Does the server support changing the MQ password?...
# install
Does the server support changing the MQ password? It looks like in the compose comments it might in the future but wasn't sure. Would be great to have the broker exposed publicly just on port 443 vs opening 8883 as well.
There is no password for MQ. Authorization is done via certificates.
MQ traffic is proxied by Traefik
I'm not referring to authentication, just the port. I tried changing the variable MQ_PORT to 443, but got the following errors:
Copy code
[netclient] 2022-07-05 14:51:25 joining netmaker-vpn at nm-api.MYDOMAIN.COM:443
[netclient] 2022-07-05 14:51:26 starting wireguard
[netclient] 2022-07-05 14:51:59 unable to connect to broker, retrying ...
Ping tcp://broker.MYDOMAIN.COM:443(MY_PUBLIC_IP:443) - Connected - time=99.552984ms
Ping tcp://broker.MYDOMAIN.COM:443(MY_PUBLIC_IP:443) - Connected - time=88.012322ms
Ping tcp://broker.MYDOMAIN.COM:443(MY_PUBLIC_IP:443) - Connected - time=93.654605ms
[netclient] 2022-07-05 14:52:03 could not connect to broker broker.MYDOMAIN.COM connect timeout
[netclient] 2022-07-05 14:52:03 connection issue detected.. attempt connection with new certs and broker information
[netclient] 2022-07-05 14:52:03 certificates/key saved
[netclient] 2022-07-05 14:52:35 could not connect to broker at broker.MYDOMAIN.COM:8883
[netclient] 2022-07-05 14:52:35 failed to publish update for join connection timeout
It wasn't until I set it back to 8883 and exposed 8883 on my firewall that I was able to connect successfully.
which compose file are you using?
traefik will proxy the mq traffic from 443 to 8883
Right, that's what I had set up, but for some reason was not working. I can provide my full modified docker-compose if that helps to troubleshoot.
With the 443 set up and try joining another host
One moment
Ok, here's the compose of my netmaker pieces:
And here's the output when trying to join:
Well, it's the same as above
It looks like I am able to ping / connect to the new host, but those failed message outputs seemed unusual
in the mq section of your compose you need:
Copy code
      - ""
      - "8883"
Ah, let me give that a try
hmm, is it possible to change the 1883 port in netmaker? I know where to change it in the mosquitto config (I've already got another broker on that port)
not at the present time
So curious why it was working before when setting MQ_PORT to 8883 when I didn't have those 1883 ports exposed in my compose but 443 won't work?
8883 is for client connection to the broker (secured) ... the netmaker container connects to the broker over 1883 (unsecured) both need to be able to connect in order for a complete comms path to exist
when you had the MQ_PORT set to 8883 and also mapped that port in your compose file, client could connect but the netmaker server could not because you hadn't exposed 1883 .... so the clients could send message to the broker but they would never get to the netmaker server.
But it was working when set to 8883 and not exposing 1883. My issue was when the only difference was setting MQ_PORT = 443
your compose file was not consistent with setting MQ_PORT to 443
you had 8883 mapped to the host not exposed
let me try that
Ok, I think that worked. The
expose: "443"
line was the missing link I believe.
Even though I don't have to actually expose the port on the host machine
Thanks for your help!