Using the Client on HIVEMQ when I try to connect my mqtt server, I get the following error:
Firefox can’t establish a connection to the server at ws://xxx.com:8083/mqtt.
Connect failed: AMQJS0007E Socket error:undefined.
I'm using the following parameters:
Host: xxx.com
Port: 8083
Running Command mosquitto, I get the response:
[ 1615.745348]~DLT~ 1670~INFO ~FIFO /tmp/dlt cannot be opened. Retrying later...
1608926628: mosquitto version 1.6.9 starting
1608926628: Config loaded from /etc/mosquitto/conf.d/default.conf.
1608926628: Opening ipv4 listen socket on port 1883.
1608926628: Opening ipv4 listen socket on port 8883.
1608926628: Opening ipv6 listen socket on port 8883.
1608926628: Opening websockets listen socket on port 8083.
and My Mosquitto conf file is:
allow_anonymous false
password_file /etc/mosquitto/passwd
listener 1883 localhost
listener 8883
certfile /etc/letsencrypt/live/burooq.com/cert.pem
cafile /etc/letsencrypt/live/burooq.com/chain.pem
keyfile /etc/letsencrypt/live/burooq.com/privkey.pem
listener 8083
protocol websockets
certfile /etc/letsencrypt/live/burooq.com/cert.pem
cafile /etc/letsencrypt/live/burooq.com/chain.pem
keyfile /etc/letsencrypt/live/burooq.com/privkey.pem
Looking for all port opened, I get:
To Action From
-- ------ ----
[ 1] Apache Full ALLOW IN Anywhere
[ 2] 22/tcp ALLOW IN Anywhere
[ 3] 22 ALLOW IN Anywhere
[ 4] 80/tcp ALLOW IN Anywhere
[ 5] 80 ALLOW IN Anywhere
[ 6] 443/tcp ALLOW IN Anywhere
[ 7] 443 ALLOW IN Anywhere
[ 8] 80,443/tcp ALLOW IN Anywhere
[ 9] 8883 ALLOW IN Anywhere
[10] 8083 ALLOW IN Anywhere
[11] 2222 ALLOW IN Anywhere
[12] Apache Full (v6) ALLOW IN Anywhere (v6)
[13] 22/tcp (v6) ALLOW IN Anywhere (v6)
[14] 22 (v6) ALLOW IN Anywhere (v6)
[15] 80/tcp (v6) ALLOW IN Anywhere (v6)
[16] 80 (v6) ALLOW IN Anywhere (v6)
[17] 443/tcp (v6) ALLOW IN Anywhere (v6)
[18] 443 (v6) ALLOW IN Anywhere (v6)
[19] 80,443/tcp (v6) ALLOW IN Anywhere (v6)
[20] 8883 (v6) ALLOW IN Anywhere (v6)
[21] 8083 (v6) ALLOW IN Anywhere (v6)
[22] 2222 (v6) ALLOW IN Anywhere (v6)
Mosquitto version 1.6.9
Ubuntu version 20.04.1 LTS
You can't use the IP address, you have to use the hostname that you got the certificate issued for e.g. burooq.com
The reason is that the browser will not be able to validate the certificate from the broker because it will not have an CN or SAN entry for the IP address.
You will also need to ensure that the firewall is configured to allow external access on port 8083
EDIT:
Also having just double checked the HiveMQ Websocket showcase page, it does not look to support connecting to a TLS secured MQTT over Websockets broker.
I had to create the file location for logs
$ mkfifo /tmp/dlt
change the listening port in your Mosquitto config file
$ vim /etc/mosquitto/mymosqui.conf
Listeners 8443
Restart Mosquitto:
$ sudo service mosquitto restart
Check the status:
$ sudo service mosquitto status
Check the ports if they are listening:
$ netstat -tulpn | grep mos
tcp 0 0 0.0.0.0:8443 0.0.0.0:* LISTEN 148132/mosquitto
tcp6 0 0 :::8443 :::* LISTEN
148132/mosquitto
Related
I coundn't deploy from Laravel Forge when I set ufw like below.
$ sudo ufw status
Status: active
To Action From
-- ------ ----
80 ALLOW Anywhere
443 ALLOW Anywhere
22 LIMIT Anywhere
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
22 (v6) LIMIT Anywhere (v6)
I need security measures and I don't want to change the ufw setting every deploy. I suppose I can set up whitelist if I can see IPs. Any help will be appreciated.
Thanks.
Update
It works if I remove "limit" setting but I need to avoid DOS attack.
$ sudo ufw status
Status: active
To Action From
-- ------ ----
80 ALLOW Anywhere
443 ALLOW Anywhere
22 ALLOW Anywhere
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
Configured Nginx to interact with Tomcat on port 9090 on mac.
This configuration works when querying on localhost. Fails to work when connecting from outside, until firewall is disabled.
I have firewall configuration to something like below for forwarding to port 8080 and 8443
sudo ipfw add 100 fwd 127.0.0.1,8080 tcp from any to me 80
sudo ipfw add 110 fwd 127.0.0.1,8443 tcp from any to me 443
Request domain.com --> 443 --> nginx on 8443 --> Tomcat 9090
Side note:
domain.com --> 80 --> re-directs to 443 and then to nginx on 8443 --> Tomcat 9090
iOS Firewall IPFW sends everything from 80 to 8080 and 443 to 8443
Nginx is running on 8080 and 8443
Nginx redirects everything from 8080 to 8443. Nginx on 8443 communicates with Tomcat over 9090.
Tomcat is on 9090
Router is configured to allow access on Port 80 and 443,
So the question, what do I need to change on mac to unblock firewall for a successful
response.
Here is the story. Somehow the spotlinght does not work, called apple support. The conclusion after 2 hour conversation is to clean reinstall the system. I did that and restored everything using time machine.
BUT, the webserver does not work. If can still turn on the web server. But a browser can not load the page. Scanning the port of the server, seems ports 80 and 443 are not even detected. Any one knows how to solve it?
Port Scan has started…
Port Scanning host:
Open TCP Port: 22 ssh
Open TCP Port: 88 kerberos
Open TCP Port: 311 asip-webadmin
Open TCP Port: 445 microsoft-ds
Open TCP Port: 464 kpasswd
Open TCP Port: 548 afpovertcp
Open TCP Port: 625 dec_dlm
Open TCP Port: 631 ipp
Open TCP Port: 749 kerberos-adm
Open TCP Port: 3306 mysql
Port Scan has completed…
I had a running EC2 server with an elastic IP address that was happily running memcached and beanstalkd listening on the external IP at port 11211 and 11300 respectively. I took a AMI of the server to upgrade the size and when the server restarted, neither memcached nor beanstalkd were running. Troubling for memcached as this was init.d to restart but beanstalkd was run as daemon from command line.
However, after several hours, I can't seem to figure out how to get them up and running again.
For memcached the config file reads:
# Default connection port is 11211
-p 11211
# Specify which IP address to listen on. The default is to listen on all IP addresses
-l <EXTERNAL IP ADDRESS>
When I try and run memcached as root from the command line:
memcached -d -m 1024 -u root -l <EXTERNAL IP ADDRESS> -v -p 11211
I get:
bind(): Cannot assign requested address
failed to listen on TCP port 11211: Cannot assign requested address
Yet when I look at netstat, nothing is bound to that port already:
netstat -ant | grep LIST
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
And if I grep the processlist, there is no other memcached running.
Iptables reports the following:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:11300 state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:11211 state ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
The EC2 instance is using the same security group as the original server, so the required ports are open.
Finally, maybe a hint is that the ifconfig IP address is different to the elastic IP address. If I try listening on either the inet adds: Bcast: the memcached service runs and binds however I can't seem to access memcached via the elastic IP.
I MUST be doing something stupid and obvious to you. Thanks for your help.
bind to 0.0.0.0 that should be public.
Settings of my security group on EC2
TCP
Port(Service) Source Action
22 (SSH) 0.0.0.0/0 Delete
80 (HTTP) 0.0.0.0/0 Delete
443 (HTTPS) 0.0.0.0/0 Delete
Output: When I run the telnet
JP$ telnet passionate4.net
Trying 50.18.159.124...
telnet: connect to address 50.18.159.124: Operation timed out
telnet: Unable to connect to remote host
on ubuntu ec2 server
ubuntu#ip-10-166-185-18:~$ sudo netstat -nup -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:68 0.0.0.0:* 400/dhclient3
Telnet uses port 23, you don't have it in your security group.
type this:
JP$ telnet passionat4.net 80
80, 443, 3389, or whatever port you're testing for.
Windows example:
C:/> telnet www.google.com 80