Mosquitto doesn't accept TCP connection when used with docker service

[hegerdes]

Hello,

I enconterd a strange issue. Running mosquitto with docker run or docker compose works fine. But as soon as I use docker service I cant establish any connections.

My compose file:

version: '3.7'

services:

  mosquitto:
    image: eclipse-mosquitto:2.0-openssl
    restart: unless-stopped
    environment:
      - TZ=Europe/Berlin
    ports:
      - 1883:1883
      - 8883:8883
      - 9001:9001
    volumes:
      - mosquitto_data:/mosquitto/data
      - /root/mqtt/dm-mosquitto/config:/mosquitto/config
      - /root/mqtt/dm-mosquitto/ssl:/etc/mosquitto/ssl

volumes:
  mosquitto_data:

And the conf:

##### General #####

# data
persistence true
persistence_location /mosquitto/data/

# logs
# log_type all
log_type error warning notice information websockets
log_dest stdout

# other
per_listener_settings true

#### LISTENERS #####
# Listener1 - mqtt connector
listener 1883
protocol mqtt
password_file /mosquitto/config/mqtt_passwd
acl_file /mosquitto/config/acl.listener1883

This works and i can create a connection with mosquitto_<pub|sub> -d -t myTopic -u user -P pw -p 1888 -i 123

But as soon as i convert it to docker service or stack the broker does not accept any connections. The client is stick at TCP level sending CONNECT.

I used the some compose file with docker stack deploy -c docker-compose.yml test-stack What can be the source?

Also I can confirm #2354 and #2338. No logs are printed at all when started with compose, service or stack. Seems like a tty is expected.

[hegerdes]

I found out that the issue is related to the docker network mode.

When using Swarm Docker defaults to the ingress mode for port-mappings. This allows to loadbalance the incoming request to multiple instances of the container within the overlay network.

When using this mode mosquito will not accept any connections. Any clients will hang at the TCP ACk Handshake level.

When switching to the host-port mode this issue does not occur!

I'm not sure how this is directly connected to Mosquito but I didn't had any issues with other MQTT brokers when used in Docker.

[setempler]

Similar here:

Tried to connect via a custom web app as docker service based on python dash (dash_mqtt) via websocket. It only worked after adding network_mode: host to the mosquitto image service.

Interestingly,

• the same web app could connect from another device
• a hivemq/mqtt-cli image as a docker service is able to connect w/o host network mode (con -h mqtt -p 9000 -ws)
• a python script (paho-mqtt) as docker service can access via mqtt protocol

all without using host network mode.

---

The mosquitto.conf used:

listener 1883
protocol mqtt
allow_anonymous true

listener 9000
protocol websockets
socket_domain ipv4
allow_anonymous true

Excerpt from the docker-compose.yml:

services:
    mqttshell:
        image: hivemq/mqtt-cli
    mqtt:
        image: eclipse-mosquitto:2.0
        network_mode: host
        #ports:
        #    - "1883:1883"
        #    - "9000:9000"
    webapp:
        # some custom image and custom application using python/pip dash_mqtt
        # similar to https://github.com/aegis1980/dash-mqtt/blob/main/usage.py

[alexmc1510]

Hello, how did you solved the issue? I suffer apparently the same. If I connect to localhost exposing ws port it works, nevertheless if I connect to the mosquitto container from inside another container and network, calling the container by its name....its does not work. Only see the problem with ws, mqtt works fine....it is really strange