https://netmaker.org logo
#install
Title
# install
b

bulky-solstice-12980

07/06/2022, 11:49 AM
Does the server support changing the MQ password? It looks like in the compose comments it might in the future but wasn't sure. Would be great to have the broker exposed publicly just on port 443 vs opening 8883 as well.
b

bored-island-21407

07/06/2022, 12:08 PM
There is no password for MQ. Authorization is done via certificates.
MQ traffic is proxied by Traefik
b

bulky-solstice-12980

07/06/2022, 12:26 PM
I'm not referring to authentication, just the port. I tried changing the variable MQ_PORT to 443, but got the following errors:
Copy code
[netclient] 2022-07-05 14:51:25 joining netmaker-vpn at nm-api.MYDOMAIN.COM:443
[netclient] 2022-07-05 14:51:26 starting wireguard
[netclient] 2022-07-05 14:51:59 unable to connect to broker, retrying ...
Ping tcp://broker.MYDOMAIN.COM:443(MY_PUBLIC_IP:443) - Connected - time=99.552984ms
Ping tcp://broker.MYDOMAIN.COM:443(MY_PUBLIC_IP:443) - Connected - time=88.012322ms
Ping tcp://broker.MYDOMAIN.COM:443(MY_PUBLIC_IP:443) - Connected - time=93.654605ms
[netclient] 2022-07-05 14:52:03 could not connect to broker broker.MYDOMAIN.COM connect timeout
[netclient] 2022-07-05 14:52:03 connection issue detected.. attempt connection with new certs and broker information
[netclient] 2022-07-05 14:52:03 certificates/key saved
[netclient] 2022-07-05 14:52:35 could not connect to broker at broker.MYDOMAIN.COM:8883
[netclient] 2022-07-05 14:52:35 failed to publish update for join connection timeout
It wasn't until I set it back to 8883 and exposed 8883 on my firewall that I was able to connect successfully.
b

bored-island-21407

07/06/2022, 12:27 PM
which compose file are you using?
b

bored-island-21407

07/06/2022, 12:33 PM
traefik will proxy the mq traffic from 443 to 8883
b

bulky-solstice-12980

07/06/2022, 12:34 PM
Right, that's what I had set up, but for some reason was not working. I can provide my full modified docker-compose if that helps to troubleshoot.
b

bored-island-21407

07/06/2022, 12:34 PM
sure
b

bulky-solstice-12980

07/06/2022, 12:34 PM
With the 443 set up and try joining another host
One moment
Ok, here's the compose of my netmaker pieces:
And here's the output when trying to join:
Well, it's the same as above
It looks like I am able to ping / connect to the new host, but those failed message outputs seemed unusual
b

bored-island-21407

07/06/2022, 12:43 PM
in the mq section of your compose you need:
Copy code
ports:
      - "127.0.0.1:1883:1883"
   expose:
      - "8883"
b

bulky-solstice-12980

07/06/2022, 12:43 PM
Ah, let me give that a try
hmm, is it possible to change the 1883 port in netmaker? I know where to change it in the mosquitto config (I've already got another broker on that port)
b

bored-island-21407

07/06/2022, 12:48 PM
not at the present time
b

bulky-solstice-12980

07/06/2022, 12:49 PM
So curious why it was working before when setting MQ_PORT to 8883 when I didn't have those 1883 ports exposed in my compose but 443 won't work?
b

bored-island-21407

07/06/2022, 12:51 PM
8883 is for client connection to the broker (secured) ... the netmaker container connects to the broker over 1883 (unsecured) both need to be able to connect in order for a complete comms path to exist
when you had the MQ_PORT set to 8883 and also mapped that port in your compose file, client could connect but the netmaker server could not because you hadn't exposed 1883 .... so the clients could send message to the broker but they would never get to the netmaker server.
b

bulky-solstice-12980

07/06/2022, 12:54 PM
But it was working when set to 8883 and not exposing 1883. My issue was when the only difference was setting MQ_PORT = 443
b

bored-island-21407

07/06/2022, 12:59 PM
your compose file was not consistent with setting MQ_PORT to 443
you had 8883 mapped to the host not exposed
b

bulky-solstice-12980

07/06/2022, 1:00 PM
let me try that
Ok, I think that worked. The
expose: "443"
line was the missing link I believe.
Even though I don't have to actually expose the port on the host machine
Thanks for your help!
2 Views