New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Could not connect to broker.netmaker.domain.tld #1186
Comments
Are you using Traefik as the proxy? What install instructions are you following? |
I followed the instructions provided here: https://docs.netmaker.org/quick-start.html, it uses Caddyfile. |
The same problem. My mosquitto server listen on 8883 port on public ip without any proxy(Traefik or Nginx) before mosquitto.
port check on client is ok
/etc/mosquitto/conf.d/custom.conf
netmaker server
Netmaker 0.14.2 Netmaker server OS: Debian 11 |
i went though similar setup issues. if you're still having this issue or using the same setup. i never used caddy but i found it to be lacking some configuration that were listed in the rest of the setup guides so to be cautious i ditched the caddy setup. try the following: FYI i am using my own nginx server providing ssl and reverse proxy infront of entire netmaker docker-compose setup and it works withe a little tweaking (and coffee)
When it works Netmaker is awesome... but i guess it's not easy to keep so many guides up to date and address all tweaks users employ per use case. |
In my case I have updated openssl from 1.1.1n to 3.0.2 15. I think Openssl version is important. The problem is gone! Debian 11
Broker logs
Ubuntu 22.04 LTS. Broker works well. Netmaker certs was recreated again too but it is not necessary maybe.
Broker logs
|
I am able a netmaker installation based on the quick guide (https://docs.netmaker.org/quick-start.html) which now uses traefik instead of Caddy by default seems to work nicely with no issue. I have tested a reasonably complex combination of devices, machines and containers behind NAT under multiple networks, and they seem to work fine. I am using the netmaker version v0.14.2 I believe this issue can be closed unless there are some outstanding issues. Thanks again for promptly looking into the issue. |
I'm using 0.14.3. I think I had this same issue, which I think might be the same as #1100, and can be debugged with this gist. I am using a combination of traefik and contained docker-compose files. My steps were:
On the node, I saw |
@Nexxus-LMT, would you mind sharing your nginx configuration? My netclient doesn't connect to "broker.netmaker.mydomain.com:443" (it shows the "unable to connect to broker, retrying ..." error), but what I find strange is that I don't even see the requests in the nginx-proxy log. Thanks in advance! |
I changed the MQ_PORT variable from "443" to "8883" and opened port 8883 to any and now it works. I thought this was changed so that mq can use 443 as well. 🤷♂️ |
MQ always uses port 8883 (and internally 1883). The recommended setup with traefik proxies mqtts traffic from 443 to 8883. In this case clients connect to the broker.:443 but traefik proxies the connection to :8883. |
Thx @mattkasun, that was I was trying to achieve, but for some reason it seems netclient doesn't even try to connect to port 443 (I don't see anything going to broker in the nginx-proxy logs, although I see traffic to "api..."). If I change my MQ_PORT environment variable back to 443, and proxy broker:443 to :8883, I see this on the netclient side:
Would you know what might be happening? |
Netclient is trying to reach the broker at port 443 but is unable to connect. Check the nginx and mq logs on server |
In the nginx logs I haven't seen any logs (neither 200, nor 404, nor 503), which is very strange.. After spending a lot of time trying to make it work, I ended up using a new IP dedicated to netmaker so I could use traefik listening on port 443 without going through nginx-proxy. Now it works without problems. Thank you very much for your help, @mattkasun! |
What happened?
Installation works fine and is able to create network and key but cannot add nodes to the network. It continues to complain that cannot connect to the broker. Although the *.netmaker.{{domain}} is forwarded correctly, which is required for the acme certificate anyway. I can ping the master node where I have installed netmaker but not the peers. Also cannot ssh to the master node even if I can ping and ufw shows the open port.
The ufw ports are open on the server and client as well:
To Action From
443/tcp ALLOW Anywhere
53/udp ALLOW Anywhere
53/tcp ALLOW Anywhere
51821:51830/udp ALLOW Anywhere
8883/tcp ALLOW Anywhere
22/tcp ALLOW Anywhere
443/tcp (v6) ALLOW Anywhere (v6)
53/udp (v6) ALLOW Anywhere (v6)
53/tcp (v6) ALLOW Anywhere (v6)
51821:51830/udp (v6) ALLOW Anywhere (v6)
8883/tcp (v6) ALLOW Anywhere (v6)
22/tcp (v6) ALLOW Anywhere (v6)
Here is the dashboard image. It seems to recognize the devices and get the right ip addresses but cannot ping the
Version
v0.14.2
What OS are you using?
Linux
Relevant log output
[netclient] 2022-06-05 16:15:24 joining default-net at api.netmaker.{{domain}}:443 [netclient] 2022-06-05 16:15:24 starting wireguard [netclient] 2022-06-05 16:15:27 certificates/key saved [netclient] 2022-06-05 16:15:57 unable to connect to broker, retrying ... Ping tcp://broker.netmaker.{{domain}}:8883({{ip_address}}:8883) - Connected - time=131.885665ms Ping tcp://broker.netmaker.{{domain}}:8883({{ip_address}}:8883) - Connected - time=190.40443ms Ping tcp://broker.netmaker.{{domain}}:8883({{ip_address}}:8883) - Connected - time=130.113114ms [netclient] 2022-06-05 16:16:01 could not connect to broker broker.netmaker.{{domain}} connect timeout [netclient] 2022-06-05 16:16:01 connection issue detected.. attempt connection with new certs and broker information [netclient] 2022-06-05 16:16:01 certificates/key saved [netclient] 2022-06-05 16:16:33 could not connect to broker at broker.netmaker.{{domain}}:8883 [netclient] 2022-06-05 16:16:33 failed to publish update for join connection timeout
Contributing guidelines
The text was updated successfully, but these errors were encountered: