From 1bb2be7fdee7cabccbd710a7682215940093b033 Mon Sep 17 00:00:00 2001
From: Raimondi Lorenzo <UID1011741@eni.intranet>
Date: Thu, 19 Mar 2026 11:31:20 +0100
Subject: [PATCH 1/3] feat: Make MQTT broker port configurable

- Add MQTT_PORT environment variable to docker-compose.yml
- Update start_flash.sh to dynamically generate mosquitto.conf with configurable port
- Update psk-frontend.py to read MQTT_PORT from environment
- Update setup_checks.sh to check configured MQTT port instead of hardcoded 1883
- Add gettext to Dockerfile for template support
- Update README.md with MQTT_PORT usage documentation
---
 Dockerfile              | 2 +-
 README.md               | 1 +
 docker-compose.yml      | 1 +
 scripts/psk-frontend.py | 6 +++++-
 scripts/setup_checks.sh | 3 ++-
 start_flash.sh          | 9 +++++++++
 6 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a539531..087b043 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:3.13
 
-RUN apk add --update bash git iw dnsmasq hostapd screen curl py3-pip py3-wheel python3-dev mosquitto haveged net-tools openssl openssl-dev gcc musl-dev linux-headers sudo coreutils grep iproute2 ncurses
+RUN apk add --update bash git iw dnsmasq hostapd screen curl py3-pip py3-wheel python3-dev mosquitto haveged net-tools openssl openssl-dev gcc musl-dev linux-headers sudo coreutils grep iproute2 ncurses gettext
 
 RUN python3 -m pip install --upgrade paho-mqtt tornado git+https://github.com/drbild/sslpsk.git pycryptodomex
 
diff --git a/README.md b/README.md
index 47a6047..5362234 100644
--- a/README.md
+++ b/README.md
@@ -90,6 +90,7 @@ Preparations:
 * if you have already cloned this repo just cd into the directory and execute `git pull`
 * cp .env-template .env 
 * adjust the created .env-file, it contains usage information as comments
+* (Optional) if your host already has an MQTT broker on port 1883, you can set `MQTT_PORT` in your .env file to use a different port (e.g. `MQTT_PORT=1884`)
 
 Building and running your container:
 * `docker-compose build && docker-compose run --rm tuya`
diff --git a/docker-compose.yml b/docker-compose.yml
index e59f569..732e8b9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,5 +8,6 @@ services:
         WLAN: ${WLAN}
         AP: ${AP}
         GATEWAY: ${GATEWAY}
+        MQTT_PORT: ${MQTT_PORT:-1883}
     volumes:
       - $LOCALBACKUPDIR:/usr/bin/tuya-convert/backups
diff --git a/scripts/psk-frontend.py b/scripts/psk-frontend.py
index 40813fb..c480563 100755
--- a/scripts/psk-frontend.py
+++ b/scripts/psk-frontend.py
@@ -4,6 +4,7 @@
 import select
 import ssl
 import sslpsk
+import os
 
 from Cryptodome.Cipher import AES
 from hashlib import md5
@@ -96,7 +97,10 @@ def data_ready_cb(self, s):
 
 def main():
 	gateway = '10.42.42.1'
-	proxies = [PskFrontend(gateway, 443, gateway, 80), PskFrontend(gateway, 8886, gateway, 1883)]
+	mqtt_port = int(os.environ.get('MQTT_PORT', 1883))
+	proxies = [PskFrontend(gateway, 443, gateway, 80), PskFrontend(gateway, 8886, gateway, mqtt_port)]
+
+	print(f"PSK frontend configured with MQTT port: {mqtt_port}")
 
 
 	while True:
diff --git a/scripts/setup_checks.sh b/scripts/setup_checks.sh
index 9146b89..175e0f0 100755
--- a/scripts/setup_checks.sh
+++ b/scripts/setup_checks.sh
@@ -141,7 +141,8 @@ check_port tcp 80 "answer HTTP requests"
 check_port tcp 443 "answer HTTPS requests"
 check_port udp 6666 "detect unencrypted Tuya firmware"
 check_port udp 6667 "detect encrypted Tuya firmware"
-check_port tcp 1883 "run MQTT"
+MQTT_PORT=${MQTT_PORT:-1883}
+check_port tcp $MQTT_PORT "run MQTT"
 check_port tcp 8886 "run MQTTS"
 check_firewall
 check_blacklist
diff --git a/start_flash.sh b/start_flash.sh
index d4916e7..fd18902 100755
--- a/start_flash.sh
+++ b/start_flash.sh
@@ -6,6 +6,15 @@ normal=$(tput sgr0)
 setup () {
 	echo "tuya-convert $(git describe --tags)"
 	pushd scripts >/dev/null || exit
+	
+	# Generate mosquitto.conf with configurable port
+	MQTT_PORT=${MQTT_PORT:-1883}
+	cat > mosquitto.conf <<EOF
+allow_anonymous true
+listener $MQTT_PORT
+EOF
+	echo "  Mosquitto configured to listen on port $MQTT_PORT"
+	
 	. ./setup_checks.sh
 	screen_minor=$(screen --version | cut -d . -f 2)
 	if [ "$screen_minor" -gt 5 ]; then

From 6c380ea09f7f3e1a0c2fcbe87435c06b01a78fea Mon Sep 17 00:00:00 2001
From: Raimondi Lorenzo <UID1011741@eni.intranet>
Date: Thu, 19 Mar 2026 11:33:50 +0100
Subject: [PATCH 2/3] feat: Make MQTTS broker port configurable

---
 README.md               | 2 +-
 docker-compose.yml      | 1 +
 scripts/psk-frontend.py | 5 +++--
 scripts/setup_checks.sh | 3 ++-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 5362234..16b3589 100644
--- a/README.md
+++ b/README.md
@@ -90,7 +90,7 @@ Preparations:
 * if you have already cloned this repo just cd into the directory and execute `git pull`
 * cp .env-template .env 
 * adjust the created .env-file, it contains usage information as comments
-* (Optional) if your host already has an MQTT broker on port 1883, you can set `MQTT_PORT` in your .env file to use a different port (e.g. `MQTT_PORT=1884`)
+* (Optional) if your host already has MQTT/MQTTS brokers running, you can set `MQTT_PORT` and/or `MQTTS_PORT` in your .env file to use different ports (e.g. `MQTT_PORT=1884` and `MQTTS_PORT=8887`)
 
 Building and running your container:
 * `docker-compose build && docker-compose run --rm tuya`
diff --git a/docker-compose.yml b/docker-compose.yml
index 732e8b9..7e4f8c0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,5 +9,6 @@ services:
         AP: ${AP}
         GATEWAY: ${GATEWAY}
         MQTT_PORT: ${MQTT_PORT:-1883}
+        MQTTS_PORT: ${MQTTS_PORT:-8886}
     volumes:
       - $LOCALBACKUPDIR:/usr/bin/tuya-convert/backups
diff --git a/scripts/psk-frontend.py b/scripts/psk-frontend.py
index c480563..e5b416c 100755
--- a/scripts/psk-frontend.py
+++ b/scripts/psk-frontend.py
@@ -98,9 +98,10 @@ def data_ready_cb(self, s):
 def main():
 	gateway = '10.42.42.1'
 	mqtt_port = int(os.environ.get('MQTT_PORT', 1883))
-	proxies = [PskFrontend(gateway, 443, gateway, 80), PskFrontend(gateway, 8886, gateway, mqtt_port)]
+	mqtts_port = int(os.environ.get('MQTTS_PORT', 8886))
+	proxies = [PskFrontend(gateway, 443, gateway, 80), PskFrontend(gateway, mqtts_port, gateway, mqtt_port)]
 
-	print(f"PSK frontend configured with MQTT port: {mqtt_port}")
+	print(f"PSK frontend configured with MQTT port: {mqtt_port}, MQTTS port: {mqtts_port}")
 
 
 	while True:
diff --git a/scripts/setup_checks.sh b/scripts/setup_checks.sh
index 175e0f0..c4c652b 100755
--- a/scripts/setup_checks.sh
+++ b/scripts/setup_checks.sh
@@ -143,7 +143,8 @@ check_port udp 6666 "detect unencrypted Tuya firmware"
 check_port udp 6667 "detect encrypted Tuya firmware"
 MQTT_PORT=${MQTT_PORT:-1883}
 check_port tcp $MQTT_PORT "run MQTT"
-check_port tcp 8886 "run MQTTS"
+MQTTS_PORT=${MQTTS_PORT:-8886}
+check_port tcp $MQTTS_PORT "run MQTTS"
 check_firewall
 check_blacklist
 

From e457bebb4958916ce3b1dd99231a945b9ececc43 Mon Sep 17 00:00:00 2001
From: Raimondi Lorenzo <UID1011741@eni.intranet>
Date: Thu, 19 Mar 2026 11:38:57 +0100
Subject: [PATCH 3/3] docs: Add MQTT_PORT and MQTTS_PORT to .env-template

---
 .env-template | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.env-template b/.env-template
index db0f07c..c1b49c2 100644
--- a/.env-template
+++ b/.env-template
@@ -4,3 +4,5 @@ WLAN=wlan0                          #must match the name of your wlan-interface
 AP=vtrust-flash                     #the name of the created AP, can be anything you want
 GATEWAY=10.42.42.1                  #gateway address, leave it here
 LOCALBACKUPDIR=./data/backups       #location on your host where you want to store backuos of the old firmware & logs
+MQTT_PORT=1883                      #MQTT broker port, change if your host already has MQTT on 1883
+MQTTS_PORT=8886                     #MQTTS broker port, change if your host already has MQTTS on 8886