KB: Configure MOKO / KKM / Taguard Gateways to connect to `eruditek.com`

Use this guide to configure IoT gateways (MOKO, KKM, Taguard) to connect to the Mosquitto MQTT broker running on eruditek.com. The broker supports plain MQTT, MQTT over TLS, WebSockets and WSS.

1. Broker information

Protocol	Hostname	Port	Security	Notes
MQTT (non-SSL)	`eruditek.com`	1883	None	Standard MQTT
MQTT (non-SSL, extra)	`eruditek.com`	1884	None	Extra plain TCP port
MQTT (non-SSL, extra)	`eruditek.com`	8884	None	Extra plain TCP port
MQTT (TLS)	`eruditek.com`	8883	TLS/SSL	Requires CA certificate
WebSocket (non-SSL)	`eruditek.com`	1885	None	For browser-based clients
WebSocket Secure (WSS)	`eruditek.com`	8885	TLS/SSL	Requires CA certificate

2. Certificates required (for TLS / WSS)

For secure connections (ports 8883 and 8885), gateways must use the CA certificate that signed the broker certificate.

Download the CA certificate (example):
```
https://eruditek.com/ca.crt
```
Upload or paste this CA certificate into the gateway's CA Certificate or Trusted Root field.
No client certificate/key is required unless you enable mutual TLS (mTLS) later.

3. MOKO Gateway configuration (summary)

Open the MOKO Gateway Web UI and go to MQTT Settings.
Configure:

Host: eruditek.com
Port: 8883  # recommended (TLS)
Client ID: MOKO-GW01
Username/Password: (leave empty if allow_anonymous = true)
TLS Enable: ✔ (if using 8883)
CA Certificate: Upload ca.crt

Save & reboot the gateway. Check gateway logs for a successful connection message.

4. KKM Gateway configuration (summary)

Open the KKM Gateway web console > Network → MQTT Settings.

Enter settings:

Server: eruditek.com
Port: 8883  # secure or 1883 for non-secure
Protocol: MQTT (or WSS for websocket-based clients)
Client ID: KKM-GW01
TLS/SSL: Enable for 8883
CA Certificate: Upload ca.crt

Apply and restart the gateway service, then check diagnostics.

5. Taguard Gateway configuration (summary)

Access Taguard Gateway Dashboard > IoT Cloud → MQTT Config.

Fill settings:

Broker Address: eruditek.com
MQTT Port: 8883  # preferred
Client ID: TAGUARD-GW01
Authentication: Disabled (unless you enable username/password later)
Enable TLS: ✔ (for 8883)
Upload CA Cert: ca.crt

Save — gateway will auto-reconnect until successful.

6. Testing the connection

Run these from a machine with mosquitto-clients installed:

# Non-SSL test
mosquitto_sub -h eruditek.com -p 1883 -t "test/topic" -v

# TLS test
mosquitto_sub -h eruditek.com -p 8883 --cafile ca.crt -t "test/topic" -v

Expected: client connects and shows subscription; TLS test verifies CA trust.

7. Firewall & Network

Ensure the following ports are allowed (ingress) on your broker/server firewall: 1883,1884,8884,8883,1885,8885.
If using NAT, forward those ports from your public IP to the broker host.
Confirm DNS resolves: ping eruditek.com or dig eruditek.com.

8. Troubleshooting

Connection refused: verify broker is listening and DNS resolves.
TLS handshake failed: re-upload ca.crt and ensure the gateway trusts it.
No messages: check broker subscriptions and firewall rules.

Check broker logs:

sudo journalctl -xeu mosquitto.service | tail -50

Note: If you prefer, you can restrict anonymous access and create username/password accounts. Additionally, you can bind listeners to specific interfaces by adding bind_address per listener in /etc/mosquitto/mosquitto.conf.

Generated for: Taguard / MOKO / KKM — Mosquitto broker at eruditek.com. Copy /etc/mosquitto/certs/ca.crt to gateways as the CA certificate.

KB: Configure MOKO / KKM / Taguard Gateways to connect to eruditek.com