Could not start Websocket Listener with TLS on port 443

Problem

A HiveMQ cannot start a listener right on port 443 because (by default) the hivemq-operator deploys HiveMQ with a regular non-root user and ports <1024 cannot be bound by processes not running as root.

Solution

Set expose: false in the values.yaml:
ports: - name: "wss" port: 8765 expose: false
Update the service with an inward-facing targetPort: 8765 and an outward-facing port: 443 like follows:
kind: Service apiVersion: v1 metadata: name: hivemq-wss-service namespace: myhivemqnamespace labels: app: hivemq hivemq-cluster: myhivemqcluster spec: selector: hivemq-cluster: myhivemqcluster ports: - name: wss port: 443 protocol: TCP targetPort: 8765 type: LoadBalancer externalTrafficPolicy: Local

This will allow HiveMQ to start the listener on port 8765 and get it exposed to your MQTT WebSocket clients on port 443 on the outside.

Page:

Cannot create new topic in Confluent Cloud Kafka cluster
Page:

Overriding HiveMQ's Config.xml with HiveMQ Platform Operator
Page:

CVE-2023-39410
Page:

MS SQL connection fails for the ESE
Page:

HiveMQ service fails to start on Ubuntu server boot

Problem

Solution

Related articles