Flask-MQTT disconnects after 'Socket error on client unknown' while running on uWSGI NGINX
Alright, it turns I could've read that the whole multiple processes wouldn't work from the start at the official Flask-MQTT documentation. It sais right there in think letters:
Flask-MQTT is currently not suitable for the use with multiple worker
instances.
So I looked at my uwsgi app.ini
file again closely and actually the answer is quite simple. I turned out i had a like in there master = true
.. after I removed that it works like a charm.
Socket error on client clientid, disconnecting
Apparently there was an exception thrown by client during subscription and the client was trying to reconnect with the same id. Hence the socket error. Fixing the cause of exception fixed the issue.
Mosquitto 2.0.14 MQTT with TLS1.2 connection issues Client unknown disconnected due to malformed packet
Here is a basic setup to get you started. I created the certificates in the same way you did (I usually use certstrap for this due to its ease of use):
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt
openssl genrsa -out mosquitto.key 2048
openssl req -new -key mosquitto.key -out mosquitto.csr
openssl x509 -req -in mosquitto.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out mosquitto.crt -days 3650 -sha256
When generating mosquitto.csr
I gave it the CN (Common Name) 127.0.0.1
. Basic mosquitto.conf
:
log_type all
# Don't do the below in production (it allows anyone to connect with no auth)
allow_anonymous true
listener 8883
keyfile /path/mosquitto.key
certfile /path/mosquitto.crt
After starting mosquitto (I did this in the console using mosquitto -c ./mosquitto.conf
) I then ran:
mosquitto_sub -h 127.0.0.1 -p 8883 --cafile ./ca.crt -t sensors/drone01/altitude -d
This successfully connected:
Client null sending CONNECT
Client null received CONNACK (0)
Client null sending SUBSCRIBE (Mid: 1, Topic: sensors/drone01/altitude, QoS: 0, Options: 0x00)
Client null received SUBACK
Subscribed (mid: 1): 0
This does not use client certificates for authentication but it does check that the server name matches the CN in the certificate (try changing 127.0.0.1
to localhost
). If your cert does not have the correct CN you would need the --insecure
option).
Now that TLS is working lets add the requirement for the client certificate. Technically I could use the same certificate as above but that could be confusing so I'll generate a new one (in production I would use a different CA for this):
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 3650 -sha256
Now we update the mosquitto.conf
:
log_type all
listener 8883
keyfile /path/mosquitto.key
certfile /path/mosquitto.crt
# We want to require a client certificate
require_certificate true
# This CA is used to verify the client certificate (it need not be the one used for the above mosquitto.crt)
cafile /path/ca.crt
# As we are passing a certificate we can choose to use the certificate CN as out username (removing need for allow_anonymous)
use_identity_as_username true
If you try connecting using the mosquitto_sub
parameters used above it should now fail but the following works (or did when I tested it):
mosquitto_sub -h 127.0.0.1 -p 8883 --cafile ./ca.crt --cert ./client.crt --key ./client.key -t sensors/drone01/altitude -d
mosquitto 1.4 - once running with ACL enabled, gets Socket error on client unknown, disconnecting
1429857949: Sending CONNACK to 127.0.0.1 (0, 5)
CONNACK return code of 5 means the connection was not authorised. If it
works with allow_anonymous=true, then it sounds like your client isn't
sending a username / or isn't sending a correct username&password.
It looks like you have a Paho Python client running.
Related Topics
Setjmp and Longjmp - Understanding with Examples
Return Values from Bash Script
System Calls: Difference Between Sys_Exit(), Sys_Exit and Exit()
Finding Directories with Find in Bash Using a Exclude List
Git - Crlf Issue in Windows + Linux Dual Boot
Convert Object File to Another Architecture
How to Run .Exe Executable File from Linux Command Line
Sqlite Data File on Linux and Os X Incompatible
Mono and Unmanaged Code in Ubuntu
Using Inotify in a Script to Monitor a Directory
Better Way to Check Linux Version
Why Isn't Git Bash Transforming The Path to *Nix Notation for My Python Installation
What Special Meaning Does an Equal-Sign Have in Zsh
Ubuntu "E: Unable to Locate Package MySQL "
Git Clone Gnutls Recv Error (-9): a Tls Packet with Unexpected Length Was Received
How to Copy from Tmux (Copy Mode) Running on a Remote Ssh Connection to Your Local Clipboard