emqx v5版本 wss连接不上

错误报告

[error] supervisor: ‘esockd_connection_sup - <0.2229.0>’, errorContext: connection_shutdown,
reason: {ssl_error,{options,{cacertfile,“etc/certs/rootCA.crt”,{error,enoent}}}},
offender: [{pid,<0.2799.0>},{name,connection},{mfargs,{emqx_connection,start_link,
[#{enable_authn => true,limiter => #{bytes_in => #{capacity => 1099511627776,initial => 0,rate => infinity},client =>
#{bytes_in => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,low_watermark => 0,
max_retry_time => 10000,rate => infinity},connection => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,
low_watermark => 0,max_retry_time => 10000,rate => infinity},
message_in => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,
low_watermark => 0,max_retry_time => 10000,rate => infinity},
message_routing => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,
low_watermark => 0,max_retry_time => 10000,rate => infinity}},connection => #{capacity => 1000,initial => 0,
rate => 100.0},message_in => #{capacity => 1099511627776,initial => 0,rate => infinity},
message_routing => #{capacity => 1099511627776,initial => 0,rate => infinity}},listener => {ssl,default},zone => default}]}}]

2023-02-21T13:46:57.797562+08:00 [error] supervisor: ‘esockd_connection_sup - <0.2229.0>’, errorContext: connection_shutdown, reason: {ssl_error,{options,{cacertfile,“etc/certs/rootCA.crt”,{error,enoent}}}}, offender: [{pid,<0.2799.0>},{name,connection},{mfargs,{emqx_connection,start_link,[#{enable_authn => true,limiter => #{bytes_in => #{capacity => 1099511627776,initial => 0,rate => infinity},client => #{bytes_in => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 10000,rate => infinity},connection => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 10000,rate => infinity},message_in => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 10000,rate => infinity},message_routing => #{capacity => 1099511627776,divisible => false,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 10000,rate => infinity}},connection => #{capacity => 1000,initial => 0,rate => 100.0},message_in => #{capacity => 1099511627776,initial => 0,rate => infinity},message_routing => #{capacity => 1099511627776,initial => 0,rate => infinity}},listener => {ssl,default},zone => default}]}}]

环境

  • EMQX 版本:v5
  • 操作系统版本:ubuntu
    安装官网openssl 例子操作
    屏幕截图 2023-02-21 143054
    重启了emqx 服务 wss 始终连接不上

看日志报错是找不到你配置的 cacertfile 文件,可以看到错误原因是 {enoent}

后面接下里的 wss继续链接还是不行 但日志中没有这些错误了 CA证书的按官网demo走的

你可以确认下你配置的路径是否正确。

路径没错

看了下日志中报错的路径是 etc/certs/rootCA.crt,你配置文件是修改的 etc/emqx.conf 还是 data/configs/cluster-override.conf

etc/emqx.conf

看起来是你的配置并没有生效,你是不是之前通过 Dashboard 更新过 Listener 的配置。这两种配置方式在同一个功能中目前不能同时使用,具体可以看下 配置文件简介

解决方法是你可以改成在 data/configs/cluster-override.conf 文件中配置,或者把这个文件中监听器的配置清空继续在 emqx.conf 中配置。

好的 我试试

清空监听器 用emqx.conf wss还是不行

还是一模一样的错误吗?

对 还是一样链接不上wss

看一下你的 emqx.conf 和 cluster-override.conf?

## NOTE:
## Configs in this file might be overridden by:
## 1. Environment variables which start with 'EMQX_' prefix
## 2. File $EMQX_NODE__DATA_DIR/configs/cluster-override.conf
## 3. File $EMQX_NODE__DATA_DIR/configs/local-override.conf
##
## The *-override.conf files are overwritten at runtime when changes
## are made from EMQX dashboard UI, management HTTP API, or CLI.
## All configuration details can be found in emqx.conf.example

node {
  name = "emqx@127.0.0.1"
  cookie = "emqxsecretcookie"
  data_dir = "/var/lib/emqx"
}

log {
  file_handlers.default {
    level = emergency
    file = "/var/log/emqx/emqx.log"
  }
}

cluster {
  name = emqxcl
  discovery_strategy = manual
}


listeners.tcp.default {
  bind = "0.0.0.0:1883"
  max_connections = 1024000
}

listeners.ssl.default {
  bind = "0.0.0.0:8883"
  max_connections = 512000
  ssl_options {
    keyfile = "/etc/certs/server.key"
    certfile = "/etc/certs/server.crt"
    cacertfile = "/etc/certs/rootCA.crt"
    verify = verify_none
    password = admin123
  }
}

listeners.ws.default {
  bind = "0.0.0.0:8083"
  max_connections = 1024000
  websocket.mqtt_path = "/mqtt"
}

listeners.wss.default {
  bind = "0.0.0.0:8084"
  max_connections = 512000
  websocket.mqtt_path = "/mqtt"
  ssl_options {
    keyfile = "/etc/certs/server.key"
    certfile = "/etc/certs/server.crt"
    cacertfile = "/etc/certs/rootCA.crt"
    verify = verify_none
    password = admin123
  }
}

# listeners.quic.default {
#  enabled = true
#  bind = "0.0.0.0:14567"
#  max_connections = 1024000
#  keyfile = "/etc/emqx/certs/key.pem"
#  certfile = "/etc/emqx/certs/cert.pem"
#}

dashboard {
    listeners.http {
        bind = 18083
    }
    default_username = "admin"
    default_password = "public"
}

authorization {
  deny_action = ignore
  no_match = allow
  cache = { enable = true }
  sources =  [
    {
      type = mysql
      enable = true
      database = "mqtt"
      username = "emqx"
      password = "public"
      server = "127.0.0.1:3361"
      query = "SELECT permission, action, topic FROM mqtt_acl WHERE username = ${username}"
    }

  ]
}
authentication = [
  {
    backend = "mysql"
    database = "mqtt_user"
    enable = true
    mechanism = "password_based"
    password = "public"
    password_hash_algorithm {name = "sha256", salt_position = "disable"}
    pool_size = 8
    query = "SELECT password_hash FROM mqtt_user where username = ${username} LIMIT 1"
    query_timeout = "5s"
    server = "127.0.0.1:3361"
    ssl {
      ciphers = []
      depth = 10
      enable = false
      reuse_sessions = true
      secure_renegotiate = true
      user_lookup_fun = "emqx_tls_psk:lookup"
      verify = "verify_peer"
      versions = ["tlsv1.3", "tlsv1.2", "tlsv1.1", "tlsv1"]
    }
    username = "emqx"
  },
  {
    algorithm = "sha256"
    backend = "built_in_database"
    mechanism = "scram"
  }
]
authorization {
  cache {enable = true}
  deny_action = "ignore"
  no_match = "allow"
  sources = []
}
listeners {
  ssl {
    default {
      bind = "0.0.0.0:8883"
      max_connections = 512000
      ssl_options {
        cacertfile = "/etc/certs/rootCA.crt"
        certfile = "/etc/certs/server.crt"
        keyfile = "/etc/certs/server.key"
        password = "admin123"
        verify = "verify_none"
      }
    }
  }
  tcp {
    default {bind = "0.0.0.0:1883", max_connections = 1024000}
  }
  ws {
    default {
      bind = "0.0.0.0:8083"
      max_connections = 1024000
      websocket {mqtt_path = "/mqtt"}
    }
  }
  wss {
    default {
      bind = "0.0.0.0:8084"
      enabled = false
      max_connections = 512000
      ssl_options {
        cacertfile = "/etc/certs/rootCA.crt"
        certfile = "/etc/certs/server.crt"
        keyfile = "/etc/certs/server.key"
        password = "admin123"
        verify = "verify_none"
      }
      websocket {mqtt_path = "/mqtt"}
    }
  }
}
log {
  console_handler {
    burst_limit {
      enable = true
      max_count = 10000
      window_time = "1s"
    }
    chars_limit = "unlimited"
    drop_mode_qlen = 3000
    enable = true
    flush_qlen = 8000
    formatter = "json"
    level = "emergency"
    max_depth = 100
    overload_kill {
      enable = true
      mem_size = "30MB"
      qlen = 20000
      restart_after = "5s"
    }
    single_line = true
    supervisor_reports = "error"
    sync_mode_qlen = 100
    time_offset = "system"
  }
  file_handlers {
    default {
      burst_limit {
        enable = true
        max_count = 10000
        window_time = "1s"
      }
      chars_limit = "unlimited"
      drop_mode_qlen = 3000
      enable = true
      file = "/var/log/emqx/emqx.log"
      flush_qlen = 8000
      formatter = "json"
      level = "emergency"
      max_depth = 100
      max_size = "50MB"
      overload_kill {
        enable = true
        mem_size = "30MB"
        qlen = 20000
        restart_after = "5s"
      }
      rotation {count = 10, enable = true}
      single_line = true
      supervisor_reports = "progress"
      sync_mode_qlen = 100
      time_offset = "system"
    }
  }
}

你看下 configs 目录下有 local-override.conf 文件吗?

没有

这个显示是etc/certs/rootCA.crt 的文件不存在。但是看你的etc/emqx.conf 配置是/etc/certs/rootCA.crt ,比日志里面多了一个/ 。感觉不太对劲。

你把data/configs/*.conf 删除掉。
然后关闭,用emqx console 启动,
输入 emqx_conf:get([listeners,wss]).
看看是什么结果。

好 我试试看

image
l里面的全删了 停止不了

这个是测试环境么,直接把这个PID kill 掉吧。