mosquitto icon indicating copy to clipboard operation
mosquitto copied to clipboard
verified publisher icon eclipse

Default installation of broker fails, connection refused, does not listen on any address but 127.0.0.1? Does this make sense?

Open Nodi-Rubrum opened this issue 4 years ago • 3 comments

Default installation of broker fails, connection refused, does not listen on any address but 127.0.0.1? Does this make sense? This was just recently discovered, this is not the past default behavior?

Documentation on how to enable listening to specific ip address is not easy to find, nor is how to setup anonymous accepting broker, which as past default behavior?

Nodi-Rubrum avatar Mar 02 '21 18:03 Nodi-Rubrum

Where would you have expected to find this documented? It's difficult to know where people look first.

The changes and reasoning are described on this documentation page: https://mosquitto.org/documentation/migrating-to-2-0/

ralight avatar Mar 02 '21 19:03 ralight

I agree with Nodi 100 percent! This update might technically be a good idea but in practice it is a disaster. The documentation hints at various rabbit holes such as "root should not start Mosquitto", to ACL lists, SSL, TLS, certificates etc all with a huge learning curve. Without some key examples and solutions the only fix is a bad one... Turn on anonymous usage which in effect allows anyone on the network to use MQTT without user/pass. In practice, security has NOT be increased... it has been removed.

Going back to version 1.x might work, but an annoyance on the Raspberry Pi is that frequent update/upgrades will again install Mosquitto 2.x The ultimate solution is better documentation on how to deal with this "upgrade".

swilson86 avatar Mar 16 '21 17:03 swilson86

Where would you have expected to find this documented? It's difficult to know where people look first.

The logs should mention the bind address, so instead of:

Opening ipv4 listen socket on port 1883

it could instead, more helpfully say:

Opening ipv4 listen socket on port 127.0.0.1:1883

The other places I'd expect to see it is anywhere there are usage examples, perhaps:

  1. GitHub README.md "Quick Start" section
  2. Docker Hub "How to use this image" section. Typically containers are expected to provide basic functionality once ports are published. -p 1883:1883 should be all that's needed. As it stands, without providing configuration, the daemon is inaccessible beyond the bounds of the container.

ian-llewellyn avatar Oct 17 '25 20:10 ian-llewellyn