emqx.conf如何配置wss

awen · 2025 年12 月 3 日 04:05

node {

  name = "emqx@127.0.0.1"

  cookie = "emqxsecretcookie"

  data_dir = "/var/lib/emqx"

  process_limit = 2097152

}



cluster {

  name = emqxcl

  discovery_strategy = manual

}



dashboard {

    listeners {

        http.bind = 18083

        # https.bind = 18084

        https {

            #bind = "18084"

            ssl_options {

                certfile = "${EMQX_ETC_DIR}/certs/cert.pem"

                keyfile = "${EMQX_ETC_DIR}/certs/key.pem"

            }

        }

    }

}

listeners.tcp.default {

  bind = "0.0.0.0:1883"

  max_connections = 1024000

}



listeners.ssl.default {

  bind = "0.0.0.0:8883"

  max_connections = 1024000

  ssl_options {

    cacertfile = "/etc/emqx/certs/wss/mqtt.pem"

    certfile = "/etc/emqx/certs/wss/mqtt.crt"

    keyfile = "/etc/emqx/certs/wss/mqtt.key"



    verify = verify_none

    fail_if_no_peer_cert = false

  }

}

listeners.ws.default {

  bind = "0.0.0.0:8083"

  max_connections = 1024000

  websocket.mqtt_path = "/mqtt"

}



listeners.wss.default {

  bind = "0.0.0.0:8084"

  #bind = "hk.mqtt.indmeta.top:8084"

  max_connections = 1024000

  websocket.mqtt_path = "/mqtt"

  ssl_options {

    cacertfile = "etc/emqx/certs/wss/mqtt.pem"

    certfile = "etc/emqx/certs/wss/mqtt.crt"

    keyfile = "etc/emqx/certs/wss/mqtt.key"

  }

}

以上内容是我的emqx.conf文件的全部内容。

前端使用wss连接

请帮忙检查下配置文件哪里有错误？现在服务不能正常启动了。非常感谢。

zhongwencool · 2025 年12 月 3 日 05:32

没看出来哪里错，
使用./bin/emqx console 启动有什么报错不？

awen · 2025 年12 月 3 日 05:38

使用的是5.9.1版本。使用systemctl start emqx 无法启动。另外，问下log是需要配置一下才会有吗？我没有配置log，没有找到错误日志。您把我的配置放到您那边测试下，能启动吗？

zhongwencool · 2025 年12 月 3 日 05:45

先用 console 启动一下，看一下报错。
emqx console

如果提示找到 emqx，就到/usr/bin/emqx 下找找。

或者 systemctl status emqx

journalctl -u emqx

awen · 2025 年12 月 3 日 05:57

[root@ecs-296802 emqx]# emqx console
WARNING: Default (insecure) Erlang cookie is in use.
WARNING: Configure node.cookie in /etc/emqx/emqx.conf or override from environment variable EMQX_NODE__COOKIE
WARNING: NOTE: Use the same cookie for all nodes in the cluster.
Erlang/OTP 27 [erts-15.2] [emqx] [64-bit] [smp:8:8] [ds:8:8:8] [async-threads:4] [jit:ns]

2025-12-03T13:56:20.960512+08:00 [error] msg: max_connections_clamped_by_system_limit, system_limit: 65535, ignored: 1024000, applied: 65535
Listener tcp:default on 0.0.0.0:1883 started.
2025-12-03T13:56:20.964255+08:00 [error] msg: cert_file_not_found, path: /etc/emqx/certs/wss/hk.h2apitest.indmeta.top.key
2025-12-03T13:56:20.964400+08:00 [error] msg: cert_file_not_found, path: /etc/emqx/certs/wss/hk.h2apitest.indmeta.top_bundle.crt
2025-12-03T13:56:20.964488+08:00 [error] msg: cert_file_not_found, path: /etc/emqx/certs/wss/hk.h2apitest.indmeta.top_bundle.pem
2025-12-03T13:56:20.964787+08:00 [error] msg: max_connections_clamped_by_system_limit, system_limit: 65535, ignored: 1024000, applied: 65535
Listener ssl:default on 0.0.0.0:8883 started.
Listener ws:default on 0.0.0.0:8083 started.
2025-12-03T13:56:20.969989+08:00 [error] msg: cert_file_not_found, path: etc/emqx/certs/wss/hk.mqtt.indmeta.top.key
2025-12-03T13:56:20.970136+08:00 [error] msg: cert_file_not_found, path: etc/emqx/certs/wss/hk.mqtt.indmeta.top_bundle.crt
2025-12-03T13:56:20.970230+08:00 [error] msg: cert_file_not_found, path: etc/emqx/certs/wss/hk.mqtt.indmeta.top_bundle.pem
2025-12-03T13:56:20.970540+08:00 [error] Failed to start Ranch listener ‘wss:default’ in ranch_ssl:listen([{cacerts,‘…’},{key,‘…’},{cert,‘…’},{next_protocols_advertised,[<<“h2”>>,<<“http/1.1”>>]},{alpn_preferred_protocols,[<<“h2”>>,<<“http/1.1”>>]},{ip,{0,0,0,0}},{port,8084},{buffer,4096},{high_watermark,1048576},{nodelay,true},{send_timeout,15000},{send_timeout_close,true},{backlog,1024},{linger,{false,0}},{versions,[‘tlsv1.3’,‘tlsv1.2’]},{ciphers,[“TLS_AES_256_GCM_SHA384”,“TLS_AES_128_GCM_SHA256”,“TLS_CHACHA20_POLY1305_SHA256”,“TLS_AES_128_CCM_SHA256”,“TLS_AES_128_CCM_8_SHA256”,“ECDHE-ECDSA-AES256-GCM-SHA384”,“ECDHE-RSA-AES256-GCM-SHA384”,“ECDHE-ECDSA-AES256-SHA384”,“ECDHE-RSA-AES256-SHA384”,“ECDH-ECDSA-AES256-GCM-SHA384”,“ECDH-RSA-AES256-GCM-SHA384”,“ECDH-ECDSA-AES256-SHA384”,“ECDH-RSA-AES256-SHA384”,“DHE-DSS-AES256-GCM-SHA384”,“DHE-DSS-AES256-SHA256”,“AES256-GCM-SHA384”,“AES256-SHA256”,“ECDHE-ECDSA-AES128-GCM-SHA256”,“ECDHE-RSA-AES128-GCM-SHA256”,“ECDHE-ECDSA-AES128-SHA256”,“ECDHE-RSA-AES128-SHA256”,“ECDH-ECDSA-AES128-GCM-SHA256”,“ECDH-RSA-AES128-GCM-SHA256”,“ECDH-ECDSA-AES128-SHA256”,“ECDH-RSA-AES128-SHA256”,“DHE-DSS-AES128-GCM-SHA256”,“DHE-DSS-AES128-SHA256”,“AES128-GCM-SHA256”,“AES128-SHA256”,“ECDHE-ECDSA-AES256-SHA”,“ECDHE-RSA-AES256-SHA”,“DHE-DSS-AES256-SHA”,“ECDH-ECDSA-AES256-SHA”,“ECDH-RSA-AES256-SHA”,“ECDHE-ECDSA-AES128-SHA”,“ECDHE-RSA-AES128-SHA”,“DHE-DSS-AES128-SHA”,“ECDH-ECDSA-AES128-SHA”,“ECDH-RSA-AES128-SHA”,“RSA-PSK-AES256-GCM-SHA384”,“RSA-PSK-AES256-CBC-SHA384”,“RSA-PSK-AES128-GCM-SHA256”,“RSA-PSK-AES128-CBC-SHA256”,“RSA-PSK-AES256-CBC-SHA”,“RSA-PSK-AES128-CBC-SHA”]},{depth,10},{verify,verify_none},{fail_if_no_peer_cert,false},{honor_cipher_order,true},{user_lookup_fun,{fun emqx_tls_psk:lookup/3,undefined}},{log_level,notice},{hibernate_after,5000}]) for reason no_cert (no certificate provided; see cert, certfile, sni_fun or sni_hosts options)
2025-12-03T13:56:20.971212+08:00 [error] crasher: initial call: supervisor:ranch_acceptors_sup/1, pid: <0.4071.0>, registered_name: , exit: {{listen_error,‘wss:default’,no_cert},[{ranch_acceptors_sup,listen_error,5,[{file,“ranch_acceptors_sup.erl”},{line,66}]},{supervisor,init,1,[{file,“supervisor.erl”},{line,869}]},{gen_server,init_it,2,[{file,“gen_server.erl”},{line,2229}]},{gen_server,init_it,6,[{file,“gen_server.erl”},{line,2184}]},{proc_lib,init_p_do_apply,3,[{file,“proc_lib.erl”},{line,329}]}]}, ancestors: [<0.4069.0>,ranch_sup,<0.3733.0>], message_queue_len: 0, messages: , links: [<0.4069.0>], dictionary: [{logger,error_logger}], trap_exit: true, status: running, heap_size: 610, stack_size: 29, reductions: 15135; neighbours:
2025-12-03T13:56:20.971619+08:00 [error] Supervisor: {<0.4069.0>,ranch_listener_sup}. Context: start_error. Reason: {listen_error,‘wss:default’,no_cert}. Offender: id=ranch_acceptors_sup,pid=undefined.
Failed to start listener wss:default on 0.0.0.0:8084: no_cert.
2025-12-03T13:56:20.972394+08:00 [error] Supervisor: {local,emqx_machine_sup}. Context: start_error. Reason: {‘EXIT’,terminating}. Offender: id=emqx_machine_boot,pid=undefined.
2025-12-03T13:56:20.972353+08:00 [error] crasher: initial call: application_master:init/3, pid: <0.3814.0>, registered_name: , exit: {{bad_return,{{emqx_app,start,[normal,]},{‘EXIT’,{{failed_to_start,“wss:default(0.0.0.0:8084) : no_cert”},[{emqx_listeners,‘-foreach_listeners/1-fun-0-’,2,[{file,“emqx_listeners.erl”},{line,817}]},{lists,foreach_1,2,[{file,“lists.erl”},{line,2310}]},{emqx_app,maybe_start_listeners,0,[{file,“emqx_app.erl”},{line,82}]},{emqx_app,start,2,[{file,“emqx_app.erl”},{line,35}]},{application_master,start_it_old,4,[{file,“application_master.erl”},{line,295}]}]}}}},[{application_master,init,3,[{file,“application_master.erl”},{line,143}]},{proc_lib,init_p_do_apply,3,[{file,“proc_lib.erl”},{line,329}]}]}, ancestors: [application_controller,<0.10.0>], message_queue_len: 1, messages: [{‘EXIT’,<0.3815.0>,normal}], links: [<0.3325.0>], dictionary: , trap_exit: true, status: running, heap_size: 376, stack_size: 29, reductions: 171; neighbours:
2025-12-03T13:56:20.972725+08:00 [error] crasher: initial call: application_master:init/3, pid: <0.3471.0>, registered_name: , exit: {{{shutdown,{failed_to_start_child,emqx_machine_boot,{‘EXIT’,terminating}}},{emqx_machine_app,start,[normal,]}},[{application_master,init,3,[{file,“application_master.erl”},{line,143}]},{proc_lib,init_p_do_apply,3,[{file,“proc_lib.erl”},{line,329}]}]}, ancestors: [application_controller,<0.10.0>], message_queue_len: 1, messages: [{‘EXIT’,<0.3472.0>,normal}], links: [<0.3325.0>], dictionary: , trap_exit: true, status: running, heap_size: 233, stack_size: 29, reductions: 95; neighbours:
Kernel pid terminated (application_controller) (“{application_start_failure,emqx,{bad_return,{{emqx_app,start,[normal,]},{‘EXIT’,{{failed_to_start,"wss:default(0.0.0.0:8084) : no_cert"},[{emqx_listeners,‘-foreach_listeners/1-fun-0-’,2,[{file,"emqx_listeners.erl"},{line,817}]},{lists,foreach_1,2,[{file,"lists.erl"},{line,2310}]},{emqx_app,maybe_start_listeners,0,[{file,"emqx_app.erl"},{line,82}]},{emqx_app,start,2,[{file,"emqx_app.erl"},{line,35}]},{application_master,start_it_old,4,[{file,"application_master.erl"},{line,295}]}]}}}}}”)

Crash dump is being written to: /var/log/emqx/erl_crash.2025.12.03.13.56.17.dump…done
这样，能看出是什么问题吗？

zhongwencool · 2025 年12 月 3 日 06:06

这个文件找不到，试试使用绝对路径

awen · 2025 年12 月 3 日 06:28

awen:

[root@ecs-296802 emqx]# emqx console
WARNING: Default (insecure) Erlang cookie is in use.
WARNING: Configure node.cookie in /etc/emqx/emqx.conf or override from environment variable EMQX_NODE__COOKIE
WARNING: NOTE: Use the same cookie for all nodes in the cluster.
Erlang/OTP 27 [erts-15.2] [emqx] [64-bit] [smp:8:8] [ds:8:8:8] [async-threads:4] [jit:ns]

2025-12-03T13:56:20.960512+08:00 [error] msg: max_connections_clamped_by_system_limit, system_limit: 65535, ignored: 1024000, applied: 65535
Listener tcp:default on 0.0.0.0:1883 started.
2025-12-03T13:56:20.964255+08:00 [error] msg: cert_file_not_found, path: /etc/emqx/certs/wss/hk.h2apitest.indmeta.top.key
2025-12-03T13:56:20.964400+08:00 [error] msg: cert_file_not_found, path: /etc/emqx/certs/wss/hk.h2apitest.indmeta.top_bundle.crt
2025-12-03T13:56:20.964488+08:00 [error] msg: cert_file_not_found, path: /etc/emqx/certs/wss/hk.h2apitest.indmeta.top_bundle.pem
2025-12-03T13:56:20.964787+08:00 [error] msg: max_connections_clamped_by_system_limit, system_limit: 65535, ignored: 1024000, applied: 65535
Listener ssl:default on 0.0.0.0:8883 started.
Listener ws:default on 0.0.0.0:8083 started.
2025-12-03T13:56:20.969989+08:00 [error] msg: cert_file_not_found, path: etc/emqx/certs/wss/hk.mqtt.indmeta.top.key
2025-12-03T13:56:20.970136+08:00 [error] msg: cert_file_not_found, path: etc/emqx/certs/wss/hk.mqtt.indmeta.top_bundle.crt
2025-12-03T13:56:20.970230+08:00 [error] msg: cert_file_not_found, path: etc/emqx/certs/wss/hk.mqtt.indmeta.top_bundle.pem
2025-12-03T13:56:20.970540+08:00 [error] Failed to start Ranch listener ‘wss:default’ in ranch_ssl:listen([{cacerts,‘…’},{key,‘…’},{cert,‘…’},{next_protocols_advertised,[<<“h2”>>,<<“http/1.1”>>]},{alpn_preferred_protocols,[<<“h2”>>,<<“http/1.1”>>]},{ip,{0,0,0,0}},{port,8084},{buffer,4096},{high_watermark,1048576},{nodelay,true},{send_timeout,15000},{send_timeout_close,true},{backlog,1024},{linger,{false,0}},{versions,[‘tlsv1.3’,‘tlsv1.2’]},{ciphers,[“TLS_AES_256_GCM_SHA384”,“TLS_AES_128_GCM_SHA256”,“TLS_CHACHA20_POLY1305_SHA256”,“TLS_AES_128_CCM_SHA256”,“TLS_AES_128_CCM_8_SHA256”,“ECDHE-ECDSA-AES256-GCM-SHA384”,“ECDHE-RSA-AES256-GCM-SHA384”,“ECDHE-ECDSA-AES256-SHA384”,“ECDHE-RSA-AES256-SHA384”,“ECDH-ECDSA-AES256-GCM-SHA384”,“ECDH-RSA-AES256-GCM-SHA384”,“ECDH-ECDSA-AES256-SHA384”,“ECDH-RSA-AES256-SHA384”,“DHE-DSS-AES256-GCM-SHA384”,“DHE-DSS-AES256-SHA256”,“AES256-GCM-SHA384”,“AES256-SHA256”,“ECDHE-ECDSA-AES128-GCM-SHA256”,“ECDHE-RSA-AES128-GCM-SHA256”,“ECDHE-ECDSA-AES128-SHA256”,“ECDHE-RSA-AES128-SHA256”,“ECDH-ECDSA-AES128-GCM-SHA256”,“ECDH-RSA-AES128-GCM-SHA256”,“ECDH-ECDSA-AES128-SHA256”,“ECDH-RSA-AES128-SHA256”,“DHE-DSS-AES128-GCM-SHA256”,“DHE-DSS-AES128-SHA256”,“AES128-GCM-SHA256”,“AES128-SHA256”,“ECDHE-ECDSA-AES256-SHA”,“ECDHE-RSA-AES256-SHA”,“DHE-DSS-AES256-SHA”,“ECDH-ECDSA-AES256-SHA”,“ECDH-RSA-AES256-SHA”,“ECDHE-ECDSA-AES128-SHA”,“ECDHE-RSA-AES128-SHA”,“DHE-DSS-AES128-SHA”,“ECDH-ECDSA-AES128-SHA”,“ECDH-RSA-AES128-SHA”,“RSA-PSK-AES256-GCM-SHA384”,“RSA-PSK-AES256-CBC-SHA384”,“RSA-PSK-AES128-GCM-SHA256”,“RSA-PSK-AES128-CBC-SHA256”,“RSA-PSK-AES256-CBC-SHA”,“RSA-PSK-AES128-CBC-SHA”]},{depth,10},{verify,verify_none},{fail_if_no_peer_cert,false},{honor_cipher_order,true},{user_lookup_fun,{fun emqx_tls_psk:lookup/3,undefined}},{log_level,notice},{hibernate_after,5000}]) for reason no_cert (no certificate provided; see cert, certfile, sni_fun or sni_hosts options)
2025-12-03T13:56:20.971212+08:00 [error] crasher: initial call: supervisor:ranch_acceptors_sup/1, pid: <0.4071.0>, registered_name: , exit: {{listen_error,‘wss:default’,no_cert},[{ranch_acceptors_sup,listen_error,5,[{file,“ranch_acceptors_sup.erl”},{line,66}]},{supervisor,init,1,[{file,“supervisor.erl”},{line,869}]},{gen_server,init_it,2,[{file,“gen_server.erl”},{line,2229}]},{gen_server,init_it,6,[{file,“gen_server.erl”},{line,2184}]},{proc_lib,init_p_do_apply,3,[{file,“proc_lib.erl”},{line,329}]}]}, ancestors: [<0.4069.0>,ranch_sup,<0.3733.0>], message_queue_len: 0, messages: , links: [<0.4069.0>], dictionary: [{logger,error_logger}], trap_exit: true, status: running, heap_size: 610, stack_size: 29, reductions: 15135; neighbours:
2025-12-03T13:56:20.971619+08:00 [error] Supervisor: {<0.4069.0>,ranch_listener_sup}. Context: start_error. Reason: {listen_error,‘wss:default’,no_cert}. Offender: id=ranch_acceptors_sup,pid=undefined.
Failed to start listener wss:default on 0.0.0.0:8084: no_cert.
2025-12-03T13:56:20.972394+08:00 [error] Supervisor: {local,emqx_machine_sup}. Context: start_error. Reason: {‘EXIT’,terminating}. Offender: id=emqx_machine_boot,pid=undefined.
2025-12-03T13:56:20.972353+08:00 [error] crasher: initial call: application_master:init/3, pid: <0.3814.0>, registered_name: , exit: {{bad_return,{{emqx_app,start,[normal,]},{‘EXIT’,{{failed_to_start,“wss:default(0.0.0.0:8084) : no_cert”},[{emqx_listeners,‘-foreach_listeners/1-fun-0-’,2,[{file,“emqx_listeners.erl”},{line,817}]},{lists,foreach_1,2,[{file,“lists.erl”},{line,2310}]},{emqx_app,maybe_start_listeners,0,[{file,“emqx_app.erl”},{line,82}]},{emqx_app,start,2,[{file,“emqx_app.erl”},{line,35}]},{application_master,start_it_old,4,[{file,“application_master.erl”},{line,295}]}]}}}},[{application_master,init,3,[{file,“application_master.erl”},{line,143}]},{proc_lib,init_p_do_apply,3,[{file,“proc_lib.erl”},{line,329}]}]}, ancestors: [application_controller,<0.10.0>], message_queue_len: 1, messages: [{‘EXIT’,<0.3815.0>,normal}], links: [<0.3325.0>], dictionary: , trap_exit: true, status: running, heap_size: 376, stack_size: 29, reductions: 171; neighbours:
2025-12-03T13:56:20.972725+08:00 [error] crasher: initial call: application_master:init/3, pid: <0.3471.0>, registered_name: , exit: {{{shutdown,{failed_to_start_child,emqx_machine_boot,{‘EXIT’,terminating}}},{emqx_machine_app,start,[normal,]}},[{application_master,init,3,[{file,“application_master.erl”},{line,143}]},{proc_lib,init_p_do_apply,3,[{file,“proc_lib.erl”},{line,329}]}]}, ancestors: [application_controller,<0.10.0>], message_queue_len: 1, messages: [{‘EXIT’,<0.3472.0>,normal}], links: [<0.3325.0>], dictionary: , trap_exit: true, status: running, heap_size: 233, stack_size: 29, reductions: 95; neighbours:
Kernel pid terminated (application_controller) (“{application_start_failure,emqx,{bad_return,{{emqx_app,start,[normal,]},{‘EXIT’,{{failed_to_start,“wss:default(0.0.0.0:8084) : no_cert”},[{emqx_listeners,‘-foreach_listeners/1-fun-0-’,2,[{file,“emqx_listeners.erl”},{line,817}]},{lists,foreach_1,2,[{file,“lists.erl”},{line,2310}]},{emqx_app,maybe_start_listeners,0,[{file,“emqx_app.erl”},{line,82}]},{emqx_app,start,2,[{file,“emqx_app.erl”},{line,35}]},{application_master,start_it_old,4,[{file,“application_master.erl”},{line,295}]}]}}}}}”)

改成解决路径了
[root@ecs-296802 ~]# emqx console
WARNING: Default (insecure) Erlang cookie is in use.
WARNING: Configure node.cookie in /etc/emqx/emqx.conf or override from environment variable EMQX_NODE__COOKIE
WARNING: NOTE: Use the same cookie for all nodes in the cluster.
Erlang/OTP 27 [erts-15.2] [emqx] [64-bit] [smp:8:8] [ds:8:8:8] [async-threads:4] [jit:ns]

2025-12-03T14:13:04.694361+08:00 [error] msg: max_connections_clamped_by_system_limit, system_limit: 65535, ignored: 1024000, applied: 65535
Listener tcp:default on 0.0.0.0:1883 started.
2025-12-03T14:13:04.697696+08:00 [error] msg: max_connections_clamped_by_system_limit, system_limit: 65535, ignored: 1024000, applied: 65535
Listener ssl:default on 0.0.0.0:8883 started.
Listener ws:default on 0.0.0.0:8083 started.
Listener wss:default on 0.0.0.0:8084 started.

=====================================================================
You are currently using the EMQX Community License included with this software.
Permitted Use: Free use of a single node in your internal environment.
What Requires a Different License:

Clustered deployments (more than one node).
Commercial use in SaaS, hosted services, or embedded/resold products.
To enable clustering or use EMQX for external commercial purposes, a commercial license is required.
Visit Apply for EMQX Enterprise License for Free to apply for a license.
(Clustering for non-profit or educational purposes may qualify for a free license - please inquire via the link above)
=====================================================================
Listener http:dashboard on :18083 started.
EMQX Enterprise 5.9.1 is running now!
Restricted Eshell V15.2 (press Ctrl+G to abort, type help(). for help)
e5.9.1(emqx@127.0.0.1)1>
修改成绝对地址，好了。太感谢了