Updating to 0.17.1 dynamic-security.json


03/06/2023, 3:22 PM
Same as in previous thread by Roran60, I am getting the following from NM when updating to 0.17.1
Fatal: failed to configure MQ:  open /etc/netmaker/dynamic-security.json: no such file or directory
I am running main node dockerized, any debug steps needed?


03/06/2023, 3:23 PM
please show me your netmaker.yml
and netclient -v
I was wondering if there is something wrong with netclient because I once installed the old netclient and it also did not work with the new netmaker
Because with support we are trying different things in config unsuccessfully .


03/06/2023, 3:30 PM
I'll try doing a clean install in a second and get all the logs
Ok, issue resolved. Due to permission de-elevation of docker in my environment, netmaker image couldn't mount on mq volume to provide the cert/security files. This shouldn't happen on standard installs.
Unrelated, but maybe useful to someone in the future: I am installing with external Caddy instance and MQ in different container from Compose. To achieve proper MQ routing, you can reverse-proxy your MQ with elevation to WSS/HTTPS using something like this:
broker.DOMAIN {
    ## ws -> wss elevation rules
    @ws {
        header Connection *Upgrade*
        header Upgrade websocket
    # if applicable:
    reverse_proxy LOCAL_IP
    # necessary for websockets to elevate
    reverse_proxy @ws http://LOCAL_IP:MQ_PORT
    # Your custom certs are optional here
    tls /certs/h1/certificate.crt /certs/h1/private.key
In this scenario, Netmaker Server can access MQ over @ws at (or valid local IP), and external clients should be able to reach wss://broker.DOMAIN even if they accidentally tried to reach ws://broker.DOMAIN instead


04/12/2023, 3:31 PM
restart mosquitto