If TLS is to be used (which nowadays is preferred, I suppose) defining the listener option in the main mosquitto.conf causes TLS authentication to not work, below lines are seen in the log
1657982972: New connection from <IP>:<port> on port 8883.
1657982972: Client <unknown> disconnected due to malformed packet.
TLS works if thelistener option is defined in the same config file where the TLS certfileand keyfile options are defined. This problem has noted in other places, e.g. https://serverfault.com/a/1075260/975505. I guess TLS would also work if the certificate options were defined in mosquitto.conf but I think it is not recommended by upstream.
I workarounded this problem by manually modifying the chart and removing the listener option from configmap.yaml, see diff below.
To actually solve the problem I see two options:
1) Add a note in the chart documentation that if you want to use TLS the listener option needs to be removed
or
2) Add a new value to values.yaml which would enable conditionally to do 1) above without the user having to modify the chart
Helm chart name
mosquitto
Helm chart version
4.4.0
Container name
eclipse-mosquitto
Container tag
2.0.14
Description
If TLS is to be used (which nowadays is preferred, I suppose) defining the
listener
option in the mainmosquitto.conf
causes TLS authentication to not work, below lines are seen in the logTLS works if the
listener
option is defined in the same config file where the TLScertfile
andkeyfile
options are defined. This problem has noted in other places, e.g. https://serverfault.com/a/1075260/975505. I guess TLS would also work if the certificate options were defined inmosquitto.conf
but I think it is not recommended by upstream.I workarounded this problem by manually modifying the chart and removing the
listener
option fromconfigmap.yaml
, see diff below.To actually solve the problem I see two options: 1) Add a note in the chart documentation that if you want to use TLS the
listener
option needs to be removed or 2) Add a new value tovalues.yaml
which would enable conditionally to do 1) above without the user having to modify the chartI think implementing option 2) would make sense.
Expected result
TLS works without having to modify the chart.
Helm values to reproduce
Additional Information
No response
Repo link
No response