You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I recently upgraded to v2.0.5 on Ubuntu 18.04. I've noticed that when logrotate sends a SIGHUP to mosquitto to reload after compressing logfiles I see disconnects of anonymous clients (previously connected to localhost) which are then never allowed to reconnect. Maybe the reload is ignoring the allow_anonymous directive for the localhost listener?
I can manually reproduce this by SIGHUP'ing mosquitto.
Example:
Configuration
/etc/mosquitto/mosquitto.conf:
# Place your local configuration in /etc/mosquitto/conf.d/
#
# A full description of the configuration file is at
# /usr/share/doc/mosquitto/examples/mosquitto.conf.example
persistence true
persistence_location /var/lib/mosquitto/
log_dest file /var/log/mosquitto/mosquitto.log
include_dir /etc/mosquitto/conf.d
/etc/mosquitto/conf.d/tls.conf
# Enable per-listener settings
per_listener_settings true
# Localhost non-TLS listener will allow anonymous access
listener 1883 localhost
allow_anonymous true
# VPN non-TLS listener will disallow anonymous access
listener 1883 192.168.255.1
allow_anonymous false
# Password file configuration is on a per-listener basis
password_file /etc/mosquitto/passwd
# Public-facing TLS listener disallows anonymous access
listener 8883
allow_anonymous false
certfile /etc/letsencrypt/live/<hostname>/cert.pem
cafile /etc/letsencrypt/live/<hostname>/chain.pem
keyfile /etc/letsencrypt/live/<hostname>/privkey.pem
# Password file configuration is on a per-listener basis
password_file /etc/mosquitto/passwd
Commands:
sudo systemctl start mosquitto.service
<wait for anonymous clients to connect>
sudo killall -HUP mosquitto
Logs
/var/log/mosquitto/mosquitto.log
After reloading the configuration note that:
The anonymous clients on 127.0.0.1 are disconnected
The (authenticated) bridge connection remains connected
Reconnection attempts by the anonymous clients on 127.0.0.1 are rejected
1610981476: mosquitto version 2.0.5 starting
1610981476: Config loaded from /etc/mosquitto/mosquitto.conf.
1610981476: Opening ipv4 listen socket on port 1883.
1610981476: Opening ipv4 listen socket on port 1883.
1610981476: Opening ipv4 listen socket on port 8883.
1610981476: Opening ipv6 listen socket on port 8883.
1610981476: mosquitto version 2.0.5 running
1610981476: New connection from 127.0.0.1:48392 on port 1883.
1610981476: New client connected from 127.0.0.1:48392 as mason (p2, c1, k20).
1610981477: New connection from 192.168.255.254:44502 on port 1883.
1610981477: New bridge connected from 192.168.255.254:44502 as dobby.s10-bridge (p2, c0, k60, u'dobby').
1610981489: New connection from 127.0.0.1:45289 on port 1883.
1610981489: New client connected from 127.0.0.1:45289 as alexa.query (p2, c1, k60).
1610981504: Reloading config.
1610981504: Loading config file /etc/mosquitto/conf.d/tls.conf
1610981504: Client mason disconnected.
1610981504: Client alexa.query disconnected.
1610981505: New connection from 127.0.0.1:36019 on port 1883.
1610981505: Client <unknown> disconnected, not authorised.
1610981506: New connection from 127.0.0.1:48400 on port 1883.
The text was updated successfully, but these errors were encountered:
Thanks for the detailed write up and great edge case. I've pushed a commit to that fixes this to the fixes branch, it will be part of 2.0.6 in about a week.
Description
I recently upgraded to v2.0.5 on Ubuntu 18.04. I've noticed that when
logrotate
sends aSIGHUP
to mosquitto to reload after compressing logfiles I see disconnects of anonymous clients (previously connected tolocalhost
) which are then never allowed to reconnect. Maybe the reload is ignoring theallow_anonymous
directive for thelocalhost
listener?I can manually reproduce this by
SIGHUP
'ing mosquitto.Example:
Configuration
/etc/mosquitto/mosquitto.conf
:/etc/mosquitto/conf.d/tls.conf
Commands:
Logs
/var/log/mosquitto/mosquitto.log
After reloading the configuration note that:
127.0.0.1
are disconnected127.0.0.1
are rejectedThe text was updated successfully, but these errors were encountered: