Can not connect to the broker

[yldzmuhammed]

To help us save time and help you faster

Before opening a new issue, please make sure that isn't already an open (or closed/resolved) issue concerning the problem. If unsure if older issues are about the exact same thing, just open a new issue rather than posting in the old one - but please reference the possibly related issues in the new issue.

Please do not insert images of text, but insert the text instead.

Environment

• VerneMQ Version: last version from build for ubuntu bionic
• OS: ubuntu 18
• Erlang/OTP version (if building from source):
• VerneMQ configuration (vernemq.conf) or the changes from the default

  To use this pre-packaged version of VerneMQ you must agree

  to our end user license agreement (EULA).

  The EULA can be found on https://vernemq.com/end-user-license-agreement.

  Default: no

  Acceptable values:

  - one of: yes, no

  accept_eula = yes

Allow anonymous users to connect, default is 'off'. !!NOTE!!

Enabling this completely disables authentication of the clients and

should only be used for testing/development purposes or in case

clients are authenticated by some other means.

Default: off

Acceptable values:

- on or off

allow_anonymous = on

Allow new client connections even when a VerneMQ cluster is inconsistent.

Default: off

Acceptable values:

- on or off

allow_register_during_netsplit = off

Allow message publishs even when a VerneMQ cluster is inconsistent.

Default: off

Acceptable values:

- on or off

allow_publish_during_netsplit = off

Allow new subscriptions even when a VerneMQ cluster is inconsistent.

Default: off

Acceptable values:

- on or off

allow_subscribe_during_netsplit = off

Allow clients to unsubscribe when a VerneMQ cluster is inconsistent.

Default: off

Acceptable values:

- on or off

allow_unsubscribe_during_netsplit = off

Allows a client to logon multiple times using the same client

id (non-standard behaviour!). This feature is DEPRECATED and will

be removed in VerneMQ 2.0.

Default: off

Acceptable values:

- on or off

allow_multiple_sessions = off

Client registrations can be either happen in a coordinated or

uncoordinated fashion. Uncoordinated registrations are faster and

will cause other clients with the same client-id to be eventually

disconnected, while coordinated ensures that any other client with

the same client-id will be immediately disconnected.

Default: on

Acceptable values:

- on or off

coordinate_registrations = on

Set the time in seconds VerneMQ waits before a retry, in case a (QoS=1 or QoS=2) message

delivery gets no answer.

Default: 20

Acceptable values:

- an integer

retry_interval = 20

Set the maximum size for client IDs. MQTT v3.1 specifies a

limit of 23 characters

Default: 100

Acceptable values:

- an integer

max_client_id_size = 100

This option allows persistent clients ( = clean session set to

false) to be removed if they do not reconnect within 'persistent_client_expiration'.

This is a non-standard option. As far as the MQTT specification is concerned,

persistent clients persist forever.

The expiration period should be an integer followed by one of 'd', 'w', 'm', 'y' for

day, week, month, and year.

Default: never

Acceptable values:

- text

persistent_client_expiration = 1w

The maximum delay for a last will message. This setting

applies only to MQTTv5 sessions and can be used to override the

value provided by the client.

The delay can be either 'client' which means the value specified by

the client is used, or an integer followed by one of 's', 'h' 'd',

'w', 'm', 'y' for day, week, month, and year used to cap the value

provided by the client..

Default: client

Acceptable values:

- text

max_last_will_delay = client

The maximum number of QoS 1 or 2 messages that can be in the process of being

transmitted simultaneously. This includes messages currently going through handshakes

and messages that are being retried. Defaults to 20. Set to 0 for no maximum. If set

to 1, this will guarantee in-order delivery of messages.

Default: 20

Acceptable values:

- an integer

max_inflight_messages = 20

The maximum number of messages to hold in the queue above

those messages that are currently in flight. Defaults to 1000. This affects

messages of any QoS. Set to -1 for no maximum (not recommended).

This option allows to control how a specific client session can deal

with message bursts. As a general rule of thumb set

this number a bit higher than the expected message rate a single consumer is

required to process. Note that setting this value to 0 will totally block

delivery from any queue.

Default: 1000

Acceptable values:

- an integer

max_online_messages = 1000

The maximum number of QoS 1 or 2 messages to hold in the offline queue.

Defaults to 1000. Set to -1 for no maximum (not recommended). Set to 0

if no messages should be stored offline.

Default: 1000

Acceptable values:

- an integer

max_offline_messages = 1000

This option sets the maximum MQTT size that VerneMQ will

allow. Messages that exceed this size will not be accepted by

VerneMQ. The default value is 0, which means that all valid MQTT

messages are accepted. MQTT imposes a maximum payload size of

268435455 bytes.

Default: 0

Acceptable values:

- an integer

max_message_size = 0

If a message is published with a QoS lower than the QoS of the subscription it is

delivered to, VerneMQ can upgrade the outgoing QoS. This is a non-standard option.

Default: off

Acceptable values:

- on or off

upgrade_outgoing_qos = off

listener.tcp.buffer_sizes is an list of three integers

(sndbuf,recbuf,buffer) specifying respectively the kernel TCP send

buffer, the kernel TCP receive buffer and the user-level buffer

size in the erlang driver.

It is recommended to have val(user-level buffer) >= val(receive

buffer) to avoid performance issues because of unnecessary copying.

If not set, the operating system defaults are used.

This option can be set on the protocol level by:

- listener.tcp.buffer_sizes

- listener.ssl.buffer_sizes

or on the listener level by:

- listener.tcp.my_tcp_listener.buffer_sizes

- listener.ssl.my_ssl_listener.buffer_sizes

Acceptable values:

- text

listener.tcp.buffer_sizes = 4096,16384,32768

listener.max_connections is an integer or 'infinity' defining

the maximum number of concurrent connections. This option can be overridden

on the protocol level by:

- listener.tcp.max_connections

- listener.ssl.max_connections

- listener.ws.max_connections

- listener.wss.max_connections

or on the listener level by:

- listener.tcp.my_tcp_listener.max_connections

- listener.ssl.my_ssl_listener.max_connections

- listener.ws.my_ws_listener.max_connections

- listener.wss.my_wss_listener.max_connections

Default: 10000

Acceptable values:

- an integer

- the text "infinity"

listener.max_connections = 10000

Set the nr of acceptors waiting to concurrently accept new connections.

This can be specified either on the protocol level:

- listener.tcp.nr_of_acceptors

- listener.ssl.nr_of_acceptors

- listener.ws.nr_of_acceptors

- listener.wss.nr_of_acceptors

or on the listener level:

- listener.tcp.my_tcp_listener.nr_of_acceptors

- listener.ssl.my_ssl_listener.nr_of_acceptors

- listener.ws.my_ws_listener.nr_of_acceptors

- listener.wss.my_wss_listener.nr_of_acceptors

Default: 10

Acceptable values:

- an integer

listener.nr_of_acceptors = 10

listener.tcp. is an IP address and TCP port that

the broker will bind to. You can define multiple listeners e.g:

- listener.tcp.default = 127.0.0.1:1883

- listener.tcp.internal = 127.0.0.1:10883

- listener.tcp.my_other_listener = 127.0.0.1:10884

This also works for SSL listeners and WebSocket handlers:

- listener.ssl.default = 127.0.0.1:8883

- listener.ws.default = 127.0.0.1:800

- listener.wss.default = 127.0.0.1:880

Default: 127.0.0.1:1883

Acceptable values:

- an IP/port pair, e.g. 127.0.0.1:10011

listener.tcp.default = 127.0.0.1:1883 listener.tcp.my_lstn = 0.0.0.0:1880

'listener.tcp.allowed_protocol_versions' configures which

protocol versions are allowed for an MQTT listener. The allowed

protocol versions can be specified the tcp, websocket or ssl level:

- listener.tcp.allowed_protocol_versions

- listener.ws.allowed_protocol_versions

- listener.wss.allowed_protocol_versions

- listener.ssl.allowed_protocol_versions

or for a specific listener:

- listener.tcp.my_tcp_listener.allowed_protocol_versions

- listener.ws.my_ws_listener.allowed_protocol_versions

- listener.wss.my_ws_listener.allowed_protocol_versions

- listener.ssl.my_ws_listener.allowed_protocol_versions

Allowed values are 3 (MQTT 3.1), 4 (MQTT 3.1.1), 5 (MQTT 5.0), 131

(MQTT 3.1 bridge), 132 (MQTT 3.1.1 bridge).

Default: 3,4,131

Acceptable values:

- text

listener.tcp.allowed_protocol_versions = 3,4,5

listener.vmq.clustering is the IP address and TCP port that

the broker will bind to accept connections from other cluster

nodes e.g:

- listener.vmq.clustering = 0.0.0.0:18883

This also works for SSL listeners:

- listener.vmqs.clustering = 0.0.0.0:18884

Default: 0.0.0.0:44053

Acceptable values:

- an IP/port pair, e.g. 127.0.0.1:10011

listener.vmq.clustering = 0.0.0.0:44053

listener.http.default is the IP address and TCP port that

the broker will bind to accept HTTP connections

- listener.http.default = 0.0.0.0:8888

This also works for SSL listeners:

- listener.https.default= 0.0.0.0:8889

Default: 127.0.0.1:8888

Acceptable values:

- an IP/port pair, e.g. 127.0.0.1:10011

listener.http.default = 127.0.0.1:8888 listener.http.myhttp = 0.0.0.0:8880

The cafile is used to define the path to a file containing

the PEM encoded CA certificates that are trusted. Set the cafile

on the protocol level or on the listener level:

- listener.ssl.cafile

- listener.wss.cafile

or on the listener level:

- listener.ssl.my_ssl_listener.cafile

- listener.wss.my_wss_listener.cafile

Default:

Acceptable values:

- the path to a file

listener.ssl.cafile = /etc/vernemq/cacerts.pem

Default:

Acceptable values:

- the path to a file

listener.https.cafile = /etc/vernemq/cacerts.pem

Set the path to the PEM encoded server certificate

on the protocol level or on the listener level:

- listener.ssl.certfile

- listener.wss.certfile

or on the listener level:

- listener.ssl.my_ssl_listener.certfile

- listener.wss.my_wss_listener.certfile

Default:

Acceptable values:

- the path to a file

listener.ssl.certfile = /etc/vernemq/cert.pem

Default:

Acceptable values:

- the path to a file

listener.https.certfile = /etc/vernemq/cert.pem

Set the path to the PEM encoded key file on the protocol

level or on the listener level:

- listener.ssl.keyfile

- listener.wss.keyfile

or on the listener level:

- listener.ssl.my_ssl_listener.keyfile

- listener.wss.my_wss_listener.keyfile

Default:

Acceptable values:

- the path to a file

listener.ssl.keyfile = /etc/vernemq/key.pem

Default:

Acceptable values:

- the path to a file

listener.vmqs.keyfile = /etc/vernemq/key.pem

Default:

Acceptable values:

- the path to a file

listener.https.keyfile = /etc/vernemq/key.pem

Set the list of allowed ciphers (each separated with a colon,

e.g. "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384"),

on the protocol level or on the listener level. Reasonable defaults

are used if nothing is specified:

- listener.ssl.ciphers

- listener.wss.ciphers

or on the listener level:

- listener.ssl.my_ssl_listener.ciphers

- listener.wss.my_wss_listener.ciphers

Default:

Acceptable values:

- text

listener.ssl.ciphers =

Default:

Acceptable values:

- text

listener.vmqs.ciphers =

Default:

Acceptable values:

- text

listener.https.ciphers =

If you have 'listener.ssl.require_certificate' set to true,

you can create a certificate revocation list file to revoke access

to particular client certificates. If you have done this, use crlfile

to point to the PEM encoded revocation file. This can be done on the

protocol level or on the listener level.

- listener.ssl.crlfile

- listener.wss.crlfile

or on the listener level:

- listener.ssl.my_ssl_listener.crlfile

- listener.wss.my_wss_listener.crlfile

Default:

Acceptable values:

- the path to a file

listener.ssl.crlfile =

Enable this option if you want to use SSL client certificates

to authenticate your clients. This can be done on the protocol level

or on the listener level.

- listener.ssl.require_certificate

- listener.wss.require_certificate

or on the listener level:

- listener.ssl.my_ssl_listener.require_certificate

- listener.wss.my_wss_listener.require_certificate

Default: off

Acceptable values:

- on or off

listener.ssl.require_certificate = off

Default: off

Acceptable values:

- on or off

listener.vmqs.require_certificate = off

Default: off

Acceptable values:

- on or off

listener.https.require_certificate = off

Configure the TLS protocol version (tlsv1, tlsv1.1, or tlsv1.2) to be

Default: tlsv1.2

Acceptable values:

- text

listener.ssl.tls_version = tlsv1.2

Default: tlsv1.2

Acceptable values:

- text

listener.vmqs.tls_version = tlsv1.2

Default: tlsv1.2

Acceptable values:

- text

listener.https.tls_version = tlsv1.2

If 'listener.ssl.require_certificate' is enabled, you may enable

'listener.ssl.use_identity_as_username' to use the CN value from the client

certificate as a username. If enabled other authentication plugins are not

considered. The option can be specified either for all SSL listeners or for

a specific listener:

- listener.ssl.use_identity_as_username

- listener.wss.use_identity_as_username

or on the listener level:

- listener.ssl.my_ssl_listener.use_identity_as_username

- listener.wss.my_wss_listener.use_identity_as_username

Default: off

Acceptable values:

- on or off

listener.ssl.use_identity_as_username = off

Enable the $SYSTree Reporter.

Default: on

Acceptable values:

- on or off

systree_enabled = on

The integer number of milliseconds between updates of the $SYS subscription hierarchy,

which provides status information about the broker. If unset, defaults to 20 seconds.

Set to 0 to disable publishing the $SYS hierarchy completely.

Default: 20000

Acceptable values:

- an integer

systree_interval = 20000

Enable the Graphite Reporter. Ensure to also configure a

proper graphite.host

Default: off

Acceptable values:

- on or off

graphite_enabled = off

the graphite server host name

Default: localhost

Acceptable values:

- text

graphite_host = localhost

the tcp port of the graphite server

Default: 2003

Acceptable values:

- an integer

graphite_port = 2003

the interval we push metrics to the graphite server in ms

Default: 20000

Acceptable values:

- an integer

graphite_interval = 20000

set the prefix that is applied to all metrics reported to graphite

Default:

Acceptable values:

- text

graphite_prefix = my-prefix

the graphite server api key, e.g. used by hostedgraphite.com

Default:

Acceptable values:

- text

graphite_api_key = My-Api-Key

Distribution policy for shared subscriptions. Default is

'prefer_local' which will ensure that local subscribers will be

used if any are available. 'local_only' will select a random local

subscriber if any are available. 'random' will randomly choose

between all available subscribers.

Default: prefer_local

Acceptable values:

- text

shared_subscription_policy = prefer_local

plugins. enables/disables a plugin.

Plugin specific settings are set via the plugin itself, i.e., to

set the 'file' setting for the myplugin plugin, add a line like:

myplugin.file = /path/to/file

Acceptable values:

- on or off

plugins.name = on

plugins..path defines the location of the plugin

associated with . This is needed for plugins that are not

shipped with VerneMQ.

Acceptable values:

- the path to a directory

plugins.mypluginname.path = /path/to/myplugin

plugins..priority defines the load order of the

plugins. Plugins are loaded by priority. If no priority is given

the load order is undefined. Prioritized plugins will always be

loaded before plugins with no defined priority.

Acceptable values:

- an integer

plugins.mypluginname.priority = 5

File based authentication plugin.

Default: on

Acceptable values:

- on or off

plugins.vmq_passwd = on

File based authorization plugin.

Default: on

Acceptable values:

- on or off

plugins.vmq_acl = on

Lua based plugins.

Default: off

Acceptable values:

- on or off

plugins.vmq_diversity = off

Webhook based plugins.

Default: off

Acceptable values:

- on or off

plugins.vmq_webhooks = off

The VerneMQ bridge plugin.

Default: off

Acceptable values:

- on or off

plugins.vmq_bridge = off

Specifies the metadata plugin that is used for storing and replicating

VerneMQ metadata objects such as MQTT subscriptions and retained messages.

The default is vmq_plumtree which is stable and shows good performance

results for most use cases.

vmq_swc is still in Beta, but will likely deprecate vmq_plumtree in the

next major version (2.0). vmq_swc aims to overcome multiple scalability

limitations that can be observed with vmq_plumtree.

Default: vmq_plumtree

Acceptable values:

- one of: vmq_plumtree, vmq_swc

metadata_plugin = vmq_plumtree

Set the path to an access control list file.

Default: /etc/vernemq/vmq.acl

Acceptable values:

- the path to a file

vmq_acl.acl_file = /etc/vernemq/vmq.acl

set the acl reload interval in seconds, the value 0 disables

the automatic reloading of the acl file.

Default: 10

Acceptable values:

- an integer

vmq_acl.acl_reload_interval = 10

Set the path to a password file.

Default: /etc/vernemq/vmq.passwd

Acceptable values:

- the path to a file

vmq_passwd.password_file = /etc/vernemq/vmq.passwd

set the password reload interval in seconds, the value 0

disables the automatic reloading of the password file.

Default: 10

Acceptable values:

- an integer

vmq_passwd.password_reload_interval = 10

Configure the vmq_diversity plugin script dir. The script dir

is searched for Lua scripts which are automatically loaded when the

plugin is enabled.

Default: /usr/share/vernemq/lua

Acceptable values:

- the path to a directory

vmq_diversity.script_dir = /usr/share/vernemq/lua

Default: off

Acceptable values:

- on or off

vmq_diversity.auth_postgres.enabled = off

Default: localhost

Acceptable values:

- text

vmq_diversity.postgres.host = localhost

Default: 5432

Acceptable values:

- an integer

vmq_diversity.postgres.port = 5432

Default: root

Acceptable values:

- text

vmq_diversity.postgres.user = root

Default: password

Acceptable values:

- text

vmq_diversity.postgres.password = password

Default: vernemq_db

Acceptable values:

- text

vmq_diversity.postgres.database = vernemq_db

Specify if the postgresql driver should use TLS or not.

Default: off

Acceptable values:

- on or off

vmq_diversity.postgres.ssl = off

The cafile is used to define the path to a file containing

the PEM encoded CA certificates that are trusted.

Default:

Acceptable values:

- the path to a file

vmq_diversity.postgres.cafile = /etc/vernemq/cafile.pem

Set the path to the PEM encoded server certificate.

Default:

Acceptable values:

- the path to a file

vmq_diversity.postgres.certfile = /etc/vernemq/cert.pem

Set the path to the PEM encoded key file.

Default:

Acceptable values:

- the path to a file

vmq_diversity.postgres.keyfile = /etc/vernemq/keyfile.pem

The password hashing method to use in PostgreSQL:

Default: crypt

Acceptable values:

- one of: crypt, bcrypt

vmq_diversity.postgres.password_hash_method = crypt

Default: off

Acceptable values:

- on or off

vmq_diversity.auth_cockroachdb.enabled = off

Default: localhost

Acceptable values:

- text

vmq_diversity.cockroachdb.host = localhost

Default: 5432

Acceptable values:

- an integer

vmq_diversity.cockroachdb.port = 5432

Default: root

Acceptable values:

- text

vmq_diversity.cockroachdb.user = root

Default: password

Acceptable values:

- text

vmq_diversity.cockroachdb.password = password

Default: vernemq_db

Acceptable values:

- text

vmq_diversity.cockroachdb.database = vernemq_db

Specify if the cockroachdb driver should use TLS or not.

Default: on

Acceptable values:

- on or off

vmq_diversity.cockroachdb.ssl = on

The cafile is used to define the path to a file containing

the PEM encoded CA certificates that are trusted.

Default:

Acceptable values:

- the path to a file

vmq_diversity.cockroachdb.cafile = /etc/vernemq/cafile.pem

Set the path to the PEM encoded server certificate.

Default:

Acceptable values:

- the path to a file

vmq_diversity.cockroachdb.certfile = /etc/vernemq/cert.pem

Set the path to the PEM encoded key file.

Default:

Acceptable values:

- the path to a file

vmq_diversity.cockroachdb.keyfile = /etc/vernemq/keyfile.pem

The password hashing method to use in CockroachDB:

Default: bcrypt

Acceptable values:

- one of: sha256, bcrypt

vmq_diversity.cockroachdb.password_hash_method = bcrypt

Default: off

Acceptable values:

- on or off

vmq_diversity.auth_mysql.enabled = off

Default: localhost

Acceptable values:

- text

vmq_diversity.mysql.host = localhost

Default: 3306

Acceptable values:

- an integer

vmq_diversity.mysql.port = 3306

Default: root

Acceptable values:

- text

vmq_diversity.mysql.user = root

Default: password

Acceptable values:

- text

vmq_diversity.mysql.password = password

Default: vernemq_db

Acceptable values:

- text

vmq_diversity.mysql.database = vernemq_db

The password hashing method to use in MySQL:

password: Default for compatibility, deprecated since MySQL 5.7.6 and not

usable with MySQL 8.0.11+.

Docs: https://dev.mysql.com/doc/refman/5.7/en/encryption-functions.html#function_password

md5: Calculates an MD5 128-bit checksum of the password.

Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_md5

sha1: Calculates the SHA-1 160-bit checksum for the password.

Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha1

sha256: Calculates the SHA-2 hash of the password, using 256 bits.

Works only if MySQL has been configured with SSL support.

Docs: https://dev.mysql.com/doc/refman/8.0/en/encryption-functions.html#function_sha2

Default: password

Acceptable values:

- one of: password, md5, sha1, sha256

vmq_diversity.mysql.password_hash_method = password

Default: off

Acceptable values:

- on or off

vmq_diversity.auth_mongodb.enabled = off

Default: localhost

Acceptable values:

- text

vmq_diversity.mongodb.host = localhost

Default: 27017

Acceptable values:

- an integer

vmq_diversity.mongodb.port = 27017

Acceptable values:

- text

vmq_diversity.mongodb.login =

Acceptable values:

- text

vmq_diversity.mongodb.password =

Acceptable values:

- text

vmq_diversity.mongodb.database =

Specify if the mongodb driver should use TLS or not.

Default: off

Acceptable values:

- on or off

vmq_diversity.mongodb.ssl = off

The cafile is used to define the path to a file containing

the PEM encoded CA certificates that are trusted.

Default:

Acceptable values:

- the path to a file

vmq_diversity.mongodb.cafile = /etc/vernemq/cafile.pem

Set the path to the PEM encoded server certificate.

Default:

Acceptable values:

- the path to a file

vmq_diversity.mongodb.certfile = /etc/vernemq/cert.pem

Set the path to the PEM encoded key file.

Default:

Acceptable values:

- the path to a file

vmq_diversity.mongodb.keyfile = /etc/vernemq/keyfile.pem

Default: off

Acceptable values:

- on or off

vmq_diversity.auth_redis.enabled = off

Default: localhost

Acceptable values:

- text

vmq_diversity.redis.host = localhost

Default: 6379

Acceptable values:

- an integer

vmq_diversity.redis.port = 6379

Default:

Acceptable values:

- text

vmq_diversity.redis.password =

Default: 0

Acceptable values:

- an integer

vmq_diversity.redis.database = 0

Default: localhost

Acceptable values:

- text

vmq_diversity.memcache.host = localhost

Default: 11211

Acceptable values:

- an integer

vmq_diversity.memcache.port = 11211

vmq_diversity..plugin = loads a specific lua

script when vmq_diversity starts. The scripts are loaded in the

order defined by the names given, i.e., the script with

'script1' is started before the plugin with 'script2'.

Acceptable values:

- the path to a file

vmq_diversity.script1.file = path/to/my/script.lua

The pool_size specifies how many bcrypt operations that are

allowed concurrently. The value auto will try to detect all

logical cpus and set the pool size to that number. If the number of

logical cpus cannot be detected, a value of 1 is used.

Default: 1

Acceptable values:

- an integer

- one of: auto

vmq_bcrypt.pool_size = 1

To configure and register a webhook a hook and an endpoint

need to be configured and this is achieved by associating both with

a name. vmq_webhooks..hook = associates the hook

with the name . Webhooks are registered in the order

of the name given to it. Therefore a webhook with name 'webhook1'

is regisered before a webhook with the name 'webhook2'.

Acceptable values:

- one of: auth_on_register, auth_on_publish, auth_on_subscribe, on_register, on_publish, on_subscribe, on_unsubscribe, on_deliver, on_offline_message, on_client_wakeup, on_client_offline, on_client_gone, auth_on_register_m5, auth_on_publish_m5, auth_on_subscribe_m5, on_register_m5, on_publish_m5, on_subscribe_m5, on_unsubscribe_m5, on_deliver_m5, on_auth_m5

vmq_webhooks.webhook1.hook = auth_on_register

Associate an endpoint with a name.

Acceptable values:

- text

vmq_webhooks.webhook1.endpoint = http://localhost/myendpoints

Specify the address and port of the bridge to connect to. Several

bridges can configured by using different bridge names (e.g. br0). If the

connection supports SSL encryption bridge.ssl. can be used.

Acceptable values:

- text

vmq_bridge.tcp.br0 = 127.0.0.1:1889

Set the clean session option for the bridge. By default this is disabled,

which means that all subscriptions on the remote broker are kept in case of

the network connection dropping. If enabled, all subscriptions and messages

on the remote broker will be cleaned up if the connection drops.

Default: off

Acceptable values:

- on or off

vmq_bridge.tcp.br0.cleansession = off

Set the client id for this bridge connection. If not defined, this

defaults to 'name.hostname', where name is the connection name and hostname

is the hostname of this computer.

Default: auto

Acceptable values:

- text

vmq_bridge.tcp.br0.client_id = auto

Set the number of seconds after which the bridge should send a ping if

no other traffic has occurred.

Default: 60

Acceptable values:

- an integer

vmq_bridge.tcp.br0.keepalive_interval = 60

Configure a username for the bridge. This is used for authentication

purposes when connecting to a broker that support MQTT v3.1 and requires a

username and/or password to connect. See also the password option.

Acceptable values:

- text

vmq_bridge.tcp.br0.username = my_remote_user

Configure a password for the bridge. This is used for authentication

purposes when connecting to a broker that support MQTT v3.1 and requires a

username and/or password to connect. This option is only valid if a username

is also supplied.

Acceptable values:

- text

vmq_bridge.tcp.br0.password = my_remote_password

Define one or more topic pattern to be shared between the two brokers.

Any topics matching the pattern (including wildcards) are shared.

The following format is used:

pattern [[[ out | in | both ] qos-level] local-prefix remote-prefix]

[ out | in | both ]: specifies that this bridge exports messages (out), imports

messages (in) or shared in both directions (both). If undefined we default to

export (out).

qos-level: specifies the publish/subscribe QoS level used for this

toppic. If undefined we default to QoS 0.

local-prefix and remote-prefix: For incoming topics, the bridge

will prepend the pattern with the remote prefix and subscribe to

the resulting topic on the remote broker. When a matching

incoming message is received, the remote prefix will be removed

from the topic and then the local prefix added.

For outgoing topics, the bridge will prepend the pattern with the

local prefix and subscribe to the resulting topic on the local

broker. When an outgoing message is processed, the local prefix

will be removed from the topic then the remote prefix added.

For shared subscriptions topic prefixes are applied only to the

topic part of the subscription.

Acceptable values:

- text

vmq_bridge.tcp.br0.topic.1 = topic

Set the amount of time a bridge using the automatic start type will wait

until attempting to reconnect. Defaults to 30 seconds.

Default: 10

Acceptable values:

- an integer

vmq_bridge.tcp.br0.restart_timeout = 10

If try_private is enabled, the bridge will attempt to indicate to the

remote broker that it is a bridge not an ordinary client.

Note that loop detection for bridges is not yet implemented.

Default: on

Acceptable values:

- on or off

vmq_bridge.tcp.br0.try_private = on

Set the MQTT protocol version to be used by the bridge.

Default: 3

Acceptable values:

- one of: 3, 4

vmq_bridge.tcp.br0.mqtt_version = on

Maximum number of outgoing messages the bridge will buffer

while not connected to the remote broker. Messages published while

the buffer is full are dropped. A value of 0 means buffering is

disabled.

Default: 0

Acceptable values:

- an integer

vmq_bridge.tcp.br0.max_outgoing_buffered_messages = 0

The cafile is used to define the path to a file containing

the PEM encoded CA certificates that are trusted.

Default:

Acceptable values:

- the path to a file

vmq_bridge.ssl.sbr0.cafile = /etc/vernemq/cacerts.pem

Set the path to the PEM encoded server certificate.

Default:

Acceptable values:

- the path to a file

vmq_bridge.ssl.sbr0.certfile = /etc/vernemq/cert.pem

Set the path to the PEM encoded key file.

Default:

Acceptable values:

- the path to a file

vmq_bridge.ssl.sbr0.keyfile = /etc/vernemq/key.pem

When using certificate based TLS, the bridge will attempt to verify the

hostname provided in the remote certificate matches the host/address being

connected to. This may cause problems in testing scenarios, so this option

may be enabled to disable the hostname verification.

Setting this option to true means that a malicious third party could

potentially inpersonate your server, so it should always be disabled in

production environments.

Default: off

Acceptable values:

- on or off

vmq_bridge.ssl.sbr0.insecure = off

Configure the TLS protocol version (tlsv1, tlsv1.1, or tlsv1.2) to be

used for this bridge.

Default: tlsv1.2

Acceptable values:

- text

vmq_bridge.ssl.sbr0.tls_version = tlsv1.2

Pre-shared-key encryption provides an alternative to certificate based

encryption. This option specifies the identity used.

Default:

Acceptable values:

- text

vmq_bridge.ssl.sbr0.identity =

Pre-shared-key encryption provides an alternative to certificate based

encryption. This option specifies the shared secret used in hexadecimal

format without leading '0x'.

Default:

Acceptable values:

- text

vmq_bridge.ssl.sbr0.psk =

Where to emit the default log messages (typically at 'info'

severity):

off: disabled

file: the file specified by log.console.file

console: to standard output (seen when using vmq attach-direct)

both: log.console.file and standard out.

Default: file

Acceptable values:

- one of: off, file, console, both

log.console = file

The severity level of the console log, default is 'info'.

Default: info

Acceptable values:

- one of: debug, info, warning, error

log.console.level = info

When 'log.console' is set to 'file' or 'both', the file where

console messages will be logged.

Default: /var/log/vernemq/console.log

Acceptable values:

- the path to a file

log.console.file = /var/log/vernemq/console.log

The file where error messages will be logged.

Default: /var/log/vernemq/error.log

Acceptable values:

- the path to a file

log.error.file = /var/log/vernemq/error.log

When set to 'on', enables log output to syslog.

Default: off

Acceptable values:

- on or off

log.syslog = off

Whether to enable the crash log.

Default: on

Acceptable values:

- on or off

log.crash = on

If the crash log is enabled, the file where its messages will

be written.

Default: /var/log/vernemq/crash.log

Acceptable values:

- the path to a file

log.crash.file = /var/log/vernemq/crash.log

Maximum size in bytes of individual messages in the crash log

Default: 64KB

Acceptable values:

- a byte size with units, e.g. 10GB

log.crash.maximum_message_size = 64KB

Maximum size of the crash log in bytes, before it is rotated

Default: 10MB

Acceptable values:

- a byte size with units, e.g. 10GB

log.crash.size = 10MB

The schedule on which to rotate the crash log. For more

information see:

https://github.com/basho/lager/blob/master/README.md#internal-log-rotation

Default: $D0

Acceptable values:

- text

log.crash.rotation = $D0

The number of rotated crash logs to keep. When set to

'current', only the current open log file is kept.

Default: 5

Acceptable values:

- an integer

- the text "current"

log.crash.rotation.keep = 5

Name of the Erlang node

Default: VerneMQ@127.0.0.1

Acceptable values:

- text

nodename = VerneMQ@127.0.0.1

Cookie for distributed node communication. All nodes in the

same cluster should use the same cookie or they will not be able to

communicate.

IMPORTANT!!! SET the cookie to a private value! DO NOT LEAVE AT DEFAULT!

Default: vmq

Acceptable values:

- text

distributed_cookie = vmq

Sets the number of threads in async thread pool, valid range

is 0-1024. If thread support is available, the default is 64.

More information at: http://erlang.org/doc/man/erl.html

Default: 64

Acceptable values:

- an integer

erlang.async_threads = 64

The number of concurrent ports/sockets

Valid range is 1024-134217727

Default: 262144

Acceptable values:

- an integer

erlang.max_ports = 262144

Set scheduler forced wakeup interval. All run queues will be

scanned each Interval milliseconds. While there are sleeping

schedulers in the system, one scheduler will be woken for each

non-empty run queue found. An Interval of zero disables this

feature, which also is the default.

This feature is a workaround for lengthy executing native code, and

native code that do not bump reductions properly.

More information: http://www.erlang.org/doc/man/erl.html#+sfwi

Acceptable values:

- an integer

erlang.schedulers.force_wakeup_interval = 500

Enable or disable scheduler compaction of load. By default

scheduler compaction of load is enabled. When enabled, load

balancing will strive for a load distribution which causes as many

scheduler threads as possible to be fully loaded (i.e., not run out

of work). This is accomplished by migrating load (e.g. runnable

processes) into a smaller set of schedulers when schedulers

frequently run out of work. When disabled, the frequency with which

schedulers run out of work will not be taken into account by the

load balancing logic.

More information: http://www.erlang.org/doc/man/erl.html#+scl

Acceptable values:

- one of: true, false

erlang.schedulers.compaction_of_load = false

Enable or disable scheduler utilization balancing of load. By

default scheduler utilization balancing is disabled and instead

scheduler compaction of load is enabled which will strive for a

load distribution which causes as many scheduler threads as

possible to be fully loaded (i.e., not run out of work). When

scheduler utilization balancing is enabled the system will instead

try to balance scheduler utilization between schedulers. That is,

strive for equal scheduler utilization on all schedulers.

More information: http://www.erlang.org/doc/man/erl.html#+sub

Acceptable values:

- one of: true, false

erlang.schedulers.utilization_balancing = true

This parameter defines the percentage of total server memory

to assign to LevelDB. LevelDB will dynamically adjust its internal

cache sizes to stay within this size. The memory size can

alternately be assigned as a byte count via leveldb.maximum_memory

instead.

Default: 70

Acceptable values:

- an integer

leveldb.maximum_memory.percent = 70

• Cluster size/standalone: not sure cluster or standalone version.

Expected behavior

• Please describe the expected behaviour. Connect from online or any other mqtt client.

Actual behaviour

• Please include minimal steps to reproduce the issue, if possible. There is no successfull connection. When i try to connect from online mqtt client, it gives me connection error. But no detail (timeout, refused or else). When i try to connect to my server from tcp socket client, it connects to the socket 1880 and after about 3 seconds, close the connection.

What do i miss? Is my config file is wrong?

I tried with allow_ananymous on and off. Still no luck.

[ioolkos]

@yldzmuhammed try configuring the MQTT listener using the specific IP, instead of 0.0.0.0 We've sometimes seen issues with that, especially on AWS and/or Docker

[yldzmuhammed]

Dear @ioolkos can you explain me taht what is tcp listener exactly? I was thinking as a specific io address to listen. And If I wantt to listen every io address, it should be 0.0.0.0. Do I missing some thing? Is this config related with cluster? What if I don't want to use cluster and use standalone? I putted my config file. Can you tell me what should I do? Great thanks.

[yldzmuhammed]

Can some one explain how can i up and run this app?

I want to use it for simple usage for now.

[ioolkos]

@yldzmuhammed have you tried what I suggested?

[yldzmuhammed]

@ioolkos if would understand what you said i would. but i did not. Sorry. Can you explain it?

[yldzmuhammed]

What do you mean by specific ip. Is it client's ip? I am not using cluster. Just standalone.

[ioolkos]

The Server IP, not 0.0.0.0 Configure the MQTT listener to that in your vernemq.conf file

[yldzmuhammed]

@ioolkos i tried. But no luck. When i try with pyhton code, it responses with connection refused.

[yldzmuhammed]

Amazon aws servers has 2 ip address. One public ip, other private ip. I tried with both.

BTW, these configs can bu made on the fly, correct?

[yldzmuhammed]

What exactly is this tcp listener? What does it do?I am a little confused.

[yldzmuhammed]

Is there any body?

[larshesel]

https://docs.vernemq.com/configuration/listeners

[KhairulM]

Just for anyone still struggling with this. My setup was:

VerneMQ version 1.13.0 Running on AWS EC2 with a security group allowing TCP access to port 1883 from 0.0.0.0/0 (basically anywhere) Had allow_anonymous = on and accept_eula = yes Confirmed that VerneMQ is running through systemctl status vernemq.service Confirmed that the EC2 instance is accessible from the public internet through SSH

What I tried was: Connect to VerneMQ using local MQTT client by the EC2 public DNS name

What I got was: Connection refused on multiple MQTT clients that I tried

What I did was:

1. Changed this line listener.tcp.name = 127.0.0.1:1883 to listener.tcp.default = <private IP of the EC2>:1883
2. Restart VerneMQ through sudo systemctl restart vernemq.service

Now I can connect from my local MQTT client