MQTT端口8883和1883同时启用
我有一个Docker-Compose文件,其中有一个MQTT容器和一个Python应用程序容器。 MQTT容器必须能够接受来自外界的TLS和端口8883的连接。只有位于其他Python应用程序容器中的客户端才能在1883上连接未加密的客户。
证书似乎还可以。如果我只启用侦听器8883,则可以进行通信。另外,如果我只启用听众1883,它也有效。 只有当我一起使用时,我不起作用。
问题是,当我放置侦听器8883 0.0.0.0和侦听器1883 0.0.0.0配置文件,然后我停止在端口8883上使用证书连接,也不在端口1883上连接。
撰写文件:
version: '3.8'
services:
nginx-proxy:
.
.
networks:
- frontend
- mqtt
app:
.
.
networks:
- frontend
- backend
- mqtt
mqtt-8vv30kj5g5u4:
.
.
networks:
- mqtt
networks:
frontend:
name: frontend-network
backend:
name: backend-network
mqtt:
name: mqtt-network
我的Mosquitto.conf文件:
listener 8883 0.0.0.0
listener 1883 0.0.0.0
max_connections -1
protocol mqtt
certfile /mosquitto/config/certificates/server.crt
keyfile /mosquitto/config/certificates/server.key
crlfile /mosquitto/config/certificates/ca.crl
require_certificate true
cafile /mosquitto/config/certificates/ca.crt
allow_anonymous true
使用TLS通过tls连接端口8883我获得了错误ssleoferror:EOF发生在违反协议(_SSL)中。 C:1129)在客户端。经纪人中的Mosquitto.log文件说:
1654783087: New connection from 172.28.0.2:57262 on port 8883.
1654783087: Client <unknown> disconnected due to malformed packet.
通过端口1883连接不会引发任何错误。但是Mosquitto.log文件说:
1654783976: New connection from 172.28.0.6:38193 on port 1883.
1654783976: OpenSSL Error[0]: error:1404A42E:SSL routines:ST_ACCEPT:tlsv1 alert protocol version
1654783976: Client <unknown> disconnected: Protocol error.
您可以看到错误吗?
I have a docker-compose file where I have a MQTT container and a python app container. The MQTT container must be able to accept connections over tls and port 8883 from the outside world. Only a client located in the other python app container should be able to connect unencrypted over port 1883.
Certificates seems to be ok. if i only enable listener 8883 then communication works. Also if i only enable listener 1883 it works too. Only if i use together i doesnt work.
The issue is that when i put listener 8883 0.0.0.0 and listener 1883 0.0.0.0 in the config file then i cant connect at port 8883 with certs and neither at port 1883.
compose file:
version: '3.8'
services:
nginx-proxy:
.
.
networks:
- frontend
- mqtt
app:
.
.
networks:
- frontend
- backend
- mqtt
mqtt-8vv30kj5g5u4:
.
.
networks:
- mqtt
networks:
frontend:
name: frontend-network
backend:
name: backend-network
mqtt:
name: mqtt-network
My mosquitto.conf file:
listener 8883 0.0.0.0
listener 1883 0.0.0.0
max_connections -1
protocol mqtt
certfile /mosquitto/config/certificates/server.crt
keyfile /mosquitto/config/certificates/server.key
crlfile /mosquitto/config/certificates/ca.crl
require_certificate true
cafile /mosquitto/config/certificates/ca.crt
allow_anonymous true
Connecting over port 8883 using tls i get the error SSLEOFError: EOF occurred in violation of protocol (_ssl.c:1129) at client side. The mosquitto.log file in broker says:
1654783087: New connection from 172.28.0.2:57262 on port 8883.
1654783087: Client <unknown> disconnected due to malformed packet.
Connecting over port 1883 throws no error. But the mosquitto.log file says:
1654783976: New connection from 172.28.0.6:38193 on port 1883.
1654783976: OpenSSL Error[0]: error:1404A42E:SSL routines:ST_ACCEPT:tlsv1 alert protocol version
1654783976: Client <unknown> disconnected: Protocol error.
Can you maybe see an error?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Mosquitto.conf文件中的订单很重要。
使用
您已定义
侦听器8883 0.0.0.0带有默认设置(完全没有SSL)和侦听器1883 0.0.0.0,带有所有SSL配置。您可能想要的是:
这是在端口8883上设置SSL(并且由于您需要客户端SSL证书而禁用匿名连接),并允许在端口1883上匿名访问
Order in the mosquitto.conf file is important.
With
You have defined
listener 8883 0.0.0.0with the default settings (no ssl at all) andlistener 1883 0.0.0.0with all the SSL config that follows in the config file.What you probably want is this:
This sets up SSL on port 8883 (and disables anonymous connections since you are requiring a client SSL cert) and allows anonymous access on port 1883