Mosquitto: In default mosquitto.conf, add a listener on port 1883 #4133
Comments
|
Probably something like this could be documented on our online docs https://dietpi.com/docs/software/hardware_projects/#mosquitto |
|
Relevant for Bullseye: https://packages.debian.org/mosquitto Jep we should definitely set it up with a default port, that simply matches the previous default, IMO. Any preference about whether to allow anonymous/unauthenticated access by default or setting it up with username and password (via |
|
Mosquitto was working no problem on version DietPi 6.34 upgraded to 7.0.2 this morning and it stopped working. No service running and would not start, so I had to reinstall Mosquitto and that got the service running but then no connections. Until I read this and put |
|
Which system are you using? RPi or other, Buster or Bullseye? |
It's on an RPi 3B+ Buster. |
|
Very strange, as Unbound runs on a very different port, and it would be too much coincidence when Mosquitto would listen/bind to port 5335 by default, when none is set. However, it does not hurt and is probably a good idea anyway to set the port on every distro version, even if it's only to expose that option transparently. |
+ DietPi-Software | Mosquitto: Since the Bullseye suite of the official repository does not yet exist, use Buster instead + DietPi-Software | MPD: Simplify systemd service runtime directory creation by using the RuntimeDirectory setting + DietPi-Software | Mosquitto: Restore pre-v2.0 behaviour by explicitly adding the port 1883 listener without IP binding, as by default it now binds to the loopback IP: #4133 + DietPi-Software | Mosquitto: Restore pre-v2.0 behaviour by explicitly allowing anonymous client connections. We might switch to a user+password authenticated default, using the global software password, but for now restoring the previous default should be fine. + DietPi-Software | Mosquitto: Always use our own systemd unit, which allows us to simplify and align it with other units we ship. + DietPi-Software | Mosquitto: Disable PID and log file, both not required when using the systemd unit as it can track the service status directly and logs can be viewed via journalctl then. This allows to simplify the systemd unit and start it as mosquitto user directly, instead of having the daemon forking itself as mosquitto user. + DietPi-Software | Mosquitto: Do not automatically restart the service on failure. Generally we think that a failed service has a reason that should be recognised and investigated ASAP before starting it again, whether it is OOM failure, filesystem/database corruption or a DDoS attack and such things, where an automatic restart might cause further damage. When services restart automatically (up to five times by default in a certain time), they do not only mess logs, making debugging difficult, but also as the service can stay up, an urgent reason for the crash might be recognised with much delay. When a service is that important that it must stay even when the server is running into troubles that lead to service crashes, then this should be configured only manually by admins that do know what they do.
|
I'll go with a password file. It makes sense to not allow unauthenticated remote requests by default. Any preferences on the username? |
|
Personally I would vote for user |
|
In case of qBittorrent its necessary as the login user is the UNIX user, which is quite uncommon otherwise. But there are other cases. Would be actually nice to have this aligned, either "dietpi" or the application name. Most importantly, "root" and "admin" should be avoided (also for this we have cases) to make it not too easy for brute-force attacks 😉. |
In this case, let's auto generate users per per installation individually 🤣 |
Would be the safest option, although then better leave remote requests disabled by default 😄. But seriously, it's crazy how many bots try to login via the non-existing "admin" account on our Wordpress instance. Actually nice would be to have a "global software user", similarly like the global software password. For ownCloud/Nextcloud, we have a But, to not mix too many changes together, "dietpi" or "mosquitto" will do for now 😄. |
MichaIng
added
Solution available 🥂
+ DietPi-Software | Mosquitto: Since the Bullseye suite of the official repository does not yet exist, use Buster instead + DietPi-Software | Mosquitto: Restore pre-v2.0 behaviour by explicitly adding the port 1883 listener without IP binding, as by default it now binds to the loopback IP: #4133 + DietPi-Software | Mosquitto: Instead of restoring pre-v2.0 behaviour on anonymous requests, enable authenticated requests via password file by default, using username "mosquitto" and global software password. + DietPi-Software | Mosquitto: Always use our own systemd unit, which allows us to simplify and align it with other units we ship. + DietPi-Software | Mosquitto: Disable PID and log file, both not required when using the systemd unit as it can track the service status directly and logs can be viewed via journalctl then. This allows to simplify the systemd unit and start it as mosquitto user directly, instead of having the daemon forking itself as mosquitto user. + DietPi-Software | Mosquitto: Do not automatically restart the service on failure. Generally we think that a failed service has a reason that should be recognised and investigated ASAP before starting it again, whether it is OOM failure, filesystem/database corruption or a DDoS attack and such things, where an automatic restart might cause further damage. When services restart automatically (up to five times by default in a certain time), they do not only mess logs, making debugging difficult, but also as the service can stay up, an urgent reason for the crash might be recognised with much delay. When a service is that important that it must stay even when the server is running into troubles that lead to service crashes, then this should be configured only manually by admins that do know what they do. + DietPi-Software | MPD: Simplify systemd service runtime directory creation by using the RuntimeDirectory setting + DietPi-Software | ownCloud/Nextcloud: Instead of "<omitted>", show "XXXX" as replacement for passwords during CLI install with the amount of Xes matching the length of the password
Creating a feature request
Is your feature request related to a problem? Please describe:
Describe the solution you'd like:
Describe alternatives you've considered:
The text was updated successfully, but these errors were encountered: