New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mosquitto "allow_anonymus true" doesn't work #2382
Comments
Sorry to hear you're having problems. Could you try |
This is what I get on the latest version, using compose with password auth in a bridge network.
|
Funnily enough, changing the port behind |
Maybe a silly question, but did you stop any other broker that might be running on the machine before trying to capture these logs? Address in use is what mosquitto prints if it tries to open 1883, but there is already someone else listening there. |
I'm running it inside docker, so yes, it is the only process even alive in that container, any port used has to be used by mosquitto. docker-compose.yamlservices:
mqtt:
container_name: <censored>
image: "eclipse-mosquitto:2-openssl"
volumes:
- "<censored>:/mosquitto/config"
- "<censored>:/mosquitto/data"
- "<censored>:/mosquitto/log"
restart: unless-stopped
expose:
- "1883"
ports:
- <censored>:1883:1883
runtime: runsc
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
networks:
<censored>:
ipv4_address: <censored>
ipv6_address: <censored> mosquitto config (that fails)# Data
persistence true
persistence_location /mosquitto/data/
# Logging
#log_dest file /mosquitto/log/mosquitto.log
# TLS
cafile /mosquitto/config/ca.pem
certfile /mosquitto/config/cert.pem
keyfile /mosquitto/config/key.pem
tls_version tlsv1.2
# Auth
listener 1883
password_file /mosquitto/config/password.txt mosquitto config (that works on port 1883)# Data
persistence true
persistence_location /mosquitto/data/
# Logging
#log_dest file /mosquitto/log/mosquitto.log
# TLS
cafile /mosquitto/config/ca.pem
certfile /mosquitto/config/cert.pem
keyfile /mosquitto/config/key.pem
tls_version tlsv1.2
# Auth
listener 1883 <censored, container ip>
password_file /mosquitto/config/password.txt or (untested if auth works) # Data
persistence true
persistence_location /mosquitto/data/
# Logging
#log_dest file /mosquitto/log/mosquitto.log
# TLS
cafile /mosquitto/config/ca.pem
certfile /mosquitto/config/cert.pem
keyfile /mosquitto/config/key.pem
tls_version tlsv1.2
# Auth
listener 1888
password_file /mosquitto/config/password.txt So I just think it's opening a default (unconfigured) listener on |
Yeah, I noticed you were running a docker. I had memories of having a similar situation while running a server for multiple devices in the network. I configured the container network so mosquitto could listen to the network card, port 1883. Of course a broker running in the same machine, outside docker will make the broker in the container fail. But I just did a quick experiment, and realized that my memory is not that good. Of course in my scenario there is a failure but is docker who complains, not the containerized broker (as it does not even start running). My bad. As soon as I have some free time, I'll try to experiment with your config files (thanks for them). See if I can spot something. Just for completeness, did you try in a platform different than a RPi? |
Not running on a PI, but rather a x86_64 server. |
Ohhh, @cromefire, sorry, I missed the point that you're not the OP. I wrote in many tickets late at night, and after reading your comment over mail this morning, somehow I assumed it was a single person. |
Was having a similar issue on my RPi running v2.0.11 on top of Raspi OS Bullseye. Limiting the connections to only IPv4 seems to have solved the problem for me. @cromefire , even though you disabled IPv6 in the container, you might try adding the following to your mosquitto config file and see if it helps: |
I explicitly enabled IPv6 (by setting disable to 0, I know kinda confusing but grabbed that off some docker docs, but I actually use IPv6, where possible) and that might very well what failed. Will test with only IPv4 enabled. |
Didn't work, but it also still seems to register a IPv6 listener:
New config# Data
persistence true
persistence_location /mosquitto/data/
# Logging
#log_dest file /mosquitto/log/mosquitto.log
# TLS
cafile /mosquitto/config/ca.pem
certfile /mosquitto/config/cert.pem
keyfile /mosquitto/config/key.pem
tls_version tlsv1.2
# Auth
socket_domain ipv4
listener 1883
password_file /mosquitto/config/password.txt |
Related to the last comment the listener and socket_domain -settings seem not to work properly when the listener is configured after the socket_domain.
|
I've had a look at this, and I wonder if you've also configured a listener on port 1883 in a different config file, or twice in the same config file? |
If the docker container doesn't have any second config that I don't know of, that's all of my config. |
I've missed the obvious. You're suffering from the curse of the default listener. Some config options can be used without first specifying the listener that they apply to. This then creates a default listener, a design decision that came from the config format of RSMB, an earlier MQTT broker that I now rue following.
Suggested config:
|
I think I've tried that before, but can't hurt to test it one more time just to be sure. |
Have you managed to sort this out? |
Yes, that seems to work (sorry for the huge delay), maybe a bit more (obvious) documentation/logging on the order could be great, it's not really self describing it seems like. Can't close this, but as the original author hasn't responded, you might want to go ahead and close it. Thank you for the help. |
Hi!
I have installed mosquitto broker (v2.0.11) on raspberry PI 3. Then created config file custm.conf in the conf.d directory:
/etc/mosquitto/conf.d/custm.conf
Despite this, mosquitto still doesn't allow unauthorized connections.
systemctl status mosquitto.service
says, the file was loaded:When I run
mosquitto -v
in the shell, the oputput looks like this:I really don't know what to do at this point
The text was updated successfully, but these errors were encountered: