HTTP backend doesn't connect, instead rejects subscriptions

Hi,

I am having trouble using HTTP backend - despite all my configuration efforts it doesn't issue a request to backend HTTP API, and instead rejects each subscribe request. I feel I must be missing something obvious, but I can't figure it out...

I have two docker containers, started with docker-compose: mosquitto and myapp.

The myapp backend API is accessible from mosquitto container. If I start a terminal in the mosquitto container and do a curl request, I get the result:

/ # curl -i -X POST http://myapp/api/admin/mqtt-auth-plug/getuser/
HTTP/1.1 200 OK
...
/ # curl -i -X POST http://myapp/api/admin/mqtt-auth-plug/superuser/
HTTP/1.1 200 OK
...
/ # curl -i -X POST http://myapp/api/admin/mqtt-auth-plug/aclcheck/
HTTP/1.1 200 OK
...

The mosquitto.conf is:

/ # ps xa | grep mosq
    1 mosquitt  0:00 mosquitto -c /etc/mosquitto/mosquitto.conf
/ # cat /etc/mosquitto/mosquitto.conf
# Config file for mosquitto
sys_interval 10
user mosquitto
max_inflight_messages 40
max_queued_messages 200
queue_qos0_messages false
message_size_limit 0
allow_zero_length_clientid true
persistent_client_expiration 3m
allow_duplicate_messages false
autosave_interval 60
autosave_on_changes false
persistence false
log_dest stderr
log_type all
connection_messages true
websockets_log_level 1023
log_timestamp true
#include_dir /etc/mosquitto.d/

allow_anonymous true

listener 1883

listener 9883
protocol websockets
require_certificate false

# https://github.com/jpmens/mosquitto-auth-plug
auth_plugin /usr/local/lib/auth-plug.so
auth_opt_backends http
auth_opt_http_ip myapp
auth_opt_http_hostname myapp
auth_opt_http_port 80
auth_opt_http_getuser_params domain=myapp,port=80
auth_opt_http_superuser_params domain=myapp,port=80
auth_opt_http_aclcheck_params domain=myapp,port=80

auth_opt_http_getuser_uri /api/admin/mqtt-auth-plug/getuser
auth_opt_http_superuser_uri /api/admin/mqtt-auth-plug/superuser
auth_opt_http_aclcheck_uri /api/admin/mqtt-auth-plug/aclcheck

Container logs reveal nothing unusual: (to me)

$ docker logs docker-compose_mosquitto_1
1550161641: mosquitto version 1.5.5 starting
1550161641: Config loaded from /etc/mosquitto/mosquitto.conf.
1550161641: |-- *** auth-plug: startup
1550161641: |-- ** Configured order: http

1550161641: |-- with_tls=false
1550161641: |-- getuser_uri=/api/admin/mqtt-auth-plug/getuser
1550161641: |-- superuser_uri=/api/admin/mqtt-auth-plug/superuser
1550161641: |-- aclcheck_uri=/api/admin/mqtt-auth-plug/aclcheck
1550161641: |-- getuser_params=domain=myapp,port=80
1550161641: |-- superuser_params=domain=myapp,port=80
1550161641: |-- aclcheck_params=domain=myapp,port=80
1550161641: |-- retry_count=3
1550161641: Opening ipv4 listen socket on port 1883.
1550161641: Opening ipv6 listen socket on port 1883.
1550161641: Opening websockets listen socket on port 9883.
1550161641: Creating Vhost 'default' port 9883, 3 protocols, IPv6 on
1550161641:  Using non-SSL mode
1550161700: New client connected from ::ffff:172.26.0.1 as myapp-frontend-v?.?.?-1550161700569 (c1, k20736).
1550161700: No will message specified.
1550161700: Sending CONNACK to myapp-frontend-v?.?.?-1550161700569 (0, 0)
1550161704: New connection from 172.26.0.4 on port 1883.
1550161704: New client connected from 172.26.0.4 as 0ccb20c9-36ac-4680-a4fe-127ec6868d07 (c1, k60).
1550161704: No will message specified.
1550161704: Sending CONNACK to 0ccb20c9-36ac-4680-a4fe-127ec6868d07 (0, 0)
1550161704: Denied PUBLISH from 0ccb20c9-36ac-4680-a4fe-127ec6868d07 (d0, q1, r0, m1, 'changed/api/status/info', ... (1 bytes))
1550161704: Sending PUBACK to 0ccb20c9-36ac-4680-a4fe-127ec6868d07 (Mid: 1)
1550161704: Received DISCONNECT from 0ccb20c9-36ac-4680-a4fe-127ec6868d07
1550161704: Client 0ccb20c9-36ac-4680-a4fe-127ec6868d07 disconnected.
1550161708: New connection from 172.26.0.4 on port 1883.
1550161708: New client connected from 172.26.0.4 as eb958a78-94ae-4827-83c9-8a9ad0deebba (c1, k60).
1550161708: No will message specified.
1550161708: Sending CONNACK to eb958a78-94ae-4827-83c9-8a9ad0deebba (0, 0)
1550161708: Denied PUBLISH from eb958a78-94ae-4827-83c9-8a9ad0deebba (d0, q1, r0, m1, 'changed/api/status/info', ... (1 bytes))
1550161708: Sending PUBACK to eb958a78-94ae-4827-83c9-8a9ad0deebba (Mid: 1)
1550161708: Received DISCONNECT from eb958a78-94ae-4827-83c9-8a9ad0deebba
1550161708: Client eb958a78-94ae-4827-83c9-8a9ad0deebba disconnected.
1550161709: Received UNSUBSCRIBE from myapp-frontend-v?.?.?-1550161700569
1550161709:     accounts/1/dashboards
1550161709: myapp-frontend-v?.?.?-1550161700569 accounts/1/dashboards
1550161709: Sending UNSUBACK to myapp-frontend-v?.?.?-1550161700569
1550161709: Received SUBSCRIBE from myapp-frontend-v?.?.?-1550161700569
1550161709:     changed/accounts/1/dashboards (QoS 0)
1550161709: Sending SUBACK to myapp-frontend-v?.?.?-1550161700569
1550161712: Received SUBSCRIBE from myapp-frontend-v?.?.?-1550161700569
1550161712:     changed/accounts/1/dashboards (QoS 0)
1550161712: Sending SUBACK to myapp-frontend-v?.?.?-1550161700569

Listening with tcpdump in mosquitto container shows nothing is sent to destination port 80 anywhere:

# tcpdump -X -i any dst port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes

^C

I have tried:

last commit (1bc268535d526bfabea8dafb3a43d51bc5655b22)
stable version 0.1.3, but without JWT (otherwise it doesn't build for me because of a bug in be_jwt.c, line 205 - trying to free a static array; but I don't need JWT anyway because it turns out one can't set headers with WebSockets)

I am not 100% sure on how to use auth_opt_http_ip and auth_opt_http_hostname, so I have tried multiple variations, but nothing worked.

Am I missing something obvious, or does HTTP backend simply not work? I would appreciate some help...

jpmens / mosquitto-auth-plug

HTTP backend doesn't connect, instead rejects subscriptions #403