after having some issues on my IoT project, see this thread:
Mosquitto Broker Bridge Configuration - unacceptable protocol version I have still one problem to achieve the bridge connection.
I´m using Mosquitto v1.6.7 on my Raspberry Pi with Raspbian Stretch installed. The connection between mosquitto broker bridge and the remote broker (SAP IoT Cloud) is failing to establish. I´ve double checked again all the settings (endpoint address is correct, CAcert.pem is the same I´m using when I just send from my client to the remote broker without the bridge, Any hints again are highly appreciated!
Here is my updated config for mosquitto broker:
I´ve depersonalized the connection name and address. The connection name is used as clientId in remote broker (SAP Cloud) and was double checked and the endpoint address as well.
listener 8883
connection raspberryPiZero
address xxxxxxxx.eu10.cp.iot.sap:8883
bridge_protocol_version mqttv311
try_private false
topic # both
log_type all
bridge_cafile /etc/mosquitto/certs/CAcert.pem
Here is the updated log file:
1574766394: mosquitto version 1.6.7 starting
1574766394: Config loaded from /etc/mosquitto/conf.d/local.conf.
1574766394: Opening ipv4 listen socket on port 8883.
1574766394: Opening ipv6 listen socket on port 8883.
1574766394: Bridge local.raspberrypi.raspberryPiZero doing local SUBSCRIBE on topic #
1574766394: Connecting bridge (step 1) raspberryPiZero (xxxxxxxx.eu10.cp.iot.sap:8883)
1574766395: Connecting bridge (step 2) raspberryPiZero (xxxxxxxx.eu10.cp.iot.sap:8883)
1574766395: Bridge raspberrypi.raspberryPiZero sending CONNECT
1574766395: Received CONNACK on connection local.raspberrypi.raspberryPiZero.
1574766395: Connection Refused: broker unavailable
1574766395: Socket error on client local.raspberrypi.raspberryPiZero, disconnecting.
1574766400: Bridge local.raspberrypi.raspberryPiZero doing local SUBSCRIBE on topic #
1574766400: Connecting bridge (step 1) raspberryPiZero (xxxxxxxx.eu10.cp.iot.sap:8883)
1574766401: Connecting bridge (step 2) raspberryPiZero (xxxxxxxx.eu10.cp.iot.sap:8883)
1574766401: Bridge raspberrypi.raspberryPiZero sending CONNECT
1574766401: Received CONNACK on connection local.raspberrypi.raspberryPiZero.
1574766401: Connection Refused: broker unavailable
1574766401: Socket error on client local.raspberrypi.raspberryPiZero, disconnecting.
1574766406: Bridge local.raspberrypi.raspberryPiZero doing local SUBSCRIBE on topic #
1574766406: Connecting bridge (step 1) raspberryPiZero (xxxxxxxx.eu10.cp.iot.sap:8883)
1574766407: Connecting bridge (step 2) raspberryPiZero (xxxxxxxx.eu10.cp.iot.sap:8883)
1574766407: Bridge raspberrypi.raspberryPiZero sending CONNECT
1574766407: mosquitto version 1.6.7 terminating
From the mosquitto.conf man page
remote_clientid id
Set the client id for this bridge connection. If not defined, this
defaults to 'name.hostname', where name is the connection name and
hostname is the hostname of this computer.
This replaces the old "clientid" option to avoid confusion with
local/remote sides of the bridge. "clientid" remains valid for the
time being.
This means that the clientid being presented to the remote broker is raspberryPiZero.raspberrypi not raspberryPiZero. If the client id need to be just raspberryPiZero then you need to use the remote_clientid option to set it.
That will get the client id correct. Next you need to tell the local broker to use all the same certificates that your client was using.
You will need to use the bridge_certfile to point to the client cert file and the bridge_keyfile to point to the unencrypted client private key.
connection raspberryPiZero
address xxxxxxxx.eu10.cp.iot.sap:8883
bridge_protocol_version mqttv311
remote_clientid raspberryPiZero
try_private false
bridge_cafile /etc/mosquitto/certs/CAcert.pem
bridge_certfile /etc/mosquitto/certs/clientCert.pem
bridge_keyfile /etc/mosquitto/certs/clientKey.pem
topic # both
log_type all
Related
I have an VPS with a mosquitto broker and a webpage hosted inside.
The webpage is running over https with websockets, we bought a .com host to be able to get letsencrypt certicate. At the beging I tried with a certificate of www.sslforfree.com pointing directly to myweb.ovh.net and the webpage connecting to this url too.
In that case everything worked perfect, but I need a certificate that could keep for a long, and letsencrypt I thing that could be the solution.
I created a letsencrypt certicate pointing to the web.com and I put that certificates in my mosquitto.conf in this way
listener 9001
protocol websockets
certfile /etc/letsencrypt/live/web.com/cert.pem
cafile /etc/letsencrypt/live/web.com/chain.pem
keyfile /etc/letsencrypt/live/web.com/privkey.pem
allow_anonymous false
When I try to run my mosquitto I don't have response in the server side, no message in the console and I get an error in the web console "ERR_CONNECTION_REFUSED" it seems that the certicate is not beeing loaded in the server correctly or maybe the cert is not ok.
With the cert from sslforfree everithing worked ok. Could it be a problem with file permissions? I'm totally lost with this problem, also I dont know how to see if the cert is being loaded correctly in my server.
My mosquitto log is
1596462903: Config loaded from mosquitto2.conf.
1596462903: Opening ipv4 listen socket on port 8884.
1596462903: Opening ipv6 listen socket on port 8884.
1596462903: Opening websockets listen socket on port 9001.
1596462924: New connection from 88.9.162.109 on port 8884.
1596462924: New client connected from 88.9.162.109 as crfEquipo40 (c1, k60, u'crfEquipo40').
1596462924: Sending CONNACK to crfEquipo40 (0, 0)
1596462924: Received SUBSCRIBE from crfEquipo40
1596462924: opi40/cmd/teclado (QoS 0)
1596462924: crfEquipo40 0 opi40/cmd/teclado
1596462924: Sending SUBACK to crfEquipo40
1596462925: Received SUBSCRIBE from crfEquipo40
1596462925: opi40/evt/hora (QoS 0)
1596462925: crfEquipo40 0 opi40/evt/hora
1596462925: Sending SUBACK to crfEquipo40
1596462925: Received SUBSCRIBE from crfEquipo40
1596463066: mosquitto version 1.4.15 terminating
As you can see port 9001 is running but nothing is happening, I tried the same with the sslforfree certificate and the connection was ok, messages received in the port 9001 but with the letsencrypt certificate no response.
In my javascript console client I get the next
and also this one in the chrome security panel
Use the /etc/letsencrypt/live/web.com/fullchain.pem rather than /etc/letsencrypt/live/web.com/chain.pem
I have both a client and a broker running on a remote Linux machine within a Lora Network server that has a mosquitto connector.
The client can listen for the broker's broadcast from a certain address and port (#127.0.0.1:1883)
I would like to open an ssh tunnel between this remote machine and my machine (windows 10) to 'eavesdrop' on the communication between the client and the broker using MQTT.fx to run a mosquitto client;
So far I tried to:
Run ssh -L 22883:#remoteMachineAdress:1883 usern.ame#gatewayAdress -p222 on MobaXtrem](https://mobaxterm.mobatek.net/)
Then I launch a client on MQTT.fx to listen on the broker: 127.0.0.1 port 22883.
This establishes a connection to the broker. However, I am not receiving any of the messages passed to the original client (the one on the remote machine) receives.
Can anyone tell me what am I doing wrong?
And if there are any tutorials about this?
I appreciate all the help I can get, thank you in advance!
This configuration is correct, it was the connector on the server who was sending the data to a different application.
I am using Solace VMR for MQTT Publish/subscribe service . I am using paho library for publishing and subscribing . I need SSL connection with the Solace for the purpose. I configured Server and CA Certificate . Using SolAdmin , I can see that SSL service is enabled on port 8883 . So when I am trying to connect to Solace MQTT for publishing the data , it is throwing me a error :
2016-09-09T16:54:50+0000 solace event: SYSTEM: SYSTEM_SSL_CONNECTION_REJECTED: - - SSL Connection rejected: reason (unknown protocol); connection to XXX.XX.XX.XXX:8883 from XXX.XX.XX.XXX:6217
6.
I am using the URL as ssl://XXX.XX.XX.XXX:8883. Please help where I am doing wrong ?
This error is seen when a client uses TLS 1.0 to establish an SSL connection with the Solace VMR. TLS 1.0 is not supported on the Solace VMR as it is deemed to be unsecure.
The connection should be successful when using TLS 1.1 or TLS 1.2.
I have installed two broker of Mosquitto (1.4.2-3.2x86_64)and RabbitMQ (3.5.3-1) using newest version so far on CentOS 6 servers. With default configuration i can sub/pub messages for each broker separately, this mean that MQTT is running normally.
But when i bridge Mosquitto server to a RabbitMQ server, i face below problem right after i change mosquitto.conf file:
"Connecting bridge (Rabbit-IP)
Socket error on client client_name, disconnecting".
My bridge configuration in mosquitto.conf is:
connection test
address Rabbitmq-IP
topic # both 0 local/ remote/
Can you explain to me !
Thanks !
Try to use this option in your config file for the bridge
try_private false
This is an option that will tell the other broker that this is a bridge connection and defaults to true and if the RabbitMQ doesn't supports it, then it would not allow you to connect.
I've got a JavaScript-based WebApp that includes the Eclipse Paho client.
The WebApp is stored and executed on an NGINX webserver.
On the same Server where the webserver is installed, the MQTT broker mosquitto is running. I've defined port 8884 as listener port for secured connections.
Running mosquitto_sub (simple C client) with --cafile and -p 8884 works fine!
Now I want to secure the WebApp using SSL by passing mqttOptions = { useSSL: true } in my MQTT client implementation.
I can see that the app is trying to establish an connection to wss://ip instead of ws://ip. But the server responds with a connection refused which is totally clear because I did not configure anything on the webserver as I do not have a clue how to manage this. Will the wss connection be 'mapped' to a https or something? Do I need a websocket proxy in NGINX? Thanks in advance for any help.
You can not use the same port for raw MQTT and MQTT over websockets with mosquitto, you need to create 2 separate listeners.
The fact that you can connect with mosquitto_sub implies you have only set up a listener with the raw MQTT.
e.g.
listener 8883
listener 8884
protocol websockets
This will create a native MQTT listener on 8883 and a MQTT over websockets on port 8884
I did so. Here is the mosquitto conf entry:
listener 8884 127.0.0.1
protocol websockets
cafile /path/to/ca.crt
certfile /path/to/certfile.crt
keyfile /path/to/keyfile.key
require_certificate false
and so the app is trying to connect to myip:8884