# Mosquitto + Websockets + Jail



## jaredwolff (Feb 21, 2020)

Hey all,

Has anyone had luck getting web sockets running with Mosquitto in a Jail?

Here's the output including the stuff from Libwebsockets.


```
# mosquitto -v -c mosquitto.conf
1582259093: mosquitto version 1.6.7 starting
1582259093: Config loaded from mosquitto.conf.
1582259093: Opening websockets listen socket on port 8080.
1582259093: Initial logging level 127
1582259093: Libwebsockets version: 2.4.2 unknown-build-hash
1582259093: IPV6 compiled in and enabled
1582259093: libev support not compiled in
1582259093: libuv support not compiled in
1582259093:  LWS_DEF_HEADER_LEN    : 4096
1582259093:  LWS_MAX_PROTOCOLS     : 5
1582259093:  LWS_MAX_SMP           : 1
1582259093:  sizeof (*info)        : 448
1582259093:  SYSTEM_RANDOM_FILEPATH: '/dev/urandom'
1582259093:  HTTP2 support         : available
1582259093: _realloc: size 752: context
1582259093:  default timeout (secs): 20
1582259093: _realloc: size 4096: pt_serv_buf
1582259093:  Threads: 1 each 13635 fds
1582259093:  mem: context:          4848 bytes (752 ctx + (1 thr x 4096))
1582259093:  mem: http hdr rsvd:   28224 bytes (1 thr x (4096 + 2960) x 4))
1582259093: _realloc: size 109080: fds table
1582259093:  mem: pollfd map:      109080
1582259093: _realloc: size 109080: lws_lookup
1582259093:  mem: platform fd map: 109080 bytes
1582259093:  Compiled with OpenSSL support
1582259093: Doing SSL library init
1582259093: _realloc: size 552: create vhost
1582259093: _realloc: size 224: vhost-specific plugin table
1582259093: _realloc: size 24: same vh list
1582259093: Creating Vhost 'default' port 8080, 3 protocols, IPv6 on
1582259093:  Using non-SSL mode
1582259093:  SSL options 0x2520004
1582259093: created client ssl context for default
1582259093: ERROR opening socket
1582259093: init server failed
1582259093: Failed to create default vhost
1582259093: Error: Unable to create websockets listener on port 8080.
```

It's not actually mosquitto but Libwebsockets causing the problems.

I even ran `sysctl security.jail.allow_raw_sockets=1` and set allow.raw_sockets = 1; in my jail.conf. I was able to ping the outside world. Unfortunately I got the same results when running the configuration.

I'm assuming it needs something else to bind to that socket that i'm missing. (or it's not doable all together)

Any help is appreciated.


----------



## Emrion (Feb 21, 2020)

Nothing already listening on TCP 8080, I suppose?

If you are in a shared ip setting, you should try a vnet network configuration for this jail.


----------



## jaredwolff (Feb 21, 2020)

Thanks Emrion, that's a great suggestion.

With some fresh eyes this morning, I recompiled libwebsockets without IPv6 support and added the `UNIX_SOCK` option and it's working!

As to what you're alluding to, it's probably related to the shared loopback all my jails have.


----------



## Emrion (Feb 21, 2020)

Glad you found a solution.



> As to what you're alluding to, it's probably related to the shared loopback all my jails have


Not really. It's a virtual network stack for jails. Not so long ago you had to recompile the kernel with VIMAGE option but it isn't the case since FreeBSD 12.

You bridge the jail virtual network with one of your real interface in order to access to the external network.


----------



## unitrunker (Feb 22, 2020)

If IPC works for you - then you did not need a bridged interface. For this kind of problem, the output from 'netstat -l4 -l6' would identify what process owned the conflicting TCP port.


----------

