Open-source, scalable, and fault-tolerant MQTT broker able to handle 4M+ concurrent client connections, supporting at least 3M messages per second throughput per single cluster node with low latency delivery. The cluster mode supports more than 100M concurrently connected clients.
Description
Our organisation uses Thingsboard PE and Trendz extensively and we are in the process of testing TBMQ with the view of migrating our MQTT servers (mosquitto currently) to TBMQ. I have the tbmq UI working well with http but when I put haproxy in front of the tbmq for HTTPS/SSL termination I get errors in the tbmq logs showing issues with CORS at the login page when I enter my username and password. This extract is from the docker logs:
java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead.
The tbmq documentation shows the environment variables to configure tbmq with and under the section "Spring MVC/Resources parameters" it shows the CORS parameters but there is no environment variable in the middle column to allow us to configure this parameter.
Is there a reason why tbmq uses CORS? Thingsboard and Trendz do not require CORS and live happily behind haproxy. We have a mandate to use haproxy in our organisation for SSL termination since it gives a lot of additional features by default to secure the connection better than using SSL directly in the end product.
Component
Description Our organisation uses Thingsboard PE and Trendz extensively and we are in the process of testing TBMQ with the view of migrating our MQTT servers (mosquitto currently) to TBMQ. I have the tbmq UI working well with http but when I put haproxy in front of the tbmq for HTTPS/SSL termination I get errors in the tbmq logs showing issues with CORS at the login page when I enter my username and password. This extract is from the docker logs: java.lang.IllegalArgumentException: When allowCredentials is true, allowedOrigins cannot contain the special value "*" since that cannot be set on the "Access-Control-Allow-Origin" response header. To allow credentials to a set of origins, list them explicitly or consider using "allowedOriginPatterns" instead. The tbmq documentation shows the environment variables to configure tbmq with and under the section "Spring MVC/Resources parameters" it shows the CORS parameters but there is no environment variable in the middle column to allow us to configure this parameter. Is there a reason why tbmq uses CORS? Thingsboard and Trendz do not require CORS and live happily behind haproxy. We have a mandate to use haproxy in our organisation for SSL termination since it gives a lot of additional features by default to secure the connection better than using SSL directly in the end product.
Environment Ubuntu 22.04.2LTS, Docker 24.04, Docker compose 2.19, haproxy 2.4.22 with Lua 5.3.6