I have created a mobile application which uses secure MQTT (8883) for communication, however it looks like port 8883 is blocked by many ISP and networks.
I had read some blogs which recommend using 443 in such cases, however I am not sure if that really would solve the issue. What are the disadvantages in changing the default Secure MQTT port (8883) to 443. Can someone share their feedback in using port 443 for MQTT ?
Note: I am using EMQ MQTT (emqtt) broker with Paho MQTT client.
The list of recognised ports are there to help ensure that you can run multiple services in their default configuration on a machine without them clashing, as a rule they do not actually effect how the service runs.
With some very well used protocols (e.g. HTTP and HTTPS) network administrators may make assumptions about.
Just moving the port for native MQTT (with TLS) from 8883 to 443 to get round port blocking by networks(*) probably won't actually solve the problem. This is because the types of network that deploy these types of firewall settings also tend to conduct transparent proxying.
If you want a solution that will work even in the worst of cases then running MQTT over Secure Websockets (which is bootstrapped from HTTPS) is probably your best bet. Most of the Paho client library implementations (you don't say which you are using so can say for sure) support both native MQTT and MQTT over Websockets these days and can be given a list of broker URIs so once the broker is set up to support both you can try to connect via native MQTT then fall back to MQTT over Websockets if the connection fails.
Related
i know there are lots of similar questions about but no one help me.
I have a linux server running nginx reverse proxy in docker, a duckdns domain created,opened my router port 80 and 443. I can't access from outside with my domain name or public ip, it seems like my router refuses external request. I tried with lots of configuration, follow lots of guides on web... I get crazy to solve this problem.
I think problem is before nginx, so i not post my nginx conf. If can help, I will post it.
Hope someone can help me. Thank you so much
There are several things that could be causing the issue with your router refusing external requests. Here are a few things to check:
Make sure that your router's firewall is configured to allow incoming connections on ports 80 and 443. Some routers have a built-in firewall that needs to be configured to allow traffic through specific ports.
Confirm that your router is properly forwarding incoming requests to the correct IP address and port on your network. This is typically done through a feature called port forwarding.
Check your router's security settings to ensure that it is not blocking incoming requests based on the source IP address or domain name. Some routers have the option to block incoming requests from specific IP addresses or domain names.
Confirm that your Linux server is properly configured to handle incoming requests. This includes checking that your Nginx reverse proxy is running and properly configured to forward requests to the correct IP address and port.
Verify that your DNS is pointing to the right IP address, you can use online tools like https://www.whatsmydns.net/ to check this.
Check if your router have any VPN or proxy service enabled, which could be affecting the incoming request.
Check if your ISP is blocking incoming connection to your public IP address.
It's also possible that there might be a problem with your router's firmware or hardware, in that case, you may need to contact the manufacturer for further assistance.
I have a server and I am using Ubuntu 20.04, nginx , mosquitto and node-red and docker , let's call the website http://mywebsite.com. The problem that I am facing that I have created a client lets call it client1 in docker so the URL will be http://mywebsite.com/client1
and I want to establish an MQTT connection via mosquitto and I'm sending the data on topic test
The problem that on node red node of MQTT when I write the IP address of my mosquitto container it works
But if I change the IP address 192.144.0.5 with mywebsite.com/client1 I can't connect to mosquitto and I can't send or receive any form of data
any idea on how to solve this problem
OK, you are going to have several problems here.
You can not do path based proxying with MQTT. If you want to have multiple MQTT brokers (1 per client) bound to a single public facing domain/IP address then they are all going to have to run on separate ports (other than the default 1883).
Nginx can do MQTT protocol proxying (e.g. like this), so you can use this to expose the different ports and forward them to the separate instances of mosquitto, but even if you had a different hostname (all pointing at the same IP address) nginx has no way to know which host name was used because there is no equivalent to the HOST HTTP header to direct it. If you were to use MQTT with TLS then you may be able to get it to work with SNI, but I've never seen anybody do that yet (possible docs for SNI based routing here) It works, explanation about how to do it here.
If you use MQTT over Websockets then you should be able to use hostname based routing.
Path based proxying for Node-RED currently doesn't work properly if you enable admin authentication, because the admin auth tokens are currently stored in browser local storage and only scoped to the hostname, not the hostname + path. This will mean that a client will only ever be able to log into one instance at a time.
You can work round this by using host based proxying, e.g. http://client1.mywebsite.com
A fix for this is on the backlog for Node-RED, probably (no promises) to be looked at after version 1.2.0 ships
Is JIRA supported in GCE? If so, how to make it work?
We have installed 64-bit .bin of JIRA(6.4.1), and opened necessary custom http ports under Networks.
Started JIRA as service, but unable to see it work via browser. No error message than, timed out error!
Any help would be highly appreciated.
Note: We are new to Google Cloud Platform.
Did you enable the http and https services on your instance ? By default the GCE instance does not allow Http and Https traffic, you have to do it manually.
The Jira configuration for Google Compute Engine can be tricky. You need to make sure that:
The firewall rules under Netowrking allows a connection to Jira HTTP port or the HTTP enables in VM properties
The global Networking rules allow TCP traffic on this port
The virtual network have routes configured
If you use Apache as proxy for Jira (recommended) then make sure Apache is configured to point to the Tomcat port
Your Tomcat is configured
You have enabled port allocation using setcap utility
Your local machine firewall enables the connection (in Red Hat ipconfig is enabled by default and blocks the connections)
As you can see it may be tricky to install Jira on Google Cloud. It may be a good idea to use a deployment service like Deploy4Me to do this quickly and automatically.
Can someone explain why using a port is necessary when running things locally?
I assume the reason is because the same software could be run remotely and in that case specifying a port would be necessary.
When a database or server is running locally, do requests from a locally running web browser really "go through the port" specified?
Good question. In fact, there are local-only communication protocols, such as pipes and UNIX domain sockets that do not actually require port numbers to operate. This is because they refer to files or other identifiers that are only valid on the computer itself.
However, most servers are designed for TCP/IP connections. TCP/IP itself specifies a port number in the protocol. It is normally intended for remote use, but when a server that is used to TCP/IP runs "on local host", it must supply a port number to satisfy the TCP protocol.
Port numbers also enable multiple servers to coexist on a single computer, all running on different ports. For a protocol without port numbers, this is achieved by using different identifiers (e.g. a filesystem file) for each server.
Some servers can operate on both TCP/IP and local sockets. For example, MySQL can accept connections both through the usual TCP port, and also through a local socket (mysql.sock). Connecting through the local socket is reserved for local users only, and may be faster on some systems.
Sometimes You may have some other software installed in your computer that may use the same port. For instance Apache and IIS: imagine you set port 8080 to IIS as default, what about if you had previously installed Apache set port 8080 ?
Another example will be if you installed Mysql Workbench and days later install XAMPP you may have trouble with the ports if you don't change one instance's port different from 3306
This is why it is necessary to specify ports even though is locally.
I'm using delphi xe4 with indy10 component. My software use Tidtcpclient and tidtcpserver and works perfectly on my local network and out of my network but with port forwarding or without firewall and this is my problem because i want to run my application without portfroward my router or firewall. I think that the best way to solve this problem when i need my software out of my network is to build a http tunnel that work with port 80 that isn't blocked and reconvert the original port tcp.
i tried to search on google and i found some component of indy that can do what i need(for example idproxyserver,idconnectthroughproxy...), but i have no idea how i can do.
I need to know how setup both side client and server. Thanks in advance.