Mosquitto on Docker inaccessible from local network (even with "allow_anonymous true")

I cannot connect to my mosquitto container from the local network. I’m able to sub or pub to my MQTT broker from within the docker container but cannot connect from other machines on the local network. I have adjusted the security settings for mosquito 2.x. My mosquito.config file looks like this:

listener 1883
allow_anonymous true

My docker _compose file looks like this (the html formatting is stripping the indents):

version: ‘3.8’

services:
mqtt:
image: eclipse-mosquitto
container_name: mosquitto-container
restart: always
ports:
- “1883:1883”
- “9001:9001”
- “8883:8883”
volumes:
- /volume1/Docker/IOT/Mosquitto/config:/mosquitto/config
- /volume1/Docker/IOT/Mosquitto/data:/mosquitto/data
- /volume1/Docker/IOT/Mosquitto/log:/mosquitto/log

Should I add the IP address of the server (192.168.2.102) to the “listener” line in the conf file? I have not seen this in any examples. The examples all just show the port number (1883).

When I sudo docker exec -it mosquitto-container /bin/ash to open a shell in the container, I can successfully issue mosquitto_sub and mosquitto_pub commands. If I modify the config file and create a passwords file, I can successfully issue authenticated pub and sub commands with the appropriate -u and -P options but only from within the docker instance. If I try from other devices (an IOT device or a different machine running MQTT Explorer), they just do not connect.

Other docker containers (Home Assistant and Rcon) work fine on the local network. When testing with MQTT Explorer, there is a long delay before a timeout when I try to connect to the correct port (1883) but an instant fail when try to connect to wrong port (1890). I assume this means something is trying to happen as the connections is not immediately refused.

I’m a bit over my head and I really do not know how to trouble shoot from here. Any help very much appreciated.

My Docker session is running on an Asustor AS5304T NAS (Busybox) and I am administering via Portainer with SSH access for pub/sub commands and config file editing.

Hi,

All of what you’ve said looks fine, can I just check that your config file is mosquitto.conf and is in /volume1/Docker/IOT/Mosquitto/config ?

Cheers,

Roger

Roger,
thank you for taking time to consider my conundrum. I’m glad to see I hadn’t made any glaring errors.
I rebooted the actual server for a minor server software update and to my surprise, when I checked the mqtt logs, the data was coming through! :grinning:

I can only assume it was the reboot as I didn’t check the logs prior to the update and I doubt it was the server software. I had turned off the log file in the interest of simplicity for troubleshooting so I can’t see when things got back on the rails. It is nice the problem is solved but I would much rather know what the problem was and that it is fixed. -Oh well.

Thanks again. Nice to know there are people like you willing to help people like me as they are beginning their journey.

Great! I’m glad it got sorted out even if we don’t quite know why.

I may have a similar issue. I’m running mosquitto in Docker (new to Docker, coming from Home Assistant) but chose to migrate as I have a few Home Assistant instances so running the MQTT broker away from Home Assistant means I don’t have to change MQTT broker addresses.

Anyway looking at portainer the container seems to be running

but the log file doesn’t show any startup, listening events etc. other than that 'port’s will be replaced with ‘listener’. I see this is a warning of a future change.

1654644103: The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead.
1654644156: The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead.
1654644420: The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead.
1654644713: The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead.
1654645649: The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead.
1654650172: The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead.
1654651376: The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead.

mosquitto.conf is in the folder specified below. What is strange is the owner of the file

[root@mqtt-broker portainer]# ls /home/themeierresidence/mosquitto/config -al
total 4
drwxr-xr-x. 2 themeierresidence themeierresidence   28 Jun  8 11:19 .
drwxr-xr-x. 5 themeierresidence themeierresidence   43 Jun  8 09:28 ..
-rwxrwxrwx. 1              1883              1883 3735 Jun  8 09:46 mosquitto.conf

and that’s why I temporarily changed the access to 777

docker-compose.yaml looks like this

  mosquitto:
    image: eclipse-mosquitto
    container_name: mosquitto
    ports:
      - "1883:1883"
      - "9001:9001"
    volumes:
      - /home/themeierresidence/mosquitto/config/mosquitto.conf:/mosquitto/config/mosquitto.conf
      - /home/themeierresidence/mosquitto/data:/mosquitto/data
      - /home/themeierresidence/mosquitto/log:/mosquitto/log
~

Any idea what could be going on here?

In case anyone is experiencing the same issue I was able to solve this by adding the following line to mosquitto.conf

listener 1883

I thought the log message 1654644156: The 'port' option is now deprecated and will be removed in a future version. Please use 'listener' instead. was a bit confusing but anyway this solved it…