Install on Raspberry Pi

[Becker884]

Can you create a tutorial how to install FlasMQ on RaspberryPi ? I tried but failed: N: Skipping loading the configured file "main/binary-armhf/Packages" because the depot "http://repo.flashmq.org/apt bullseye InRelease" does not support the "armhf" architecture.

If I didn't know for sure that it would run on another RaspberryPi (Victron Venus) - I would not ask for.

[halfgaar]

Adding Debian (based) ARM packages is actually a good idea. I would require some time to set that up though.

In the mean time, building on the Raspberry Pi itself should be easy. You can just follow the instructions in the readme, using build.sh, or cmake manually. Installing cmake and build-essential should be enough.

This won't give you a systemd unit file and such, but perhaps it's a start?

[Becker884]

Thank you for your quick response. However, that is beyond my skills ;-) so I´ll try it on my VM with amd64. I´m using mosquitto and it doesn´t support IPv6 over websockets. that's why I want to try FlashMQ. can you tell me if FlashMQ support ws(s) over IPv6? preferably IPv4 & IPv6 at the same time via wss. mosquitto can only do mqtt over IPv6.

[halfgaar]

Yep, FlashMQ indeed supports websockets and TLS websockets over IPv4 and IPv6.

You know, I just realized. If you do compile on a Rpi, cmake probably does make a .deb package you can just install with dpkg -i.

[halfgaar]

BTW, I see you tried the Debian bullseye repo. Does that mean your Rpi also runs that? I was going to provide you with a test binary, but then I need to know for sure which one: bullseye or bookworm.

[Becker884]

I tried on bullseye and of course I would be happy to test it

[halfgaar]

Can you test this deb file? It's for Bullseye, armhf (32 bit).

You can install with:

dpkg -i flashmq_1.9.1-1708187570+bullseye_armhf.deb

You will then have a systemd service; check with:

systemctl status flashmq

[Becker884]

installation seems to be successfull, I hope i´ll get it run

[Becker884]

It is the same as with mosquitto:

Creating IPv6 non-SSL websocket listener on [::]:4443

but I can only connect by mqtt IPv6, ws only IPv4.

here: https://github.com/eclipse/mosquitto/issues/2628 ralight wrote

I believe it depends on how libwebsockets is compiled. It does not have support for IPv6 compiled in by default.

is this the same problem with FlashMQ (libwebsockets) ?

[halfgaar]

is this the same problem with FlashMQ (libwebsockets) ?

No, websocket frame parsing is implemented internally by FlashMQ.

Can you show logs of the server and your clients?

[Becker884]

config: log_file /var/log/flashmq/flashmq.log storage_dir /var/lib/flashmq allow_anonymous true

listen { protocol mqtt port 1883 inet_protocol ip4_ip6 }

listen { protocol websockets port 4443 inet_protocol ip4_ip6 }

Log:

MQTT Explorer says only "disconnect from server" if I try WS IPv6 in flashmq log there is nothing about a connection try

[halfgaar]

If there is not even a line saying 'accepting connection', the problem is somewhere else. That is the lowest level of IPv6 activity, when it doesn't even know yet whether it's a websocket or not, or TLS or not.

The problem lies elsewhere. And I've seen other weird stuff with MQTT explorer, like it not respecting a custom port number; it just kept using the default. Can you try another client?

[Becker884]

I tried with Node-Red, same. MQTT IPv4 & IPv6 works WS IPv4 works WS IPv6 can´t connect

edit: I tried the mosquitto test server: [2001:41d0:1:925e::1] - here it is the same, IPv6 WS(S) doesn´t connect.

Can you connect ?

[halfgaar]

I'm having trouble with test.mosquitto.org, but that could be my client. I'm not really well set up with websockets currently.

Can you try demo.flashmq.org, port 4443? That's WSS. That one works for me.

[Becker884]

It is the same. wss://[2a01:1b0:7996:418:83:137:146:230]:4443 doesn´t connect. wss://83.137.146.230:4443 no problem mqtt://[2a01:1b0:7996:418:83:137:146:230]:1883 no problem

[halfgaar]

And if you do?:

telnet -6 <address6> <port>

That should at least produce a line in the log.

Or:

nmap -sT -p <port> -6 <address6>

If those don't show up in the log as

Accepting connection from: address='[ipv6address]'

Then you have network problems.

Edit: BTW, can you give me the last four characters of you IPv6 address? Then I can search the logs of the demo server.

[Becker884]

I´ve no telnet or nmap :-(

my first characters: 2003:da:b702: 93.213.74.

[halfgaar]

I see logs from you like:

[2024-02-18 10:49:11.843] [NOTICE] Accepting connection from: address='2003:da:b702:blabla:e8ca', transport='TCP/Websocket/SSL', fd=25
[2024-02-18 10:49:11.897] [NOTICE] Removing client '[ClientID='', username='', fd=25, keepalive=10s, transport='TCP/Websocket/SSL', address='2003:da:b702:blabla:e8ca', prot=none, clean=0]'. Reason(s): Problem accepting SSL socket: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate

Did you use this certificate, or set 'insecure' mode?

I also saw succefull ones:

[2024-02-18 10:50:39.804] [NOTICE] Client '[ClientID='Browser_7dfd1863', username='', fd=26, keepalive=60s, transport='TCP/Websocket/SSL', address='2003:da:b702:blabla:e8ca', prot=3.1.1, clean=1]' logged in successfully
[2024-02-18 10:50:39.825] [SUBSCRIBE] Client '[ClientID='Browser_7dfd1863', username='', fd=26, keepalive=60s, transport='TCP/Websocket/SSL', address='2003:da:b702:blabla:e8ca', prot=3.1.1, clean=1]' subscribed to 'VLT' QoS 0
[2024-02-18 10:51:01.698] [NOTICE] Removing client '[ClientID='Browser_7dfd1863', username='', fd=26, keepalive=60s, transport='TCP/Websocket/SSL', address='2003:da:b702:blabla:e8ca', prot=3.1.1, clean=1]'. Reason(s): Browser navigating away from page, socket disconnect detected

I don't see attempts for non-TLS websockets.

[Becker884]

I got it now with JS in html (browser):

I´ll try port 4443 (SSL true) with the domain name and disabled IPv4 on my computer.

I think the problem is with MQTT Explorer, it can not even connect without SSL / port 8080 on IPv6.

[Becker884]

I tried with disabled IPv4 - you should see my succesfully login :-) (SSL port 4443)

So I can switch from mosquitto to flashMQ.

by the way, my mosquitto.conf:

acl_file /etc/mosquitto/acl
password_file /etc/mosquitto/passwd

allow_anonymous true

listener 1883
protocol mqtt

listener 63709
protocol websockets
cafile /etc/mosquitto/certs/fullchain.pem
certfile /etc/mosquitto/certs/cert.pem
keyfile /etc/mosquitto/certs/privkey.pem

can I use this config in flashMQ ?

to renew the certifikats I use: https://raw.githubusercontent.com/eclipse/mosquitto/master/misc/letsencrypt/mosquitto-copy.sh

Is it enough to change this here?

        # Tell Mosquitto to reload certificates and configuration
        pkill -HUP -x mosquitto

systemctl reload flashmq.service ?

or has flashmq access to let´s encrypt folder?

[halfgaar]

I indeed see a whole bunch of IPv6 websocket traffic from your client ID Browser_xxx, with and without TLS.

As for the config file, see the documentation. Most, if not all, of that is convertible to FlashMQ config directives.

Reloading is indeed done with systemctl reload flashmq.service. As for permissions to the certificates and how you renew them, I'll leave that to you. You can look at FlashMQ's Let's Encrypt example if you want.

I think this ticket can be closed, I added a new one for the Raspberry Pi builds (#86).

[halfgaar]

Discussion was continued at https://github.com/halfgaar/FlashMQ/discussions/87, so we can close this. There's #86 for the Raspberry Pi builds