Plugin double binding ports on Mosquitto

[joaodforce]

I'm setting up the go-auth plugin in my Mosquitto broker

I already had a setup with 3 listeners, 1 for localhost only that allows anonymous logins.
a second one on port 1884 that needs to be authenticated with a password file.
and a 3rd one on port 8883 with TLS enabled that also uses Mosquitto's default password file system.

I then built the go-auth plugin and added a forth listener on port 8884 and set it up with sqlite.
however when I Went to start the service I was faced with a weird issue, it started to say that port 1883 was already in use, for some reason it is trying to bind to it twice.

Here are the startup logs:

1658532199: Loading config file /etc/mosquitto/conf.d/go-auth.conf
1658532199: mosquitto version 2.0.14 starting
1658532199: Config loaded from /etc/mosquitto/mosquitto.conf.
1658532199: Loading plugin: /etc/mosquitto/conf.d/go-auth.so
1658532199:  ├── Username/password checking enabled.
1658532199:  ├── TLS-PSK checking enabled.
1658532199:  └── Extended authentication not enabled.
WARN[2022-07-22T20:23:19-03:00] unknown or empty hasher, defaulting to PBKDF2 
INFO[2022-07-22T20:23:19-03:00] Backend registered: Sqlite                   
INFO[2022-07-22T20:23:19-03:00] registered acl checker: sqlite               
INFO[2022-07-22T20:23:19-03:00] registered user checker: sqlite              
INFO[2022-07-22T20:23:19-03:00] registered superuser checker: sqlite         
INFO[2022-07-22T20:23:19-03:00] No cache set.                                
1658532199: Opening ipv4 listen socket on port 1883.
1658532199: Opening ipv4 listen socket on port 1883.
1658532199: Error: Address already in use

This is my current config file:

per_listener_settings true

listener 1883 localhost
allow_anonymous true
socket_domain ipv4

listener 1884 0.0.0.0
allow_anonymous false
password_file /etc/mosquitto/pw.txt
socket_domain ipv4

listener 8883
socket_domain ipv4
password_file /etc/mosquitto/pw.txt

tls_version tlsv1.2
certfile /etc/letsencrypt/live/domain.com/cert.pem
cafile /etc/letsencrypt/live/domain.com/chain.pem
keyfile /etc/letsencrypt/live/domain.com/privkey.pem

listener 8884
socket_domain ipv4

tls_version tlsv1.2
certfile /etc/letsencrypt/live/domain.com/cert.pem
cafile /etc/letsencrypt/live/domain.com/chain.pem
keyfile /etc/letsencrypt/live/domain.com/privkey.pem

include_dir /etc/mosquitto/conf.d

Ive tried many things, and the only thing so far that gets it working is having only one listener.
I need at least one listener without TLS because not all my devices support TLS.

if I remove the listener 1883 localhost it works.

[joaodforce]

I think I've figured it out, it will bind to 1883 even if I don't add a listener on it. strange

[iegomez]

Hey, @joaodforce!

I think Mosquitto is at fault here, there's no mention of port 1883 in the plugin other than in example configuration for Docker. You can also notice the difference in log format coming from Mosquitto versus the plugin, where the former starts with what seems to be a unix epoch number, while the plugin follows LEVEL[timestamp] format. You could try removing the plugin configuration and running multiple ports without the plugin enabled to confirm, I really suspect it's Mosquitto itself.

On another note, I don't know how per_listener_settings works, so if you're willing, do tell if you're able to configure the plugin for some listeners and not for others and if there's any issue when doing so. I haven't used the plugin in a really long time, and I recall configuring it globally for all listeners when I still used it, but then again I wasn't aiming to have different configurations at the time so I may just have missed the option.

[joaodforce]

Hey, @joaodforce!

I think Mosquitto is at fault here, there's no mention of port 1883 in the plugin other than in example configuration for Docker. You can also notice the difference in log format coming from Mosquitto versus the plugin, where the former starts with what seems to be a unix epoch number, while the plugin follows LEVEL[timestamp] format. You could try removing the plugin configuration and running multiple ports without the plugin enabled to confirm, I really suspect it's Mosquitto itself.

On another note, I don't know how per_listener_settings works, so if you're willing, do tell if you're able to configure the plugin for some listeners and not for others and if there's any issue when doing so. I haven't used the plugin in a really long time, and I recall configuring it globally for all listeners when I still used it, but then again I wasn't aiming to have different configurations at the time so I may just have missed the option.

Hi there! sorry for the delayed response, the way per_listener_settings works is pretty simple, when it is Enabled, you can add Listener specific settings just by adding them right bellow the listener declaration, I specifically use to enable allow_anonymous only on the localhost listener on port 1883

I managed to understand what the problem was, altho it doesn't make sense, With the plugin On and per_listener_settings , it will always listen to port 1883, I think its some sort of internal private config that Mosquito uses whenever there is an auth plugin?

I managed to get my broker running just by removing my 1883 localhost listener, and then from testing, the 1883 port was authenticated with the go-auth plugin.

Im not sure what's this about, I ended up giving up for now, and just leaving everything authenticated, which was an annoying process, I had to go setup credentials in many applications in the server.

however it would be nice if we could figure out what is going on with mosquito here. Right now I understand it is mosquitto's fault it seems, but this behavior is related with the addition of the plugin.

[iegomez]

I'm gonna close this issue for now, but feel free to reopen it if you encounter the same problem again.