Could not start Websocket Listener with TLS on port 443
Problem
A HiveMQ cannot start a listener right on port 443 because (by default) the hivemq-operator
deploys HiveMQ with a regular non-root user and ports <1024 cannot be bound by processes not running as root
.
Solution
Set
expose: false
in thevalues.yaml
:ports: - name: "wss" port: 8765 expose: false
Update the service with an inward-facing
targetPort: 8765
and an outward-facingport: 443
like follows:kind: Service apiVersion: v1 metadata: name: hivemq-wss-service namespace: myhivemqnamespace labels: app: hivemq hivemq-cluster: myhivemqcluster spec: selector: hivemq-cluster: myhivemqcluster ports: - name: wss port: 443 protocol: TCP targetPort: 8765 type: LoadBalancer externalTrafficPolicy: Local
This will allow HiveMQ to start the listener on port 8765 and get it exposed to your MQTT WebSocket clients on port 443 on the outside.