Can't configure EMQX dashboard in https

Hello,

I’m using emqx 5.0.26 in docker, I’m trying to set the dashboard in https.

I tried the following syntax in emqx.conf:

dashboard {
  listener {
    bind  =  "0.0.0.0:18083"
    max_connections  =  512
    ssl_options {
      cacertfile = "etc/certs/cacert.pem"
      certfile = "etc/certs/cert.pem"
      keyfile = "etc/certs/key.pem"
    }
  }
}

as found in Dashboard | EMQX 5.0 Documentation

but it gave an error: failed_to_check_schema: emqx_conf_schema | validation_error,path => “dashboard”,reason => unknown_fields,unknown => “listener”

I tried the following syntax:

dashboard {
    listeners.https {
        bind = 18083
        certfile = "/emqx/etc/certs/cert.pem"
        keyfile = "/emqx/etc/certs/key.pem"
        verify  =  verify_none
    }
    default_username = "admin"
    default_password = "public"
}

as found in this other forum post: Connect a My Local Server with HTTPS - #3 by flupercio

but when running the container, dashboard is not running:

netstat -tuln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.11:33157        0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:4370            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8083            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8883            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8084            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:5369            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:1883            0.0.0.0:*               LISTEN
udp        0      0 127.0.0.11:48063        0.0.0.0:*

( → no 18083. all other listeners are ok, even the ones using ssl)

If I do:

dashboard {
    listeners.http {
        bind = 18083
    }
}

then it works:

netstat -tuln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:8083            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8883            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:8084            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:5369            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:1883            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.11:35421        0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:18083           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:4370            0.0.0.0:*               LISTEN

(18083 running)

With https docker logs shows no error though:

2023-11-29T13:48:22.655833928Z Listener ssl:default on 0.0.0.0:8883 started.
2023-11-29T13:48:22.656340648Z Listener tcp:default on 0.0.0.0:1883 started.
2023-11-29T13:48:22.656778254Z Listener ws:default on 0.0.0.0:8083 started.
2023-11-29T13:48:22.658736749Z Listener wss:default on 0.0.0.0:8084 started.
2023-11-29T13:48:22.849494876Z EMQX 5.0.26 is running now!

(but also doesn’t show “Listener http:dashboard on :18083 started.”, which does appear if I use the http listener)

What I tried so far:

  • replace the certificates with self-signed certificates, or CA production certificates : same behavior
  • add a typo in the certificate path: I get an error: “msg: cert_file_not_found, mfa: emqx_tls_lib:resolve_cert_path_for_read_strict/1, line: 584, path: [path with the typo]” → so this proves the dashboard https section is used, and the system reads the certificates
  • tried to add cacertfile, certfile, keyfile or just 2 of them, tried to include “verify” statement or remove it, tried different port numbers → no change
  • I have checked that the cert file rights are ok (log into the docker container, and open the cert file with the “emqx” user → ok)
  • I have tried to put both http on 18083 and https in 18085 at the same time → only 18083 is running

Any advice about this issue?

Thank you very much