Hello,
I’m using emqx 5.0.26 in docker, I’m trying to set the dashboard in https.
I tried the following syntax in emqx.conf:
dashboard {
listener {
bind = "0.0.0.0:18083"
max_connections = 512
ssl_options {
cacertfile = "etc/certs/cacert.pem"
certfile = "etc/certs/cert.pem"
keyfile = "etc/certs/key.pem"
}
}
}
as found in Dashboard | EMQX 5.0 Documentation
but it gave an error: failed_to_check_schema: emqx_conf_schema | validation_error,path => “dashboard”,reason => unknown_fields,unknown => “listener”
I tried the following syntax:
dashboard {
listeners.https {
bind = 18083
certfile = "/emqx/etc/certs/cert.pem"
keyfile = "/emqx/etc/certs/key.pem"
verify = verify_none
}
default_username = "admin"
default_password = "public"
}
as found in this other forum post: Connect a My Local Server with HTTPS - #3 by flupercio
but when running the container, dashboard is not running:
netstat -tuln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.11:33157 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:4370 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8083 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8883 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8084 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5369 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN
udp 0 0 127.0.0.11:48063 0.0.0.0:*
( → no 18083. all other listeners are ok, even the ones using ssl)
If I do:
dashboard {
listeners.http {
bind = 18083
}
}
then it works:
netstat -tuln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:8083 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8883 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8084 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:5369 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.11:35421 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:18083 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:4370 0.0.0.0:* LISTEN
(18083 running)
With https docker logs shows no error though:
2023-11-29T13:48:22.655833928Z Listener ssl:default on 0.0.0.0:8883 started.
2023-11-29T13:48:22.656340648Z Listener tcp:default on 0.0.0.0:1883 started.
2023-11-29T13:48:22.656778254Z Listener ws:default on 0.0.0.0:8083 started.
2023-11-29T13:48:22.658736749Z Listener wss:default on 0.0.0.0:8084 started.
2023-11-29T13:48:22.849494876Z EMQX 5.0.26 is running now!
(but also doesn’t show “Listener http:dashboard on :18083 started.”, which does appear if I use the http listener)
What I tried so far:
- replace the certificates with self-signed certificates, or CA production certificates : same behavior
- add a typo in the certificate path: I get an error: “msg: cert_file_not_found, mfa: emqx_tls_lib:resolve_cert_path_for_read_strict/1, line: 584, path: [path with the typo]” → so this proves the dashboard https section is used, and the system reads the certificates
- tried to add cacertfile, certfile, keyfile or just 2 of them, tried to include “verify” statement or remove it, tried different port numbers → no change
- I have checked that the cert file rights are ok (log into the docker container, and open the cert file with the “emqx” user → ok)
- I have tried to put both http on 18083 and https in 18085 at the same time → only 18083 is running
Any advice about this issue?
Thank you very much