TLS config is empty - MQTT broker issue

An another topic about MQTT broker authentification. I don’t know if I can add my issue to another post already existing?

Here my issue:

I feel totally stupid but I turn around with the Mosquitto authentication step.

I read lot of topic on this forum I had to spend next but I did not find the solution!

That’s what I understood, if I didn’t enable TLS/SSL certification so user and password are enough to enable the connection with the broker.

First question where can I enable TLS/SSL certification: postgres://loraserver_ns:dbpassword@localhost/loraserver_ns?sslmode=disable ???

Second question what is the difference between comment and uncomment “cafile /etc/mosquitto/certs/ca.crt”
“certfile /etc/mosquitto/certs/hostname.crt” “keyfile /etc/mosquitto/certs/hostname.key” if I didn’t enable TLS/SSL certification ???

Then the Log of my issue is clear TLS config is empty what does it mean ?

I need “mosquitto-tls — Configure SSL/TLS support for Mosquitto”
https://mosquitto.org/man/mosquitto-tls-7.html

I followed the quick install with attention and I can find all users and mosquitto passwords under /etc/mosquitto/pwd (right permission 755)

here my MQTT gateway backend setting:

In my opinion I have got a wrong setting because I did not manage to make the analogy with:

network_server.gateway.backend.mqtt.username
network_server.gateway.backend.mqtt.password

For your information I did lot of restart of mosquitto server and loraserver

Thank you for your help

The TLS Config being empty is not the issue here most likely.

When you run the following two commands what do you see?

sudo systemctl status mosquitto

and

sudo netstat -plnt

Hello thank you for your help,

here:

Ok so it doesn’t appear that Mosquitto is actually running or at least not the way it’s intended to. Could you try and stop Mosquitto from running by something like this code

sudo systemctl stop mosquitto

and then attempt to start it again by using the following line of code.

sudo mosquitto -c /etc/mosquitto/mosquitto.conf

It is just to check to see if everything is fine with the mosquitto.conf file. If you don’t see anything pop up after you run that second line open up another terminal window and run

netstat -plnt 

again and you should see mosquitto attached to a port now. If errors do pop up they should point you in the direction of what might be the issue. Also feel free to post the errors if they don’t make sense.

Good evening,

I did all all of your recommendation and I have the same behavior/issue

here:
mosquitto_conf

I didn’t see any pop up or anything else.

here the netstat after the previous command :

no mosquitto broker I can’t see port 1883 ?!?

I’m going to see if the port 1883 is open…

Plz need help thank you

Can you check your log file in /var/log/mosquitto/ ?

I also am assuming your local.conf file is correct and all of the other initial setup went without problem correct?

Right thanks to your advice in mosquitto log, I saw that there was a pb with ca-cert:

conf

I comment catfile, certfile and keyfile then I did your recommendation:

sudo systemctl stop mosquitto & sudo mosquitto -c /etc/mosquitto/mosquitto.conf

and tadam:

It was my questions in first post:

First question where can I enable TLS/SSL certification: postgres://loraserver_ns:dbpassword@localhost/loraserver_ns?sslmode=disable ???

Second question what is the difference between comment and uncomment “cafile /etc/mosquitto/certs/ca.crt”
“certfile /etc/mosquitto/certs/hostname.crt” “keyfile /etc/mosquitto/certs/hostname.key” if I didn’t enable TLS/SSL certification ???

but what is next because with sudo mosquitto -c /etc/mosquitto/mosquitto.conf in background I can see mosquitto broker listen in port 1883 ok right but I get a failed with the loraserver:

and if I stop sudo mosquitto -c /etc/mosquitto/mosquitto.conf in background I get my first issue:

thanks

Good to know, I had just uncommented those lines myself from the beginning as I did not setup those files at the time that I did my installation. Didn’t realize yours were still uncommented, that is my bad, should have asked at the beginning to clarify that.

Ok I begin to understand how to fill loraserver.toml :wink: it’s my luck :wink:

I wrote the result of openssl rand -base64 32 command in network_server.gateway.api.jwt_secret ok I’m glad then when I start loraserver and that I check it ( sudo systemctl start loraserver & journalctl -u loraserver)

“class-c scheduler error” what is this ?!?:

I found an indical pb ==> https://forum.loraserver.io/t/loraserver-gave-pq-syntax-error/855

Probably that I need to follow the instrction…

Don’t know if I can be of any help with that error, I haven’t encountered it myself and I’m not entirely sure what it could be about. Though you did mention in another post that you were updating your postgresql I believe so maybe there was an issue with the install. Also from your earlier nestat -plnt print out, it does appear that much like the post you found relating to your error, that you have more then one instance of postgres running. You’ll need to remove the older one.

I think the error message is truncated. Could you copy & paste it instead of a screenshot?

Hello everybody,

I uninstalled postgre, I’m reinstalling version 9.6…

@brocaar after the installation I will add the paste

thank you for your help

Here the status after reinstallation of postgre:

Apr 12 22:28:51 Debian03 loraserver[521]: time=“2018-04-12T22:28:51+01:00” level=info msg=“configuring join-server client” ca_cert= server="http://localhos…= tls_key=
Apr 12 22:28:51 Debian03 loraserver[521]: time=“2018-04-12T22:28:51+01:00” level=info msg=“no network-controller configured”
Apr 12 22:28:51 Debian03 loraserver[521]: time=“2018-04-12T22:28:51+01:00” level=info msg=“applying database migrations”
Apr 12 22:28:51 Debian03 loraserver[521]: time=“2018-04-12T22:28:51+01:00” level=info msg=“backend/gateway: connected to mqtt server”
Apr 12 22:28:51 Debian03 loraserver[521]: time=“2018-04-12T22:28:51+01:00” level=info msg=“backend/gateway: subscribing to rx topic” qos=0 topic=gateway/+/rx
Apr 12 22:28:51 Debian03 loraserver[521]: time=“2018-04-12T22:28:51+01:00” level=info msg=“backend/gateway: subscribing to stats topic” qos=0 topic=gateway/+/stats
Apr 12 22:28:51 Debian03 loraserver[521]: time=“2018-04-12T22:28:51+01:00” level=info msg=“migrations applied” count=0
Apr 12 22:28:51 Debian03 loraserver[521]: time=“2018-04-12T22:28:51+01:00” level=info msg=“starting api server” bind=“0.0.0.0:8000” ca-cert= tls-cert= tls-key=
Apr 12 22:28:51 Debian03 loraserver[521]: time=“2018-04-12T22:28:51+01:00” level=info msg=“starting gateway api server” bind=“0.0.0.0:8002” ca-cert= tls-cert= tls-key=
Apr 12 22:28:51 Debian03 loraserver[521]: time=“2018-04-12T22:28:51+01:00” level=info msg=“starting downlink device-queue scheduler”
Hint: Some lines were ellipsized, use -l to show in full.

It seems that the loraserver works :wink:

thank you @geofbaum, @brocaar

1 Like