emqx连接问题，一直抛出类似的问题

hwww · 2024 年6 月 5 日 08:43

2024-06-02T22:02:30.865141+00:00 [error] supervisor: ‘esockd_connection_sup - <0.6501.0>’, errorContext: connection_shutdown, reason: {ssl_error,{tls_alert,{insufficient_security,“TLS server: In state hello at tls_handshake.erl:348 generated SERVER ALERT: Fatal - Insufficient Security\n no_suitable_ciphers”}}}, offender: [{pid,<0.10597.1>},{name,connection},{mfargs,{emqx_connection,start_link,[#{enable_authn => true,limiter => #{client => #{messages => #{burst => 0,divisible => true,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 3600000,rate => 400.0}},connection => #{burst => 0,initial => 0,rate => 40.0}},listener => {ssl,default},zone => default}]}}]
2024-06-03T02:30:04.880759+00:00 [warning] msg: unexpected_api_access, mfa: emqx_dashboard_not_found:init/2, line: 25, request: #{bindings => #{},body_length => 0,cert =>undefined,has_body => false,headers => #{<<“accept-encoding”>> => <<“gzip”>>,<<“connection”>> => <<“close”>>,<<“host”>> => <<“47.106.10.204:31071”>>,<<“user-agent”>> => <<“Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)”>>},host => <<“47.106.10.204”>>,host_info => undefined,method => <<“GET”>>,path => <<“/favicon.ico”>>,path_info => undefined,peer => {{171,30,0,5},52935},pid => <0.3694.2>,port => 31071,qs => <<>>,ref => ‘http:dashboard’,scheme => <<“http”>>,sock => {{171,30,7,127},18083},streamid => 1,version => ‘HTTP/1.1’}
2024-06-04T02:30:33.265826+00:00 [error] supervisor: ‘esockd_connection_sup - <0.6501.0>’, errorContext: connection_shutdown, reason: {ssl_error,{tls_alert,{handshake_failure,“TLS server: In state certify at tls_dtls_connection.erl:315 generated SERVER ALERT: Fatal - Handshake Failure\n no_client_certificate_provided”}}}, offender: [{pid,<0.10973.6>},{name,connection},{mfargs,{emqx_connection,start_link,[#{enable_authn => true,limiter => #{client => #{messages => #{burst => 0,divisible => true,failure_strategy => force,initial => 0,low_watermark => 0,max_retry_time => 3600000,rate => 400.0}},connection => #{burst => 0,initial => 0,rate => 40.0}},listener => {ssl,default},zone => default}]}}]

blankalupo · 2024 年6 月 5 日 08:44

你使用的是哪个版本的 EMQX? 是怎么部署的

hwww · 2024 年6 月 5 日 08:46

5.1.6版本，手动集群方式部署了两个emqx服务

hwww · 2024 年6 月 5 日 08:46

配置文件

NOTE:

This config file overrides data/configs/cluster.hocon,

and is merged with environment variables which start with ‘EMQX_’ prefix.

Config changes made from EMQX dashboard UI, management HTTP API, or CLI

are stored in data/configs/cluster.hocon.

To avoid confusion, please do not store the same configs in both files.

See Configuration Files | EMQX 5.0 Docs for more details.

Configuration full example can be found in etc/examples

node {
name = “emqx@127.0.0.1”
cookie = “emqxsecretcookie”
data_dir = “data”
global_gc_interval = 5m
}

log {
file_handlers.default {
level = warning
file = “log/emqx.log”
}
}

cluster {
name = emqxcl
discovery_strategy = manual
}

dashboard {
listeners.http {
bind = 18083
}
}

listeners {
ssl {
default {
acceptors = 16
access_rules = [“allow all”]
bind = “[::]:8883”
enable = true
enable_authn = true
max_conn_rate = “400/s”
max_connections = infinity
messages_rate = “4000/s”
mountpoint = “”
proxy_protocol = false
proxy_protocol_timeout = 3s
ssl_options {
cacertfile = “${EMQX_ETC_DIR}/certs/cacert.pem”
certfile = “${EMQX_ETC_DIR}/certs/cert.pem”
ciphers = [“ECDHE-RSA-AES256-GCM-SHA384”]
client_renegotiation = true
depth = 10
enable_crl_check = false
fail_if_no_peer_cert = true
gc_after_handshake = true
handshake_timeout = 15s
hibernate_after = 5s
honor_cipher_order = true
keyfile = “${EMQX_ETC_DIR}/certs/key.pem”
log_level = notice
ocsp {
enable_ocsp_stapling = false
refresh_http_timeout = 15s
refresh_interval = 5m
}
reuse_sessions = true
secure_renegotiate = true
verify = verify_peer
versions = [tlsv1.2]
}
tcp_options {
active_n = 100
backlog = 1024
buffer = 4KB
high_watermark = 1MB
keepalive = none
nodelay = true
reuseaddr = true
send_timeout = 15s
send_timeout_close = true
}
}
}

tcp {
default {
acceptors = 16
access_rules = [“allow all”]
bind = “[::]:1883”
max_conn_rate = “400/s”
messages_rate = “4000/s”
enable = true
enable_authn = true
max_connections = infinity
mountpoint = “”
proxy_protocol = false
proxy_protocol_timeout = 3s
tcp_options {
active_n = 100
backlog = 1024
buffer = 4KB
high_watermark = 1MB
keepalive = none
nodelay = true
reuseaddr = true
send_timeout = 15s
send_timeout_close = true
}
}
}
}

blankalupo · 2024 年6 月 5 日 10:10

建议使用 5.6 以上版本，5.x 早期版本并不稳定

hwww · 2024 年6 月 6 日 01:37

这个问题具体是什么导致的呀，是网络问题导致的，还是配置的密码套件缺少的问题

blankalupo · 2024 年6 月 6 日 01:45

这个不太能确定，你的 SSL 和 Dashboard 都有异常报错，感觉你的环境似乎不太对