search

eclipse-paho / paho.mqtt.golang

Other
2.77k stars 534 forks source link

[Question] Unable to access Google Cloud IoT Core via Proxy #611

Closed tako-t-t-1046 closed 2 years ago

tako-t-t-1046 commented 2 years ago

I am in the same situation as https://github.com/eclipse/paho.mqtt.golang/issues/394. I have tried applying the Patch but have not been able to resolve the issue. I am using library version 1.4.1.

I am trying to connect to Google Cloud IoT Core ( mqtt.googleapis.com:443 ) via PROXY using the environment variables HTTP_PROXY and HTTPS_PROXY, but I get a ConnectionTimeout and cannot establish a connection.

The command openssl s_client -proxy XXXX -connect mqtt.googleapis.com:443 succeeds, confirming no network problems. I have also confirmed that the environment variable values are readable on the go program.

I am trying to connect from the following code, is there a problem?

// MQTT Publisher
func MqttPublisher(message string) error {
// ...

    opts := mqtt.NewClientOptions().
        AddBroker("ssl://mqtt.googleapis.com:443").
        SetClientID(client_id).
        SetUsername("unused").
        SetTLSConfig(&tls.Config{MinVersion: tls.VersionTLS12}).
        SetPassword(pass).
        SetProtocolVersion(4). // Use MQTT 3.1.1

    conn := mqtt.NewClient(opts)
    log.Println("Connecting...")

    // connect to GCP Cloud IoT Core
    tok := conn.Connect()
    if err := tok.Error(); err != nil {
        log.Println("tok.Error():1")
        return err
    }
    if !tok.WaitTimeout(time.Second * 10) {
        // Error occurs here
        return fmt.Errorf("connection Timeout")
    }
    if err := tok.Error(); err != nil {
        log.Println("tok.Error():2")
        return err
    }
// ...
}
MattBrittan commented 2 years ago

Please enable logging and add the log to your question. It's quite possible that the TLS connection is being established but the MQTT handshake is failing. Note that proxy support should be included in 1.4.1; there is no need to apply a patch (as far as I am aware).

Note you will probably get a better response at one of the suggested resources (because I neither use a proxy nor GCP).

tako-t-t-1046 commented 2 years ago

Thanks for the quick reply.

I have reverted the Patch back to its original state as it is not needed. Thank you very much.

I also tried to get the logs from the information you gave me. I tried ssl/wss for protocol and got the following. Please confirm.

// ssl

Sep  2 09:39:51 : [DEBUG] [client]   Connect()
Sep  2 09:39:51 : [DEBUG] [store]    memorystore initialized
Sep  2 09:39:51 : [DEBUG] [client]   about to write new connect msg
Sep  2 09:40:21 : [ERROR] [client]   dial tcp 64.233.188.206:443: i/o timeout
Sep  2 09:40:21 : [WARN]  [client]   failed to connect to broker, trying next
Sep  2 09:40:21 : [ERROR] [client]   Failed to connect to a broker
Sep  2 09:40:21 : [DEBUG] [store]    memorystore closed

// wss
Sep  2 09:57:13 : [DEBUG] [client]   Connect()
Sep  2 09:57:13 : [DEBUG] [store]    memorystore initialized
Sep  2 09:57:13 : [DEBUG] [client]   about to write new connect msg
Sep  2 09:57:15 : [ERROR] [client]   unexpected EOF
Sep  2 09:57:15 : [WARN]  [client]   failed to connect to broker, trying next
Sep  2 09:57:15 : [ERROR] [client]   Failed to connect to a broker
Sep  2 09:57:15 : [DEBUG] [store]    memorystore closed

Thank you 'Note'. I will check this as well.

MattBrittan commented 2 years ago

OK - it appears the connection is not being established.

For wss we are just using http.ProxyFromEnvironment so I believe that should pick up HTTPS_PROXY.

For ssl it appears that the environmental variable all_proxy is relevant (this appears to be a standard uses with socks proxies) and is used if set (otherwise the standard golang.org/x/net/proxy proxy.FromEnvironment() is used.

Sorry - as I don't use proxies that's all I can really do (happy to incorporate any necessary fixes you might identify!).

tako-t-t-1046 commented 2 years ago

Thanks for the answer. Your explanation of the difference in wss / ssl behavior was easy to understand. Thank you very much.

I tried using ssl with the all_proxy environment variable set, but the result was the same log. (dial tcp 64.233.188.206:443: i/o timeout)

The investigation was terminated because the delivery date was near. I will change the architecture to use HTTP instead of MQTT. Thank you very much for your advice.

I will try again when I have time.