The default 1883 listener is always active (2.0.14)

[t33x]

with this mosquitto.conf (2.0.14)

listener 8001 1.2.3.4
socket_domain ipv4
protocol mqtt

listener 8002 1.2.3.4
socket_domain ipv4
protocol websockets

I expect only two running listeners, but the 1883 listener is also active:

tcp   0 0.0.0.0:1883   0.0.0.0:*   LISTEN   17293/mosquitto     
tcp   1.2.3.4:8001     0.0.0.0:*   LISTEN   17293/mosquitto     
tcp   1.2.3.4:8002     0.0.0.0:*   LISTEN   17293/mosquitto     
tcp6  :::1883          :::*        LISTEN   17293/mosquitto

I cannot find any information in the documentation to prove that this is the expected behaviour.

How can I disable the default listener (1883)?

[Daedaluz]

The default listener only listen to the local address if present and should be disabled when a listener is specified. mosquitto.conf documentation says

listener port [bind address/host/unix socket path] Listen for incoming network connection on the specified port. A second optional argument allows the listener to be bound to a specific ip address/hostname. If this variable is used and neither the global bind_address nor port options are used then the default listener will not be started.

using your config file results in only 2 ports on my system. $ mosquitto -c strange.conf

1648540343: mosquitto version 2.0.14 starting
1648540343: Config loaded from mqtt.conf.
1648540343: Opening ipv4 listen socket on port 8001.
1648540343: Opening websockets listen socket on port 8002.
1648540343: mosquitto version 2.0.14 running

$ ss -antp | grep mosquitto

LISTEN    0      100      1.2.3.4:8001         0.0.0.0:*     users:(("mosquitto",pid=25820,fd=4))
LISTEN    0      4096     1.2.3.4:8002         0.0.0.0:*     users:(("mosquitto",pid=25820,fd=8))

what does your log file look like?

[t33x]

The log:

Mar 29 10:15:50 mosquitto: 2022-03-29T10:15:50: mosquitto version 2.0.14 starting
Mar 29 10:15:50 mosquitto: 2022-03-29T10:15:50: Config loaded from /etc/mosquitto/mosquitto.conf.
Mar 29 10:15:50 mosquitto: 2022-03-29T10:15:50: Opening ipv4 listen socket on port 8001.
Mar 29 10:15:50 mosquitto: 2022-03-29T10:15:50: Opening websockets listen socket on port 8002.
Mar 29 10:15:50 mosquitto: 2022-03-29T10:15:50: Opening ipv4 listen socket on port 1883.
Mar 29 10:15:50 mosquitto: 2022-03-29T10:15:50: Opening ipv6 listen socket on port 1883.
Mar 29 10:15:50 mosquitto: 2022-03-29T10:15:50: mosquitto version 2.0.14 running
Mar 29 10:15:50 systemd: Started Mosquitto MQTT Broker.

My full mosquitto.conf file:

per_listener_settings false
allow_zero_length_clientid false
max_inflight_messages 1
max_queued_messages 1000
max_packet_size 135168
max_qos 2
memory_limit 67108864
persistent_client_expiration 14d
max_keepalive 300

autosave_interval 600
persistence true
persistence_file mosquitto.db
persistence_location /var/lib/mosquitto/

log_type all
log_timestamp_format %Y-%m-%dT%H:%M:%S
connection_messages true
websockets_log_level 0

cafile /etc/mosquitto/...
certfile /etc/mosquitto/...
keyfile /etc/mosquitto/...
dhparamfile /etc/mosquitto/...

require_certificate true
use_identity_as_username true

listener 8001 1.2.3.4
socket_domain ipv4
max_connections 100
protocol mqtt

listener 8002 1.2.3.4
socket_domain ipv4
max_connections 100
protocol websockets

Maybe I should put the listener definitions on top of the config file?

[Daedaluz]

I'm more thinking if you can try throw your cert-configs under a listener block.

[t33x]

yeah, that did the trick... now I only have two listeners. Thank you!

per_listener_settings false
allow_zero_length_clientid false
max_inflight_messages 1
max_queued_messages 1000
max_packet_size 135168
max_qos 2
memory_limit 67108864
persistent_client_expiration 14d
max_keepalive 300

autosave_interval 600
persistence true
persistence_file mosquitto.db
persistence_location /var/lib/mosquitto/

log_type all
log_timestamp_format %Y-%m-%dT%H:%M:%S
connection_messages true
websockets_log_level 0

listener 8001 1.2.3.4
socket_domain ipv4
max_connections 100
protocol mqtt

listener 8002 1.2.3.4
socket_domain ipv4
max_connections 100
protocol websockets

cafile /etc/mosquitto/...
certfile /etc/mosquitto/...
keyfile /etc/mosquitto/...
dhparamfile /etc/mosquitto/...

require_certificate true
use_identity_as_username true

[D-r-P-3-p-p-3-r]

Something similar happens when you have _per_listenersettings active (true) and have one of the listener config entries before your first listener. This happened to me with _allow_zero_length_clientid as I switched per_listener_settings to true and overlooked this entry. It took me a whole while to figure out why a listener on port 1883 was starting. I only noticed it, because I had configured a listener for that port, too, and Mosquitto was not starting anymore. Else I might have ended up with an accidentally opened port.

We're currently using Mosquitto 2.0.12.

[zhyang-liu]

in my case, the 'include_dir' triggered the default listener. in that directory, the first file (starting with 00-) defined a new listener, and that still made the default listener ran.

it looks like that this behavior was not mentioned in the per_listener_settings section in the document of mosquitto.conf

[vidaquantum]

To disable default listener 1883 set the option port to some other port e.g. port 1234

[zhyang-liu]

Any option before the new listener will be apply to the default listener even if its an 'include' option. Thus, if you want to ONLY use the included option file, it will be impossible.

To disable default listener 1883 set the option port to some other port e.g. port 1234

[dsokoloski]

@D-r-P-3-p-p-3-r

Something similar happens when you have _per_listenersettings active (true) and have one of the listener config entries before your first listener. This happened to me with _allow_zero_length_clientid

Yes! Thank you so much. I spent a long time debugging this and couldn't figure out why mosquitto insisted on binding to the default port. Ensuring that any "per_listener" options are only found inside listener blocks resolved the problem.

Thanks again!

[D-r-P-3-p-p-3-r]

I don't like that there's a default listener at all. It's just some "convenience magic". But the surprises and potential dangers are not worth it IMO. Explicit is better than implicit. If you want a listener, configure it.

[jamesgoodhouse]

I just ran into this and once I re-ordered my config file the default listener went away. Am I understanding correctly that there's some actual ordering to the config file? Here's my config:

user mosquitto
acl_file /mosquitto/config/acl
password_file /mosquitto/config/passwd

persistence_location /mosquitto/data
persistence true

listener 8883
tls_keyform pem
certfile /mosquitto/config/cert.pem
keyfile /mosquitto/config/privkey.pem
protocol mqtt

When I had this sorted alphabetically, TLS didn't work correctly and I saw 1883 listening.

Also, I am leveraging include_dir in the main config (with no other settings set) to load in the above config.

[D-r-P-3-p-p-3-r]

@jamesgoodhouse Yes. The order of the entries makes a difference semantically.

[jamesgoodhouse]

@jamesgoodhouse

Yes. The order of the entries makes a difference semantically.

Is it documented somewhere what that order is and which parameters it affects?

[D-r-P-3-p-p-3-r]

@jamesgoodhouse The documentation for the configuration can be found here: https://mosquitto.org/man/mosquitto-conf-5.html I'm not aware that it is stated anywhere explicitly AFAIR (I’m too lazy to read it all atm). You may be able to derive it from the info in the Listeners section (especially the listener description). It makes sense that if you have multiple listeners the options for a single listener have to be grouped somehow. As there are no sections like in an ini-file the grouping has to be done via order.