reject_unauthorized: false
+
   topics:
     # mqtt topic for frigate message subscription
     frigate: frigate/events

diff --git a/api/src/constants/defaults.js b/api/src/constants/defaults.js
@@ -29,6 +29,9 @@ module.exports = {
     stop_on_match: true,
   },
   mqtt: {
+    tls: {
+      reject_unauthorized: false,
+    },
     topics: {
       frigate: 'frigate/events',
       matches: 'double-take/matches',

diff --git a/api/src/util/mqtt.util.js b/api/src/util/mqtt.util.js
@@ -1,3 +1,4 @@
+const filesystem = require('fs');
 const { v4: uuidv4 } = require('uuid');
 const axios = require('axios');
 const mqtt = require('mqtt');
@@ -86,24 +87,33 @@ const processMessage = ({ topic, message }) => {
 
 module.exports.connect = () => {
   if (!MQTT || !MQTT.HOST) return;
-  CLIENT = mqtt.connect(`mqtt://${MQTT.HOST}`, {
-    reconnectPeriod: 10000,
-    username: MQTT.USERNAME || MQTT.USER,
-    password: MQTT.PASSWORD || MQTT.PASS,
-    clientId: MQTT.CLIENT_ID || `double-take-${Math.random().toString(16).substr(2, 8)}`,
-  });
-
-  CLIENT.on('connect', () => {
-    logStatus('connected', console.log);
-    this.publish({ topic: 'double-take/errors' });
-    this.available('online');
-    this.subscribe();
-  })
-    .on('error', (err) => logStatus(err.message, console.error))
-    .on('offline', () => logStatus('offline', console.error))
-    .on('disconnect', () => logStatus('disconnected', console.error))
-    .on('reconnect', () => logStatus('reconnecting', console.warn))
-    .on('message', async (topic, message) => processMessage({ topic, message }).init());
+
+  try {
+    CLIENT = mqtt.connect(`mqtt://${MQTT.HOST}`, {
+      reconnectPeriod: 10000,
+      username: MQTT.USERNAME || MQTT.USER,
+      password: MQTT.PASSWORD || MQTT.PASS,
+      clientId: MQTT.CLIENT_ID || `double-take-${Math.random().toString(16).substr(2, 8)}`,
+      key: MQTT.TLS.KEY ? filesystem.readFileSync(MQTT.TLS.KEY) : null,
+      cert: MQTT.TLS.CERT ? filesystem.readFileSync(MQTT.TLS.CERT) : null,
+      ca: MQTT.TLS.CA ? filesystem.readFileSync(MQTT.TLS.CA) : null,
+      rejectUnauthorized: MQTT.TLS.REJECT_UNAUTHORIZED === true,
+    });
+
+    CLIENT.on('connect', () => {
+      logStatus('connected', console.log);
+      this.publish({ topic: 'double-take/errors' });
+      this.available('online');
+      this.subscribe();
+    })
+      .on('error', (err) => logStatus(err.message, console.error))
+      .on('offline', () => logStatus('offline', console.error))
+      .on('disconnect', () => logStatus('disconnected', console.error))
+      .on('reconnect', () => logStatus('reconnecting', console.warn))
+      .on('message', async (topic, message) => processMessage({ topic, message }).init());
+  } catch (error) {
+    logStatus(error.message, console.error);
+  }
 };
 
 module.exports.available = async (state) => {