0

I have created a Mqtt Mosquitto broker on an ec2 instance and AWS ACM & NLB (Network Load Balancer) is used to manage SSL and the traffic.

The mqtt functionalities are working as expected from mqtt clients.

But the below error log gets thrown always repeatedly.

Client connection from [nlb-ip-address] failed: error:0A000126:SSL routines::unexpected eof while reading.

I would like to know how to configure the NLB to prevent this error or if I am missing something in the mosquitto.conf for this error to occur. Tried several things but still error is been thrown.

Looking forward for an answer. Thank You

mosquitto.conf

listener 8883

per_listener_settings false

cafile /etc/mosquitto/certs/ca.crt

certfile /etc/mosquitto/certs/server.crt

keyfile /etc/mosquitto/certs/server.key

NLB Port Mapping

443 -> 8883

Dhaneja
  • 27
  • 8
  • You are probably going to need to show us the mosquitto.conf and explain what ports are mapped to which listeners on the NLB before we can help – hardillb Jul 27 '23 at 12:40
  • @hardillb , I added the mosquitto.conf and NLB port mappings to the question. Thank You. – Dhaneja Jul 27 '23 at 13:11

1 Answers1

0

If the NLB is doing the SSL/TLS termination then you need to remove the SSL/TLS configuration from the mosquitto.conf since the traffic from the NLB to the mosquitto instance will not be encrypted (the NLB will have stripped it off)

hardillb
  • 54,545
  • 11
  • 67
  • 105
  • Can you please mention which option should I use in the `mosquitto.conf` to "remove the TLS configuration"? – Dhaneja Jul 27 '23 at 13:54
  • remove the cafile, cacert, keyfile lines – hardillb Jul 27 '23 at 14:02
  • Thank You for the answer, I tried removing the said options. Now it returns this error continuously `New connection from [nlb-ip-address] on port 8883` then `Client closed its connection.`, Is there a change to be done from the AWS NLB end? – Dhaneja Jul 28 '23 at 00:21